12.6 C
New York

RatEx42 Rating MethodologyThe CyberFinance Risk-Rating Platform

RatEx42 Rating Methodology v1.0

Effective date: 5 January 2026
Applies to: All RatEx42 provider/platform profiles and ratings (“R42 Risk Rating”)
Last updated: 5 January 2026

1) What RatEx42 is (and what it isn’t)

RatEx42 (“R42”) is a risk-rating and comparability platform for cyberfinance providers, payment enablers, and high-risk digital services. Our goal is to help users, partners, and compliance teams answer a practical question:

“What is the risk, right now — and what changed?”

RatEx42 is not a regulator, law enforcement body, or a court. We do not provide legal, financial, or investment advice. We publish evidence-led assessments, clearly separated from user-submitted opinions.

2) Two-layer system: Editorial Risk Rating vs User Reviews

RatEx42 operates a strict two-layer model to keep ratings defensible and avoid “crowd noise” contaminating evidence-based decisions.

A) R42 Risk Rating (Editorial / Evidence-led)

  • Displayed as a Traffic Light (Green / Yellow / Red / Black).

  • Produced by RatEx42 editors using a structured rubric and evidence grading.

  • Change-controlled: any rating change is logged with date, trigger, and supporting evidence.

B) User Rating (Community / Stars)

  • Displayed as star ratings and written reviews submitted by users.

  • Moderated for safety, relevance, and factuality.

  • Important: User stars do not determine, override, or automatically affect the R42 Risk Rating.

In short:
Editorial rating = evidence-based.
User rating = community signal.

3) Traffic Light definitions

Our methodology evaluates entities across four distinct tiers: Green (Low Risk), Orange (Elevated Risk), Red (Critical Risk), and Black (Rogue/Sanctioned).

🟢 GREEN: Standard / Low Risk

Definition: A transparent, fully compliant entity operating strictly within its authorized regulatory framework. These entities process payments for legal, verified merchants and maintain rigorous AML/KYC controls.

  • Regulatory Status: Holds active, appropriate Tier-1 licenses (e.g., FCA PI/EMI, BaFin, MFSA, local banking charters) for the jurisdictions in which it operates.

  • Corporate Transparency: UBOs (Ultimate Beneficial Owners), directors, and key management personnel are publicly disclosed, verifiable, and free of adverse media. Physical operational headquarters match corporate registries.

  • Technical Footprint: Direct API integrations with verified merchants. The checkout URL matches the merchant of record. No use of anonymous aggregators, hidden IFrames, or mirror domains.

  • Merchant Portfolio: Services regulated industries or standard e-commerce. If offering high-risk processing (e.g., licensed iGaming), strictly enforces geo-blocking for unauthorized jurisdictions.

  • Acquirer Action: Safe to onboard. Standard ongoing monitoring required.

🟠 ORANGE: Elevated / High Risk

Definition: Entities that operate in regulatory “gray areas” or demonstrate weak AML/KYC oversight. They may not be actively committing fraud, but their lack of robust controls makes them highly susceptible to exploitation by offshore or high-risk merchants.

  • Regulatory Status: Often relies on “regulatory arbitrage,” such as using a Canadian MSB registration, a weak offshore license (e.g., Mauritius, Vanuatu), or operating purely as an authorized representative of another firm.

  • Corporate Transparency: Complex corporate structures. UBOs may be shielded behind holding companies or nominee directors, though they can usually be identified through deep-dive corporate intelligence.

  • Technical Footprint: May utilize generic white-label software. High volume of cross-border transactions. Occasional discrepancies between the front-end merchant URL and the backend settlement domain.

  • Merchant Portfolio: Heavy concentration of high-risk merchants (unlicensed offshore brokers, crypto exchanges, gray-market iGaming). High chargeback ratios. Failure to consistently block traffic from regulated EU/UK jurisdictions.

  • Acquirer Action: Tread carefully. Requires Enhanced Due Diligence (EDD), strict processing volume caps, and frequent portfolio audits.

🔴 RED: Critical Risk

Definition: Entities engaged in active, structural complicity in transaction laundering. These gateways serve as deliberate masking layers, weaponizing their infrastructure or licenses to bypass banking controls and law enforcement blacklists. (Example: Mellifera/Kartiera, Puretransfer).

  • Regulatory Status: Either entirely unlicensed/unregulated, OR actively weaponizing a Tier-1 license (like an MFSA or FCA EMI) to provide a “clean” facade for dirty fiat flows.

  • Corporate Transparency: Complete opacity. Use of privacy-shielded domains, shell companies, virtual office addresses, and “rented” corporate identities. UBOs are hidden intentionally to evade law enforcement.

  • Technical Footprint: Acts as a “stealth gateway.” Relies on multi-hop routing, absorbing 100% of its traffic from anonymous shadow aggregators rather than direct merchants. Misuses Open Banking APIs or manipulates Merchant Category Codes (MCCs) to bypass acquiring bank blocks.

  • Merchant Portfolio: Actively processes for explicitly illegal, blacklisted, or fraudulent merchants (e.g., ADM-blacklisted casinos, boiler-room scams).

  • Acquirer Action: Do not process. Immediate suspension of API access and accounts. File Suspicious Activity Reports (SARs) with relevant financial intelligence units.

⚫ BLACK: Rogue / Sanctioned Entity

Definition: A confirmed criminal enterprise, fraudulent scheme, or internationally sanctioned network. These entities exist solely to facilitate illicit finance, steal consumer funds, or bypass global sanctions.

  • Regulatory Status: Fraudulent claims of licensing (fake license numbers), actively revoked licenses, or operating in direct defiance of cease-and-desist orders.

  • Corporate Transparency: Entities tied to known cybercrime syndicates, sanctioned individuals, or state-sponsored illicit actors.

  • Technical Footprint: Known successor schemes to previously seized networks (e.g., the direct rebuild of a seized processor). Associated with malware, ransomware payouts, or darknet market settlements.

  • Merchant Portfolio: Purely illicit. Unlicensed dark-web markets, terror financing, massive Ponzi schemes, or facilitating payments for sanctioned Russian/Iranian entities.

  • Acquirer Action: Hard Block & Report. Mandatory freezing of funds (where applicable by law) and immediate notification to law enforcement and sanctioning bodies (OFAC, HM Treasury, EU).

Dynamic Downgrade Triggers

An entity will be automatically downgraded to RED or BLACK if any of the following occur during a RatEx42 review:

  1. Traffic Laundering: Web analytics prove the entity receives the majority of its checkout traffic from an anonymous aggregator rather than a direct merchant URL.

  2. Corporate Hijacking: Evidence that the payment processor is using the corporate registration number of an unrelated, legitimate business to secure banking access.

  3. Blacklist Evasion: Evidence that the gateway operates mirror domains specifically designed to bypass ISP blocking by national regulators (e.g., Italian ADM, German GGL).

10) Disclaimers 

  • RatEx42 publishes risk assessments, not determinations of guilt.

  • Ratings reflect the information available at the time of review and may change.

  • Do not treat any rating as legal, financial, or investment advice.

  • Always do your own due diligence and consult professionals where appropriate.

 

Premium Content

© Newspaper WordPress Theme by TagDiv