ToI investigates

Behind Bennett’s Payoneer payday, a firm that profited off smut and alleged cons

Leaked US Treasury documents reveal that the soon-to-go-public company, where the new prime minister was an early investor, did business with bottom feeders of the internet

Simona Weinglass

Simona Weinglass is an investigative reporter at The Times of Israel.

Israeli Prime Minister Naftali Bennett leads a cabinet meeting at the Prime Minister's Office in Jerusalem on June 20, 2021.  (Alex Kolomoisky/POOL)
Israeli Prime Minister Naftali Bennett leads a cabinet meeting at the Prime Minister's Office in Jerusalem on June 20, 2021. (Alex Kolomoisky/POOL)

For Naftali Bennett, 2021 isn’t only the year he realized his dream of becoming prime minister of Israel. It will also see him profit handsomely from a financial services firm he invested in over a decade ago that has, among other things, helped companies operating in the seedy underbelly of the internet make money.

The company, Payoneer, is set to go public on the NASDAQ at the end of the month via a merger with a special purpose acquisition company (SPAC) at a valuation of $3.3 billion.

According to Forbes Israel [Hebrew link], Bennett is set to make some $5 million from the move, having invested several hundred thousand shekels in Payoneer some 13 years ago. Bennett’s spokesman confirmed to The Times of Israel that he invested in the company, but declined to specify how much Bennett stands to earn from the acquisition, stating that the amount is “a few million dollars.”

Payoneer was founded in 2005 in Israel by Yuval Tal and Yaniv Chechik. Today, it is characterized as one of the largest online money transfer platforms in the world, allowing online businesses and gig economy freelancers in different countries to seamlessly transact with each other and with clients. It counts Amazon, Airbnb and Fiverr among its partners and transfers payments between buyers and sellers on these platforms.

But a recent leak of US Treasury Department documents reveals that alongside its regular customers, Payoneer has also provided services to murky offshore companies allegedly involved in pornography, scam dating websites, a forex company investigated by French law enforcement and companies involved in the fraudulent binary options industry.

A spokesman for Payoneer acknowledged to The Times of Israel that it had processed payments for such companies but said emphatically that it no longer does so.

“In 2016, Payoneer made a business decision to stop processing payments for high-risk businesses,” the spokesman said.

“We no longer process payments for any of these companies and haven’t for years. Payoneer’s compliance program meets the highest industry standards, including as it relates to the filing of confidential Suspicious Activity Reports (SARs), and is audited regularly by leading global auditors and financial regulators in multiple jurisdictions. Payoneer has never been found to have violated any of its AML obligations by FinCEN or any regulator or authority anywhere in the world.  Today, Payoneer is trusted by many of the world’s leading digital brands including Amazon, Airbnb, Google and Upwork, as well as millions of SMBs worldwide.”

A slide from a May 2021 investor presentation (Etoro)

The FinCEN files leak

On September 20, 2020, BuzzFeed News, together with the International Consortium of Investigative Journalists (ICIJ) and over 100 news organizations around the world, published a series of investigative reports based on a trove of over 2,500 leaked documents from the US Treasury’s Financial Crimes Enforcement Network, or FinCEN.

Most of the documents are “suspicious activity reports,” commonly called SARs, that 90 banks and other financial institutions had submitted to FinCEN between the years 2011 and 2017. FinCEN’s mandate is to combat money laundering.

US banks and other financial institutions are required by law to submit SARs when they suspect that a transaction or series of transactions is implicated in money laundering. The 2,500 leaked documents are a small fraction of the 12 million SARs submitted to FinCEN between 2011 and 2017. But they offer a rare glimpse into the murkier side of the global financial system.

The leaked documents, which ICIJ has shared with The Times of Israel, reveal that numerous Payoneer customers and business partners, as well as Payoneer itself, were flagged by banks submitting SARs to FinCEN between 2011 and 2016. As a registered US Money Service Business, Payoneer is obligated to have a robust anti-money laundering program and even submit its own SARs.

“The bottom line is that money services businesses have a responsibility to try to prevent their own participation in money laundering,” Kieran Beer, chief analyst for the Association of Certified Anti-Money Laundering Specialists (ACAMS), a global anti-financial crime membership organization, told The Times of Israel.

“There is a global standard that they’re supposed to meet. It involves having an empowered and qualified anti-money laundering officer. It involves ways for that officer to be heard. It involves training.” he said.

Bennett’s level of involvement in Payoneer’s operations is unknown. While he reportedly [Hebrew link] introduced Payoneer CEO for Israel, Keren Levy, to Payoneer founder Yuval Tal, it is unclear how much involvement a shareholder at his level would have had in the company beyond that. A Payoneer spokesperson declined to address this question on the record. Bennett’s spokesperson did not respond to The Times of Israel’s questions about his level of involvement in the company’s operations.

A high-tech entrepreneur before entering politics, Bennett has made millions when companies he owned or had shares in were bought out by larger firms, known in Israel as an “exit.”

In 1999, he co-founded the information security company Cyota, which was sold to RSA Security in 2005 for $145 million. He is also the former CEO of Soluto, which was sold to Asurion in 2013 for $100 million. Bennett reportedly earned several million dollars from each exit.

News of the Payoneer SPAC became public in February. In March, reports began to surface of Bennett making millions from an unspecified tech exit. Asked by The Times of Israel, he refused to name the firm, and the link between Bennett and Payoneer stayed under wraps until Forbes Israel reported on it in early June.

Bennett did not respond to The Times of Israel’s request for comment, beyond acknowledging that he is an investor in Payoneer.

The fact that a SAR was submitted does not necessarily mean that any illicit activity took place, merely that a pattern of financial transactions raised the suspicions of a bank’s compliance officer. Most SARs do not lead to criminal prosecutions due in part to the sheer volume of them as well as law enforcement being underfunded, Beer said.

Nevertheless, the leaked documents show that Payoneer sent and received payments for a long list of businesses that operate on the seamier side of the internet.

Payoneer acknowledged to The Times of Israel that in the past it processed payments for the companies listed below but said that it terminated its contracts with all of them several years ago.

From the bedroom to the bank

On August 12, 2016, the New York Branch of Barclays Bank PLC filed an SAR about Alcuda Limited, a Cyprus company that operated the websites Shagaholic.com, Saucysingles.com, freesexmatch.com, getanaffair.com and hornyasia.com, among others.

The website getanaffair.com as it appeared in March 2016 (Screenshot)

Alcuda was not a direct client of Barclays, but Barclays held a bank account for Earthport PLC, a payment services provider, while Earthport in turn held an account for Payoneer Inc, which was used by Alcuda Limited to move money around, according to Barclays.

“A Payoneer customer, Alcuda Limited was flagged for review as part of Barclays NY’s surveillance program,” the SAR read.

According to the SAR, Alcuda sent 29 wire transfers totaling $678,810 from Alcuda’s Swiss and Cypriot bank accounts to its Payoneer account.

Barclays Bank submitted the SAR, it said, because of rumors that the company’s websites were scams and because its domain hosting service had reportedly hosted child pornography.

Alcuda Limited has been accused on multiple consumer complaint websites of allegedly charging credit cards without permission.

According to a 2020 investigative report by the website Snopes.com, Alcuda Limited websites were part of a network of about 200 niche dating websites, many of them nearly identical in appearance, that allowed users to sign up for free but then required a subscription that was nearly impossible to cancel. Snopes.com reporters signed up for a free account on one of the websites in the network and were promptly contacted by a user named “anatasia_mikov,” whom they learned was using a stolen photo of a professional model.

“When ‘anatasia_mikov’ messaged us (in Finnish, because Snopes was testing the site’s appearance in other countries at the time), she asked if we would like to chat with her. To take ‘anatasia’ up on that offer, however, a credit card number was required,” Snopes.com reported.

At the time of the SAR, Alcuda Limited was owned by Ukrainian businessman Maxim Polyakov.

While pornography is generally not illegal, several leaked SARs suggest that Payoneer transacted with a company that, in at least one instance, allegedly employed women who had been trafficked.

A 2014 SAR filed by the New York branch of Societe Generale reported $7,196,694 of suspicious activities involving three companies: Alcuda Ltd.; Payoneer Payment Solutions Ltd., a Belize-based subsidiary of Payoneer Inc.; and a company registered in Andorra called I.M.L. SLU, between November 9, 2011, and February 25, 2014.

According to the SAR, on April 10, 2012, and June 6, 2012, I.M.L. SLU, a client of Payoneer, received two wires for $77,712.88 and $57,825.45, respectively, from Alcuda Limited.

A slide from a May 2021 Payoneer investor presentation (Screenshot)

I.M.L. SLU was a company that hosted various online adult video streaming sites, including imlive.com. It is a sister company of the Israeli company CoolVision, owned by Muly Litvak, one of Israel’s richest and best-known pornography purveyors.

In 2006, The Manila Times reported that Filipino women and girls providing live sex performances on imlive had allegedly been trafficked by a third party and were allegedly being held as cybersex slaves in apartments throughout the city.

A Filipino official told the newspaper that “the company now allegedly maintains at least 40 women and girls in multiple apartments and condominium units in Metro Manila, mostly in Quezon City.”

In 2014, the Israeli television show “Uvda” interviewed some of the women performing for imlive in the Philippines. Interviewees said they worked 12 hours a day, were unable to leave their workplaces and go outside except for a day a month, and received very little to eat.

The same year, Payoneer Payment Solutions transacted with yet another offshore company: Sellinge Management S.A., registered in the British Virgin Islands. According to a SAR, Sellinge Management owned the website Anastasiadate.com, which, according to a 2014 exposé in The Guardian, was a dating platform that brought together Ukrainian women and Western men.

While some men have reportedly found love through Anastasiadate.com, it came at great expense. The men had to pay for every minute spent video-chatting with a love interest and for every chat message sent.

“Ukraine’s Internet romance industry is booming,” The Guardian reported about Anastasiadate.com. “But after chatting online, travelling to Odessa and wooing women on flashy dates, most men fly home alone and far poorer. Are they unlucky in love, or have they been scammed?”

A screenshot of the Anastasiadate website as it appeared in March 2012

The Guardian concluded that while some of the women on the website were there in good faith, many others were perpetrating a sophisticated scam to bilk the men out of money. Even if the site itself was not part of the scams, it did benefit from them.

“Anastasia International, while not directly colluding in the scams, runs a highly profitable business model that allows them to flourish.”

Neither Polyakov, Coolvision or Anastasia International responded to The Times of Israel’s requests for comment.

Forex and binary options

According to documents from the FinCEN Files leak, Payoneer also transacted with Israel-based companies involved in the forex and binary options industries, which allegedly scammed customers out of millions by selling them fake investment bets.

In April 2014, according to an SAR, Payoneer sent a payment to Reliantco Investments, a Cyprus-registered company behind the website UFX.com, the sister website of the binary options website ubinary.com.

An investor warning against Reliantco charging that it offered binary options to residents of Nova Scotia (Screenshot)

Barclays NY filed a January 2016 SAR on ReliantCo and affiliated companies. It explained that it filed the SAR because of the companies’ bad reputations: “One, they are located and banking in high risk jurisdictions for money laundering; two, they have collectively received financial services warnings from at least twenty (20) different countries for operating as unauthorized, unregulated foreign exchange trading companies; and, three, they were the subjects of numerous unverified complaints in the public domain alleging their business model is a scam,” according to the SAR filed by Barclays.

The binary options industry flourished in Israel for a decade before it was outlawed via Knesset legislation in October 2017, largely as a result of investigative reporting by The Times of Israel that began with a March 2016 article entitled “The wolves of Tel Aviv.” At its height, hundreds of companies in Israel employed thousands of Israelis who allegedly fleeced billions out of victims worldwide. The fraudulent firms would dupe victims into believing that they were successfully investing and earning money, encouraging them to deposit more and more into their accounts, until the company eventually cut off contact with the investor and disappeared with all or almost all of their money.” Many of the Israeli firms have since relocated overseas and continued the scam.

Forex, or foreign exchange companies, offer investors a way to make money off of fluctuations in the international currency market, though many are also allegedly fraudulent. The industry remains legal in Israel while many of its allegedly fraudulent actors go unprosecuted.

In 2014, Payoneer received at least two wire transfers from the forex company Aston Invest Ltd, according to a SAR submitted by Barclays Bank.

Aston Invest operated from a Ramat Gan call center called Union Inter Ltd., according to Israeli court filings. The call center was owned by a recent French immigrant to Israel named Samuel Shamal, whose brother, Jimmy Shamal, also worked there. Both men, according to reports in the French media, were previously suspects in the 1.6 billion euro carbon VAT fraud, known as the “crime of the century” in France.

A screehshot of Astonforex.com as it appeared in 2014. The website was owned by Aston Invest, which transacted with Payoneer

In 2016, Aston Invest was investigated by a French judge for forex fraud, with a prosecutor in the case visiting Israel. Jimmy Shamal was eventually tried and imprisoned in France, according to French media reports, though they did not specify which crime he was imprisoned for.

A Payoneer spokesman told The Times of Israel that the company did not do the processing of payments for forex or binary options, and the only connection back then was in providing services to networks affiliated with these services.

He said that while Payoneer did process payments for forex and binary options affiliate marketers, this was a small part of the company’s overall business.

“Even in 2016 at the point when we decided to stop processing payments for high-risk verticals, it was a small part of our business,” the spokesperson said.

‘Unknown’ customers and beneficiaries

Other SARs included in the FinCEN trove reveal that Payoneer transferred payments to a money service provider whose end beneficiaries were unknown to the bank filing the report.

In 2016, The Bank of New York Mellon submitted a SAR stating that from February 11, 2016, to May 17, 2016, it had seen 768 suspicious wires, totaling $14,218,008.19 for the benefit of Moneynetint Ltd. Among the entities transferring money to Moneynetint was Borderless Commerce Limited, a subsidiary of Payoneer Inc. On April 25, 2016 the company sent one wire in the amount of $1,000,000.00 for the ultimate benefit of Moneynetint ltd. Since Moneynetint is itself a payments company, the money was likely intended for one or more of its clients.

One of the reasons The Bank of New York Mellon submitted the SAR, it said, was because it could not determine whom the money sent to Moneynetint was meant for.

“The wires are primarily suspicious because many of them do not disclose the true beneficiary/ordering customer and/or some of Moneynetint’s counterparties are shell-like entities or forex/binary options traders,” the SAR said.

Moneynetint was in fact a major processor of payments for Israel’s fraudulent binary options industry, according to banking documents seen by The Times of Israel.

Additional FinCEN Files documents reveal that Moneynetint transacted with additional companies alleged to be scams.

These included Avilan Marketing LLC, a company that sold male enhancement supplements and counterfeit luxury goods. In 2008, Cartier won close to $1 million in damages from the firm because it had sold counterfeit Cartier watches. A 2018 exposé in Germany’s Capital business magazine accused members of the Ben-Menachem family, who owned the company, of fraudulent advertising on Facebook. Another client of Moneynetint was Clicksure Payments, an affiliate marketing company for the binary options industry.

A June 2005 screenshot from the kingreplica.com website that was run by Avilan Marketing LLC and sold counterfeit watches (Screenshot)

Aviv Ben Menachem of Avilan Marketing did not respond to The Times of Israel’s request for comment.

Moneynetint sent the following response. “Moneynetint always keeps our client’s identity confidential. Like other leading and trustworthy financial institutions, Moneynetint provides services to advanced fintech industries and clients. We are proud of our growing involvement and leadership in the financial arena. As per the ‘former clients’ of ours, our involvement and facts described are incorrect. Moneynetint takes big pride in always keeping our true client’s confidentiality and security.”

Payoneer acknowledged using Moneynetint as part of its infrastructure, in order to make local payments into its customers’ bank accounts, but said it never received payments from the company.

Fintech and bad actors

Sources within the payments industry who spoke to The Times of Israel on condition of anonymity said that fintech companies in general will often transact with other payment providers in such a way that their compliance departments don’t always know who the end customer or beneficiary is.

Sources also told The Times of Israel that scams are so common in the online world of e-commerce that even a well-intentioned fintech company will struggle to terminate its relationship with all of the scam merchants.

Despite the difficulty of rooting out bad actors, the onus is on money service businesses to try to do so, said Beer, the anti-money laundering analyst.

Payoneer’s name shows in 24 of the 2,500 documents of FinCEN Files leak. In some of these documents, the company’s name appears dozens of times.

“Is that damning?” said Beer. “Not necessarily, but it really does raise questions about whether Payoneer has a robust anti-money laundering and counter-terrorism finance program in place. Did Payoneer file SARs with FinCEN on any of these transactions that are mentioned by other financial institutions?”

Payoneer did not indicate whether it had filed SARs about these specific clients, but did say that it files SARs on a regular basis. Its spokesman told The Times of Israel that “Payoneer’s compliance program meets the highest industry standards, including as it relates to the filing of confidential Suspicious Activity Reports (SARs), and is audited regularly by leading global auditors and financial regulators in multiple jurisdictions.”

Fraud as a growth industry

The 2,500 documents that make up the FinCen Files were originally leaked to BuzzFeed News by former FinCEN employee Natalie Mayflower Sours Edwards. On June 3, Edwards was sentenced to six months in federal prison for unlawfully leaking the documents.

In her sentencing memorandum, Edwards said she leaked the files because she suspected corruption within the Treasury Department, specifically that another unit was illegally gathering information on Americans’ financial records and that Treasury Department officials were failing to cooperate with the Congressional investigation into Russian interference in the 2016 presidential elections.

BuzzFeed used the leaked documents to write a series of articles in 2017 and 2018 about president Donald Trump, his associates and their connections to Russian business and political figures.

Natalie Mayflower Sours Edwards, center, leaves court after receiving a six-month prison sentence for leaking confidential financial reports to a journalist at Buzzfeed, June 3, 2021, in New York. (AP Photo/Larry Neumeister)

Israeli individuals and companies appear in at least 450 of the 2,500 leaked documents (which constitute a tiny fraction of the more than 12 million SARs filed between 2011 and 2017). Many of the Israelis named in these documents were suspected of being linked to the porn, gambling, forex or binary options industries as well as to companies involved in affiliate marketing or payment processing for those industries. Others Israeli and Israeli companies named in the leak are connected to Israeli weapons sales, to the diamond industry, and to individuals from the former Soviet Union who reside in Israel or have Israeli citizenship.

Mikhail Reider-Gordon, an anti-money laundering expert with Affiliated Monitors and a professor at the International Anti-Corruption Academy in Austria, said she has come across the constellation of porn, gambling, forex, binary options and other internet scams in her investigations of Wirecard, the collapsed German fintech being investigated by prosecutors in multiple countries for money laundering.

“The porn sector, the binary options sector, the offshore gambling sector, a lot of these tie back into organized crime and state-sponsored actors who need to launder money from all manner of other illicit activities, like human trafficking, narcotics trafficking, arms trafficking and the illegal wildlife trade,”  she said.

According to Reider-Gordon, many of these illicit sectors of the economy, both on- and offline, are intertwined.

“If you need to clean Russian money, evade sanctions against North Korea or Iran, you’re going to run that money through these entities,” she said.

Israel is widely described as a “Startup Nation.” It has the highest number of startups per capita in the world, ranks sixth on Bloomberg’s 2020 list of the world’s most innovative economies, and ranks first in the world in venture capital per capita.

But as The Times of Israel has documented, there is an underbelly to the startup economy. A substantial minority of Israeli startups engage in fraudulent and/or unethical activity.

A screenshot from a 2012 report by the Israeli government-funded TheTime startup incubator in collaboration with The Marker business daily.

In 2012, an Israeli government-funded startup incubator known as TheTime published a report on the consumer internet industry in Israel featuring companies that had revenue of nearly 10 million dollars a year or higher. Among these were Payoneer, as well as porn purveyor CoolVision, several online gambling firms and a plethora of allegedly blatantly fraudulent forex and binary options companies.

These included 4XPlace, whose CEO Yossi Herzog was indicted in 2019 by a US grand jury for alleged fraud, Tradologic, which is being investigated by Austrian law enforcement, and SpotOption, recently accused of massive fraud by the US Securities and Exchange Commission. Not only did Israeli law enforcement never prosecute these entities, a government-funded startup incubator in 2012 touted them as Israeli success stories. Spotoption was secretly given Israeli taxpayer funding to expand its operations abroad.

The 2012 report addressed the fact that many of these high-revenue companies also happened to be shady, calling them “shadow companies.” A subsequent 2014 report optimistically predicted that the industry would eventually clean itself up through a natural evolutionary process.

Payoneer claims that to the extent that it served shady clients, it did clean up its act. But documents from the FinCEN Files suggest that for much of the Israeli internet industry, this did not happen.

Most Popular
read more: