Special: According to a whistleblower, Mastercard and Visa did not prevent payments for child sex abuse content on OnlyFans

The U.S. Treasury’s financial crimes branch received a previously unpublished whistleblower complaint alleging that Mastercard and Visa failed to prevent their payment networks from laundering earnings from child sexual abuse material and sex trafficking on the well-known website OnlyFans.

According to the whistleblower, a senior compliance specialist in the banking and credit card sectors, the two massive card companies were aware since at least 2021 that their networks were being used to finance illicit content on the pornographic website. The whistleblower accused them of “turning a blind eye to flows of illicit revenue.”

The complaint was sent to the U.S. Justice and Homeland Security departments, as well as the Treasury’s Financial Crimes Enforcement Network (FinCEN), in January 2023, according to the whistleblower.

According to the lawsuit, in a series of conversations in 2021 and 2022, the whistleblower and other anti-trafficking specialists, including U.S. federal officers, warned Visa and Mastercard about illegal content on OnlyFans. The lawsuit stated that the federal agents verified that there was content on OnlyFans about child sexual abuse.

A 2022 investigation by an anti-trafficking organization that claimed to have discovered a “high volume” of OnlyFans accounts with “common indicators” of child sexual abuse content or sex trafficking was also cited extensively. The study was shared with the card companies, and the whistleblower claimed to have contributed to it.

OnlyFans uses Visa and Mastercard to handle payments between content producers and their clients. The card firms are “directly handling the proceeds of these illicit transactions” when the content includes child sexual abuse, according to the lawsuit.

According to the lawsuit, Mastercard and Visa “willfully failed” to maintain adequate anti-money laundering processes mandated by the Bank Secrecy Act by continuing to accept payments on OnlyFans. FinCEN and the two other federal agencies were requested to take action against the card firms.

Reuters looked at an email that verified the complaint was received by FinCEN. Answering inquiries, the agency stated that it neither affirms nor refutes the existence of whistleblower reports. The departments of Justice and Homeland Security chose not to respond.

The complaint was sent under FinCEN’s anti-money laundering whistleblower program, which was established in 2021, but Reuters was unable to ascertain what, if any, action the agencies did in response. Under that scheme, whistleblowers’ identities are protected and grievances are kept private. But after reviewing the report and conducting an anonymous interview with the whistleblower, Reuters verified his identity and qualifications. He had a great deal of experience combating money laundering, according to the lawsuit.

The whistleblower said in an interview that the authorities never got in touch with him to talk about his complaint. In order to prevent the monetization of illegal content, he continued, the card companies had “the power to turn off the switch.”

Visa and Mastercard claimed that they were unaware of the 2023 whistleblower report until Reuters reached out to them. They denied the accusations made in the lawsuit and pointed to their efforts to prevent unlawful activities on their networks.

According to a Visa representative, merchants and financial institutions who fail to meet Visa’s “robust compliance requirements” would be removed from its network. The representative stated that the organization has “best-in-class controls to deter, detect, and remediate illegal activity.”

According to a spokeswoman for the company, Mastercard has high standards for all users of its payment system and “works with partners to act if illegal activity is identified.” “We have not received any specific illegal activity referrals for us to look into or take action on,” the official continued. “Despite the whistleblower’s claim, we have not received any evidence of current illegal activity,” the representative stated.

Mastercard had “failed” to maintain strong anti-money laundering systems, according to the spokeswoman. Using a thorough compliance program and robust internal controls, the organization has “strong governance standards,” he stated.

Reuters has discovered further claims of child sexual abuse and sex trafficking on OnlyFans, a porn-driven website that makes money from memberships and pay-per-view video, since the whistleblower report was submitted.

The news outlet said in July that police reports claimed hundreds of sexually explicit films and pictures of children, some as young as infants, had been posted on the website since 2019. According to a child exploitation investigator who spoke to Reuters in December, he submitted 26 OnlyFans accounts to authorities that seemed to include adolescent females in pornographic material. “The accounts were swiftly deleted,” the investigator added. Another issue included women who claimed to have been sexually exploited to earn money on the platform, often by a partner or fiancé.

While calling Reuters’ findings on child sexual abuse on OnlyFans “alarming,” the Mastercard spokesman stated that in order for the firm to take action or look into the matter, police enforcement or specific child-protection organizations would need to present proof of unlawful behavior. Visa did not respond when asked if it was looking into the information that Reuters had found.

Questions about the whistleblower complaint were not answered by OnlyFans, a UK-based company. According to the company’s website, it has a “zero-tolerance policy” against any content that involves child abuse or trafficking and removes or filters anything that doesn’t follow its guidelines. According to the statement, it also notifies child protection organizations and law police of unlawful content. The company aims to “aggressively target, report, and support the investigations and prosecutions” of any platform abusers, OnlyFans previously told Reuters in a statement.

OnlyFans is one of the most profitable and rapidly expanding creative platforms in the world. Its four million content providers and more than 300 million users rely on credit cards to handle tips, subscriptions, and other transactions. It is a leader in the creator economy as a result of its booming earnings. OnlyFans reported gross payments to authors of $6.6 billion in September, a 20% increase over the previous year. Its revenue was $1.3 billion.

“INSOMABLE IMAGES”

The majority of porn websites are free and rely on advertising for revenue. In contrast, OnlyFans requires users to pay with their card information before taking 20% of the money that its artists get from the sale of material.

OnlyFans takes Mastercard, Visa, Discover, and a few more partner cards. Other choices are permitted in some nations, such as Paysafe, an online payment company that did not reply to a request for comment. Under a long-standing worldwide policy that forbids the use of their cards for online pornographic material, American Express cannot be used on OnlyFans, according to a representative. Payment providers that prohibit online porn transactions include Apple Pay and Google Pay.

According to industry statistics, Visa and Mastercard, OnlyFans’ primary markets, make up the great majority of all card purchases in the United States. Discover was not accused in the lawsuit, which stated that due to its modest market share, it was “unlikely to be one of the main payment methods used on OnlyFans.” Discover’s spokesman chose not to comment.

Following a public uproar over alleged child sexual abuse material and other unlawful content, Visa, Mastercard, and Discover barred the use of credit cards to make transactions on Pornhub, another popular adults-only network, in 2020. This made Pornhub rely more on advertisements and user data sales and eliminated card payments for its sponsored content.

Several instances of graphic recordings of minors on OnlyFans were reported by the BBC in May 2021. A Justice Department probe into claims of juvenile sexual abuse on OnlyFans was demanded by 102 members of Congress three months later. The agency refused to comment on how that request was progressing.

One source who attended said that Mastercard’s senior executives had a heated conversation with a group of anti-trafficking specialists in November 2021, during which some of them demanded that the business sever its relationship with OnlyFans.

The specialists informed the management of Mastercard that the website was carrying content related to child sexual assault. He could provide proof, according to one expert, a U.S. government agent. The agent allegedly visited a sexually graphic OnlyFans account including photographs of a young girl during the conversation, according to the participant. It would have been against the law for the agent to distribute the pictures, but instead she described them to other callers.

Mastercard admitted to Reuters that its staff had a conversation with a group during which “explicit and uncomfortable images” were exchanged, but it was unable to verify the exact time of the call. According to a Mastercard representative, the card giant then asked all financial institutions that linked OnlyFans to its payment network to verify that the website complied with “our standards and applicable law.”

He stated, “Each of them affirmed that status,” without naming the organizations.

The research that was the basis for the whistleblower complaint was released in April 2022 by the U.S. organization Anti-Human Trafficking Intelligence Initiative (ATII). ATII, which performs the task of detecting illicit information on the internet, said it has found many OnlyFans profiles that had evidence of sex trafficking or child sexual abuse.

According to the ATII investigation, among the signs were terms and photos that were discovered through a search of the producers of OnlyFans’ publicly accessible accounts. 

Researchers found a “tremendous amount of troubling material” on the site using these techniques, the report stated. According to the whistleblower, he made sure the study accurately represented industry practices by reviewing it before to release. The paper highlights financial institutions’ anti-money laundering responsibilities.

According to the whistleblower complaint, ATII shared the results of their probe with Visa and Mastercard. When questioned about the ATII findings, the corporations did not reply. ATII opted not to comment.

“GOING BUSINESS AS USUAL”

Visa and Mastercard have both strengthened their policies on porn websites in recent years. Mastercard implemented more stringent guidelines in October 2021 with the goal of “preventing illegal adult content on our network.” Senior Vice President John Verdeschi said in a statement that opened a new tab at the time that they were spurred by the simplicity with which anyone could now post information to the internet.

These regulations mandated that retailers of adult content, as OnlyFans in this instance, confirm the age and identity of persons portrayed and secure written authorization from all parties. Porn websites were also compelled by the regulations to generate monthly reports that identify “potentially illegal” content and forward it to banks that handle Mastercard payments.

That August, Tim Stokely, the creator and then-CEO of OnlyFans, told the Financial Times that his platform was “already fully compliant” with Mastercard’s regulations.

Visa also imposed more stringent guidelines for its “high integrity risk merchants” in 2023. This included establishments that dealt with adults, dating services, gambling, and pharmacy. In order to stop illicit transactions, banks were supposed to keep a closer eye on merchants under the regulations.

The card firms seemed to be transferring the burden for handling payments with child sexual abuse materials to banks “while carrying on with business as usual,” according to the whistleblower complaint.

Visa and Mastercard remained silent on such claim.