Part IV: MAXPAY
- Maxpay is a payment services provider majority owned by Max Polyakov that focuses on so-called "high-risk merchants."
- High-risk merchants — commonly associated with online businesses in the fields of dating, pornography, and gambling — are more likely in a bank's view to attempt charges that will be contested by cardholders.
- Maxpay, which makes money on both a per-transaction basis and by providing other corporate services, claims to lower the banking fees associated with running businesses in high-risk fields.
- Snopes was able to identify over 100 URLs associated in many cases with online merchants that appear to use Maxpay as their payment services provider.
- Maxpay appears to process transactions for a prodigious number of scams. Over 60% of referral traffic to that website during an 11-month period studied by Snopes comes from online merchants engaged in subscription-traps.
- Over 40% of the online merchants that communicated with Maxpay's domain are associated with the fake merchants described in Part II or the predatory dating websites described in Part III.
"The rules for storing credit card information [are] much stronger than any that the American rocket companies have."— Max Polyakov, Kyiv Post, August 2018
Max Polyakov has used the existence and accreditation of his financial services firm, Maxpay, as evidence of his legitimate business bonafides and to combat a reputation for scammy business practices that goes back to 2009, at the latest. Speaking to the Kyiv Post in 2018 about his turn from internet marketing to co-founder of Firefly Aerospace, he argued that he was well-suited to the information security demands of the aerospace industry due to Maxpay's demonstrated compliance with regulators in the financial sector.
“One of my companies, called Maxpay … does online billing … and we have rights to store credit card information," he explained. "The rules for storing credit card information… are much stronger than any [rules or regulations] that the American rocket companies have,” he told the Kyiv Post some two years before the U.S. government forced Polyakov to part with his American rocket company over national security concerns.
Holding up Maxpay as an example of clean business practices is a particularly gutsy — if not cynical — play. Using referral data and other forensic tools, Snopes identified over 100 URLs associated with digital merchants that communicated with the maxpay.com website from December 2020 to November 2021. The majority of the merchants we identified appear to be scam operations aimed at collecting recurring charges from people duped into giving up their credit card information.
Like ClickDealer, the Polyakov-owned marketing agency discussed earlier, Maxpay also has its origins in Polyakov's online dating empire. By effect if not intent, ClickDealer serves to reduce the legal exposure that would be associated with marketing predatory products by paying independent third parties to do it. Maxpay, on the other side of the equation, reduces the costs and potential legal exposure associated with running businesses whose central business model is charging people for recurring subscriptions that they didn't know they signed up for.
Public assertions by Polyakov and his PR representatives notwithstanding, this is an accurate, perhaps even generous way to describe the business model of Polyakov's online dating empire. As just one example, publicly filed complaints against the Polyakov dating website Be Naughty have been called out for the same predatory business practices year after year.
Be Naughty has never changed its central hustle: the use of fake profiles to entice users to give up a credit card number for a free trial that will, unbeknownst to most, convert to a hard-to-cancel recurring monthly charge.
Such a business model is plagued both financially and legally by something known in the credit card industry as a "chargeback." In broad terms, a chargeback occurs when a customer contests the validity of a transaction. As shown above, the charges stemming from Be Naughty and other sites like it are frequently contested.
In such cases, the credit card company is obligated to pay — at least temporarily — the cost of that transaction before settling with the business that attempted the charge. Because of this risk, the banks used by businesses to accept payment from credit card companies, known as acquiring banks, often level higher fees on industries more frequently associated with chargebacks. Clients from these industries are known as "high-risk merchants."
Maxpay specifically caters to high-risk merchants, which most commonly include industries engaged in gambling, online dating, pornography, and other subscription-based merchants. In addition to lowering the fees acquiring banks level against high-risk merchants, Maxpay's central service is reducing the number of, and risk posed by, chargebacks.
In addition to their financial burden, high levels of chargebacks carry a legal risk. They are used by credit card companies and financial investigators as an indicator of potentially fraudulent activity. Credit card companies monitor a business' "chargeback ratio" — i.e., a ratio of contested to uncontested transactions — constantly. High chargeback ratios result in a business losing access to the credit card system and can potentially tip off authorities to fraudulent or criminal activity.
Maxpay profits by charging a per-transaction fee and also by providing risk management services largely related to reducing chargebacks. Since 2018, the risk management aspect of Maxpay has largely been under the purview of what was once a Maxpay subsidiary named Covery. Covery, now its own company that is 90% owned by Polyakov, offers these risky businesses a product that, in part, records all the relevant legal information about a potential customer's visit to a predatory website in order to build a case to financial institutions that the transaction was legitimate.
Experience in the Field
Having maintained a financial interest in predatory subscription traps like Be Naughty for over a decade, Polyakov and his associates purport, with some credibility, to be experts in the field of reducing the risk posed by chargebacks to online merchants. Based on Polyakov's past banking associations, the remedies provided by high-risk credit card processors are not always as legitimate as may have been advertised.
As disclosed in a confidential report by the business intelligence firm Kroll that was first revealed by BuzzFeed News in 2017, Polyakov once held or managed money derived from his dating businesses at a Cyprus-based bank named the Federal Bank of the Middle East (FBME) — "one of the world's dirtiest banks," according to a series of investigations published by BuzzFeed. Journalist Scott Stedman published the full Kroll report document later, in July 2020.
The Kroll report in part detailed two related schemes operating out of that bank's card services division in the early 2010s that were designed to conceal high chargeback levels from Visa and Mastercard, and that apparently involved Polyakov companies. One scheme used a large collection of shell companies and billing websites, similar to the behavior Snopes reported on in the previous installment of this investigation, to spread high-risk transactions across multiple merchants.
A second scheme, according to Kroll's investigators, involved purchasing hundreds of prepaid credit cards and using them to pay for nonexistent products or services across that aforementioned network of online merchants. These charges — by virtue of their having been made internally — would not be contested. This deluge of "clean" transactions was intended, according to Kroll, to fraudulently lower the chargebacks across this network of high-risk merchants.
To be clear, Snopes has no evidence that Polyakov had anything to do with the operation of this scheme other than his being a client, according to Kroll, of the individuals running it. Emails contained within the Kroll report indicate that this network of merchants was tied to a California-based payment service provider named Maxpayments that no longer exists. This company, which once advertised itself aggressively to online dating businesses, used FBME as its acquiring bank.
In June 2014, FBME was effectively shut out of the U.S. financial system when FinCEN, the U.S. Financial Crimes Enforcement Network, named the bank "a foreign financial institution of primary money laundering concern." This event would have left any dating operation Polyakov's companies participated in via FBME without a payment service provider, or a strategy to combat chargebacks. Polyakov, public records reveal, registered Maxpay as a Malta-based company just three months later, in September of 2014.
Snopes was able to identify apparent clients of Maxpay using a combination of forensic tools. Our primary dataset is an analysis performed by the business intelligence and analytics company SimilarWeb, which, upon our request, provided Snopes with a list of referral data to the domain maxpay.com from December 2020 to November 2021. The SimilarWeb data revealed 408,573 referrals from 144 domains.
Because the majority of referral traffic comes from URLs whose websites never mention or publicly link to Maxpay, Snopes infers such referrals to be instances in which an online merchant connects to a file, a script, or other service housed on maxpay.com. In a process described here, Snopes was able to locate within many of these merchants' source code the actual portion of programming that connects their operation to maxpay.com.
As Snopes does not have access to Maxpay's internal operations, we cannot say if the 144 domains identified represent a full accounting of Maxpay clients for that time period, nor can we know the specific nature of transactions underlying the 408,573 referrals in this dataset. Even with those caveats in place, however, Maxpay's association with a massive network of apparently bogus merchants suggest the company acts, at least in part, as an industrial-scale, scam-facilitation machine fueled by the credit card numbers of internet-naive victims.
The aforementioned dating site Be Naughty, for example, is the number one source of Maxpay referral traffic. The fake e-book library Book Lounge, discussed in Part II of this series, is the second most significant source.
The former uses automated profiles programmed to entice users into signing up for a cheap trial. The latter is used to "sponsor" purported sweepstakes campaigns that dangle prizes like iPhones and Playstations in front of people willing to give up their credit card number. In both cases, the individual is ultimately signed up for a poorly disclosed monthly subscription charge to a service that appears to be largely or wholly imaginary.
When not using prizes or the prospect of easy sex as enticement, other apparent Maxpay clients mislead users into thinking they provide access to some sort of streaming service or file download. Several apparent Maxpay clients include purported fitness subscription programs. In actuality, these fitness programs are the token storefronts of businesses engaged in obtaining credit card numbers from people who think they have found a cheap way to stream some popular movie or sporting event.
An example comes from the apparent wellness program Runway To Fit. Though the company's homepage presents itself as a fitness-themed product, the page through which people appear to be providing payment information appears to be a generic access portal to a live sports event:
"We have streaming licenses for our content for certain countries only. That's why we need to verify your geographic location using a valid credit card," the fine print reads. Later, however, the company's terms of service describe the charge as a one-day trial membership. "Your membership entitling you to all our content is only 1$, unless you decide to switch to premium mode at the end of the 1-day trial membership, or do not cancel your membership within the trial period."
Several users complained about Runway to Fit on the product review site TrustPilot. One November 2021 reviewer stated that he "paid one dollar to try and watch the Cowboys game" but knew something was "fishy" when three charges were made on his card. "Within hours they were attempting to pull 60 dollars out of my account."
Another user, in an April 2021 review, stated that "this website contacted me and offered me a chance to win an iPhone for the price of £1. When I applied, they put me on a continuing subscription plan, which was never mentioned in the offer."
ClickDealer, in particular, has aggressively and regularly promoted both sweepstakes scams and streaming scams. The company, for example, often promotes what it bills as a "Sweep & Stream Bonus Program." A 2019 ClickDealer blog post described the promotion as "a fresh opportunity for any affiliate who likes easy money."
"You would likely be surprised at how many people still don't have a go-to video streaming service for their evening leisure," ClickDealer told affiliates in an April 2020 post to its account on the messaging app Telegram. "You would be even more surprised at the payouts on [offers] steering them towards adopting one." The misleading implication, of course, is that the ClickDealer affiliates would be pushing people to sign up for an actual "video streaming service."
Where Does The Money Go?
By design, it is extremely challenging to figure out who the most significant beneficiaries of these schemes are. While it is hard to pin down individual beneficiaries precisely, ample evidence suggests that this large collection of merchants identified by Snopes is not the work of several players but is run, instead, by only a few discrete and centrally controlled operations.
One discrete operation serviced by Maxpay appears to be the Together Networks dating websites. While myriad different shell companies appear to operate these sites, the dating sites' cohesion is demonstrated, as we showed in Part III of this series, by the fact that many of the entities are (at least on paper) owned ultimately by people who have recently been employed or associated with Polyakov companies.
Many of the effectively fake merchants posing as e-book libraries, budgeting services, or fitness programs appear to be part of another potentially centrally controlled operation. While the shell companies associated with these services are ostensibly owned by independent companies operating in several jurisdictions, the same individual — Cyprus-based lawyer Tatiana Achilleos — serves as secretary or director of shell companies responsible for at least 15 different fake merchants (and Maxpay clients) in the budgeting, e-book, and fitness categories.
This connection is obscured by the layered use of different business entities that Achilleos wholly owns (Figure 1):
Snopes reached out to Achilleos via LinkedIn Messenger in late May 2022. We asked, among other things, what purpose is served by one shell company owning multiple versions of the same product. In addition, we asked why many of these merchants apparently shared source code, and if she was responsible for ensuring that the sweepstakes operating on their behalf actually take place.
She did not answer these questions. In response, she first told us that she would "discuss with my clients and come back to you shortly." After outlining her connection to the 15 merchants shown above, Achilleos stopped responding to our messages.
The Hallmarks of a Complex Money Laundering Network
Snopes described our findings on Maxpay to financial crime prevention expert Denisse Rudich. This large network of interrelated merchants and shell companies, she told us, "has the hallmarks of a very complicated and complex money laundering network." The rationale is simple: Maxpay appears to be a black box. It provides hundreds of potential avenues for funds, including those derived from apparent scams, to enter and co-mingle with other funds.
In 2020, MaxPay claimed to have revenue "exceeding 2.6 billion dollars and over 251.4 million transactions … processed in 197 countries since 2015." Without confidential banking information, knowledge of how that money is dispersed is challenging to discern.
On paper, at least, Maxpay's service-fee-based revenue goes toward three shareholders: Polyakov, Maxpay's CEO Artem Tymochenko, and an individual named Igor Spodin, which matches the name of a man identified in press reports as Polyakov's legal adviser. As Snopes will show in the final installment of this series, some of the funds controlled by Maxpay likely support the Scottish aerospace company Skyrora.
- Note: Max Polyakov and Project Ritchie
- Note: Apparent Maxpay Clients
- Note: Effectively Fake Merchants