Cyprus-Supervised Card Infrastructure Identified in EU-Facing Offshore Broker Deposits Despite Multiple Regulatory Warnings

A February 2026 compliance review confirms that offshore brokers PU Prime, Vantage Markets, and RoboForex continue onboarding EU retail clients and processing card deposits despite repeated regulatory warnings across the EU. Technical analysis of the payment flows identifies Cyprus-supervised payment infrastructure facilitating these transactions, raising supervisory questions under PSD2 and AMLD frameworks.

Key Findings

• PU Prime, Vantage Markets and (offshore) RoboForex accepted EU passport and EU proof-of-address during KYC.
• Austrian, German, and Italian residents successfully onboarded and their deposits are enabled via:
  • Credit/debit cards
  • Apple Pay
  • Google Pay
  • Bank transfer
  • Crypto wallets.
• Identical payment gateway architecture observed across multiple warned brokers.
• Cyprus-linked PSP references embedded in payment source code.
• Public EU regulatory warnings remain active.
• Full evidentiary documentation preserved (screenshots + HTML source extracts).

Compliance Review (18–19 February 2026)

FinTelegram has been monitoring the offshore brokers PU Prime, Vantage Markets, and RoboForex for years and has repeatedly pointed out their regulatory violations.

Similarweb statitics for Puprime.com for Jan 2026

Recently, new structured onboarding tests were conducted by EU residents who:

• Submitted EU-issued passports,
• Submitted EU residential documentation,
• Completed full KYC declarations explicitly confirming EU residency.

All three brokers approved the registrations. No geo-blocking or jurisdictional filtering prevented EU access. Italian residents were able to register and deposit with Vantage Markets despite a CONSOB blackout order. According to a Similarweb traffic analysis, in January 2026, just under 13.4% of visitors to the Puprime.com website came from Germany. The offshore mutation of Roboforex (Roboforex.com) also received more than 5% of its website visitors from Germany in January 2026. Deposits were apparently mostly made via Cypriot payment institutions. At VantageMarkets.com, just under 10% of website visitors came from Spain. EU residents are therefore a significant target group on all three platforms.

Regulatory Status of the Brokers

Public warnings include:

• PU Prime — UK FCA warning, Danish Denish FSA, AMF (France), ASC (Alberta/Canada).
• Vantage Markets — AFM (Netherlands), CONSOB (Italy blackout), CNMV (Spain), Danish FSA, MFSA (Malta)
• RoboForex (Belize entity) — Offshore regulation; disclaimer against EU targeting not technically enforced.

These brokers operate via non-EU licensed entities while accepting EU retail deposits. Under MiFID II, such cross-border activity raises authorization and passporting concerns.

Cyprus-Based Payment Infrastructure Identified

Technical inspection of the deposit flows revealed:

• Anonymously operated card gateway domains such as trade1.payments.shop.
• Apple Pay routing via Cyprus-controlled subdomains.
• Merchant identifiers referencing Limassol-based PSP infrastructure.
• “Powered by” references linked to a Cyprus-licensed payment institution.
• Production-mode payment endpoints embedded in HTML source code.

The architecture observed is consistent across multiple warned brokers.

These findings were obtained through lawful user interaction and documented contemporaneously. The underlying technical records are preserved.

Central Bank of Cyprus Supervisory Context

Payment institutions licensed in Cyprus operate under the supervision of the Central Bank of Cyprus (CBC) pursuant to:

• The Payment Services Law (PSD2 transposition),
• The Prevention and Suppression of Money Laundering and Terrorist Financing Law,
• CBC Directives on risk management, governance, and AML compliance.

Under these frameworks, supervised entities are required to:

• Apply risk-based merchant onboarding procedures,
• Conduct enhanced due diligence where higher-risk activities are identified,
• Perform ongoing monitoring of merchant business models,
• Manage operational and reputational risks appropriately.

Where offshore brokers subject to multiple EU regulatory warnings continue to accept EU retail deposits via Cyprus-supervised card infrastructure, supervisory review is a foreseeable consequence.

This report does not draw conclusions regarding compliance outcomes. However, the factual pattern raises legitimate supervisory questions that fall within the remit of the CBC’s oversight responsibilities.

Structural Pattern Observed

Offshore broker (non-EU license)
↓
EU client onboarding accepted
↓
Full EU KYC completed
↓
Card deposit processed via Cyprus-supervised infrastructure

This sequence was observed across multiple broker brands using similar technical architecture.

Evidence Preservation

All findings were preserved in evidentiary format, including:

• Registration confirmation emails,
• KYC acceptance records,
• Payment screen captures,
• Full HTML source extracts,
• Gateway domain references,
• Regulatory warning copies.

The documentation exists and is retained.

Short Analysis

The issue presented is not rhetorical but structural.

When brokers publicly warned by EU regulators continue processing EU retail deposits through EU-supervised payment rails, the matter transitions from marketing compliance to supervisory risk governance.

The relevant regulatory question is: How should merchant onboarding, risk classification, and ongoing monitoring be calibrated where repeated cross-border warnings exist?

Call for Information

FinTelegram invites regulators, compliance officers, and industry insiders with further documentation regarding Cyprus-supervised payment facilitation in offshore broker schemes to contact us confidentially via Whistle42.com.