Just a year after launching Moka in 2014, we pivoted from a non-performing “shopping facilitation app” model to offering Virtual POS, Web POS, and bill payment solutions. From then on, the business snowballed with accelerating momentum.
However, to be honest, we weren’t prepared for this kind of growth. It has become increasingly difficult to monitor, audit, and control our ever-expanding customer base. In such situations, you need to move quickly, perhaps even work night and day, to build a system capable of handling all your clients.
The Alarming Truth Uncovered Through Investigation
It took me some time to recognize the issues that emerged from our rapid growth. I vividly remember a board meeting where a discussion began about a problematic account. The more questions I asked, the more alarming the situation turned out to be. I recall the following exchange between myself and our CEO, Mr. Selim, during that monthly board meeting:
- When did you realize this account was problematic?
- Last month.
- Did you take any action?
- I waited for the board meeting to get authorization from you.
- Are there any other risky accounts like this one?
- We’ve identified five or six more.
- Besides those, are there any other potentially problematic clients?
- Most likely, yes. But with our current system, the process is extremely slow. We need to manually review every account—and with thousands of clients, it’s becoming increasingly difficult.
Doing Whatever It Takes, No Matter What
I remember reacting strongly after hearing this:
- I’m sorry, but I absolutely will not accept this situation. If we need to clean house, do it immediately. Running an honest business and staying clean is far more important to me than making money off shady accounts. My family’s reputation was built over three generations. I will not allow it to be tarnished. There are values in life far more important than money.
- Reviewing every account and increasing our audit level could be very costly and time-consuming.
- I don’t just want you to increase the audit level I want it taken to the highest possible level. If you want to accelerate the process and tighten controls, you have a blank check. Don’t worry about cost, manpower, or anything else. Just build the system. I’ll give you all the support you need.
- Thank you. But with this new system and tightened audit process, we may lose far more than five or six clients.
- That doesn’t concern me. If we must lose every client to start with a clean slate, so be it. Begin the cleanup immediately.
The Resistance I Faced
After this conversation, I remember my partners at the boardroom table strongly objecting. (I owned 65% of Moka, while the remaining 35% belonged to two relatives I had met through the Keiretsu Forum angel investor network.) They jumped in right away, and the following exchange occurred:
- We don’t see it that way. Every account matters to us. We don’t want to lose customers.
- Then we disagree. We can’t keep risky accounts in our portfolio. They need to be removed immediately.
- The company took money from us for a long time. We burned through a lot of capital. Now that we’ve finally started making money, we don’t accept the company asking us for more.
- I contributed 75% of that capital. (Even though I provided 75% of the funding, I held only 65% of the shares because we had counted 10% as in-kind capital for a software we later realized wasn’t even functional.) I’ll contribute again if necessary, but I won’t tolerate this kind of misconduct.
“A Difficult but the Right Decision”
Tensions flared during the board meeting—voices were raised, and the atmosphere grew intense. Our CEO watched us like a spectator at a tennis match. The conversations and heated arguments that took place in that room that day essentially determined the fate of the company. In the end, I exercised my authority to resolve the deadlock we couldn’t overcome and concluded the matter with the following words:
“I am the majority shareholder of this company and have the final say. So, whether you agree or not, we’re moving forward with this action. Mr. Selim, please initiate the cleanup process immediately, raise the level of audits and controls to the highest possible standard, and build a system that ensures accounts like these will never be our customers again.”
Our CEO’s reaction to this was: “It’s a tough but the right decision. We’ll do what needs to be done.” We ended the meeting there. He quickly took action. It took us two to three months to fully eliminate all high-risk accounts. What we discovered was shocking—two-thirds of the company’s rapidly growing revenue was coming from these accounts. In other words, within a few months, our revenue dropped to one-third of its previous level. At every board meeting during this period, my partners continued to object, but I stood firm and backed my decision each time.
A Brighter Future
So, what happened next? Things turned around.
Although our revenue dropped to a third, our CEO and his team managed the transition extremely well. They kept the company’s capital needs to a minimum, and despite the lower revenue, we were able to keep the company running. More importantly, with each audit, we began adding verified clean clients to our customer base. This gradually reignited our growth. It wasn’t as fast-paced as before, but it was solid growth that stabilized the company and restored its value. Within two years, we had regained our previous revenue level. Of course, this growth didn’t come easily—our team had to put in extra effort.
At the end of this two-year journey, İşbank expressed interest in acquiring Moka. They made us a preliminary offer. After completing their due diligence, the executives from İşbank said the following about Moka:
“The company is in better shape than we expected. There are virtually no high-risk accounts. Your team has done an excellent job creating this level of integrity. Your revenue growth also appears very healthy.”
They ended up increasing their original offer. This is not something you see often—but the fact that İşbank praised the company’s soundness and clean operations, and then improved their offer afterward, was clear validation that the cleanup we had done years earlier was the right move.
While they were saying these words at the meeting, I looked straight into my partners’ eyes. They understood exactly what I meant. They owe me big time. If I hadn’t made that call back then, today the future of Moka—and every executive associated with it—would be in serious jeopardy.
Examples of Widespread Fraud
Speaking of which, I want to emphasize the wave of fraud we’ve recently witnessed in Turkey under the fintech banner. Some companies have had their licenses revoked, and their executives and board members detained due to serious misconduct. The first names that come to mind are İninal, Papara, and Paybull. You can read the following statements on the Central Bank of Turkey’s website, which regulates and supervises payment and electronic money institutions:
- The operational license of İninal Payment and Electronic Money Services Inc. has been temporarily suspended under Law No. 6493. On 14 March 2025, the Savings Deposit Insurance Fund (TMSF) was appointed as trustee to İninal.
- On 27 May 2025, the Savings Deposit Insurance Fund (TMSF) was appointed as trustee to Papara Electronic Money Inc.
- Electronic Money Institution Whose License Has Been Revoked: Paybull Payment Services and Electronic Money Inc.
We can add PayFix and iPara to the list as well. On 14 March 2025, during simultaneous operations, a total of 49 suspects were detained, including the leader of the criminal organization, E.K., and the owners of PayFix Payment Institution. The suspects are facing charges related to organizing illegal betting and games of chance, as well as laundering assets obtained through criminal activities. Around the same time, investigations carried out under the coordination of the Banking Regulation and Supervision Agency (BDDK) and the Financial Crimes Investigation Board (MASAK) led to the suspension of operating licenses for several companies, including iPara.
The Papara Operation: The Climax of It All
The operation conducted in May against Papara, the sector’s leading company in terms of transaction volume, marked the peak of these events. Thirteen suspects, including the owner of Papara Electronic Money Inc., Ahmed Faruk Karslı, were detained on allegations that the company facilitated illegal betting operations. Before diving into the details, let’s hear the story of Papara from its founder himself:
According to the report published by Anadolu Agency (link), a statement from the Istanbul Chief Public Prosecutor’s Office noted that during the investigation into “establishing a criminal organization,” “membership in a criminal organization,” “money laundering of criminal proceeds,” and “violation of the Law on Betting and Games of Chance in Football and Other Sports Competitions,” it was found that Papara facilitated the flow of illegal betting funds and was used for money transfers by illegal betting syndicates.
Analyses revealed that out of 26,012 accounts opened through the Papara system, 102 were used on various illegal betting and gambling websites. The statement also noted that large sums of money generated through these accounts were transferred to 274 different bank accounts and later laundered through 16 different cryptocurrency wallets.
Collaboration with Illegal Betting Syndicates
The investigation found that five of the crypto wallet owners were working in cooperation with leaders of illegal betting networks and that Papara had entered into a covert partnership with these organizations. The authorities claimed that Papara Electronic Money Inc. had become a key financial tool in facilitating illegal betting and gambling activities and posed a risk to the security of payment systems. As a result, 13 suspects were taken into custody.
The statement also revealed that assets belonging to the organization’s leaders and members—including 10 companies (most notably PPR Holding Inc.), a yacht, five boats, three safety deposit boxes, 74 vehicles, and seven apartments and villas—were seized. The court assigned the Savings Deposit Insurance Fund (TMSF) as trustee over these assets.
The operation conducted by security forces resulted in the detention of 13 suspects, including Ahmed Faruk Karslı.
Now that we’ve covered these incidents, let’s look at the reality of fraud in Turkey’s fintech sector. I will outline the most common vulnerabilities and how they might be addressed below. (Special thanks to my longtime friend and future business partner, Mr. Sezer, for his invaluable contributions to this section.)
The Reality of Fraud in Turkey’s Fintech Ecosystem
(Field Observations, Systemic Vulnerabilities, and Strategic Directions)
In fast-digitizing markets like Turkey, where regulations often lag behind innovation, financial fraud isn’t merely a technical issue—it’s a multi-layered, systemic risk. This problem stems not only from user errors or technological loopholes but also from strategic exploitation of weak points in the financial infrastructure.
Fraud in Payment Systems
Card-not-present (CNP) transactions remain a major issue in e-commerce.
SIM card cloning, phishing, and fake bank calls lead to widespread account takeovers (ATOs).
In certain retail sectors, POS device tampering and cloning are still serious threats.
Chargeback fraud has surged in microbusinesses and online marketplaces—small-value, high-frequency transactions are used to exploit the system.
Identity, e-KYC, and Onboarding Vulnerabilities
Accounts can still be opened using fake or synthetic identities. KYC processes not integrated with advanced APIs remain a major weakness.
Digital onboarding prioritizes speed and UX, often compromises security.
Even government-based verifications like e-Government, MERNIS, and TCKN checks are often underutilized.
Risks in BNPL, Micro-Credit, and Instant Finance Products
BNPL systems are being exploited via identity theft and fake applications.
Credit limit increases through mobile apps are being abused by bot-like behavior.
Fraudsters manipulate credit scoring algorithms during loan approvals.
Social Engineering and Organized Networks
Fake investment advice, impersonating bank officials, and “insider tips” shared on WhatsApp are still highly persuasive.
Sometimes not just the victim, but their entire social circle is manipulated into facilitating the scam.
Fraud-as-a-Service (FaaS) and the Organized Digital Crime Ecosystem
Phishing kits, fake bank websites, and SMS services tailored for Turkey are openly sold on platforms like Telegram.
Fullz packages (containing name, national ID, selfie, IBAN, etc.) are traded on underground markets.
Some fraud rings collaborate with insider informants to manipulate corporate systems.
Betting, Money Laundering, and Tax Evasion via Illegal Betting Channels
Illegal betting sites have become a “cash transfer tool” for individuals excluded from Turkey’s formal financial system.
These transactions often run through hidden wallets, rotating IBAN setups, and suspicious payment gateways.
Funds are “cleaned” using virtual POS or alternative PSPs before being transferred out of the system.
Money Laundering (AML) Methods
- The “smurfing” technique is used by conducting high-frequency, low-value transactions.
- Crypto exchanges, digital wallets, and even in-game currency systems function as “mixing” tools.
- Some fraud rings collaborate with seemingly legitimate merchants to carry out “clean money conversion” schemes.
Tax Evasion and Unreported Income
- Income obtained through fake invoice chains is micro-distributed via fintech applications to move it off the books.
- Service income that goes unreported is disguised as “personal transfers” through payment platforms to avoid tax audits.
- Some freelancers and micro-entrepreneurs accept payments outside of platform commissions, making themselves vulnerable to fraud and contributing to tax loss.
Systemic Gaps and Regulatory Issues
- The Personal Data Protection Law (KVKK) restricts fraud data sharing between PSPs and banks, eliminating the possibility of collective defense.
- The Financial Crimes Investigation Board (MASAK) primarily focuses on money laundering rather than fraud, causing many digital fraud cases to go undetected.
- While the Central Bank of Türkiye’s FAST and digital onboarding projects are important steps, there are still gaps in risk scoring and post-incident response.
What Needs to Be Done
- Real-time risk scoring, behavioral analytics, and device-based verification methods should be widely adopted.
- Graph-based analytics should be used to identify network behaviors and connected suspicious user groups.
- AML and e-KYC integrations should be activated not only during onboarding but also at the time of transaction.
- For tax compliance, a direct API connection should be established between payment systems and the Revenue Administration.
- Transactions related to illegal betting and high-risk sectors should be monitored separately from other types of transactions.
If you’re interested in analyzing sector vulnerabilities and financial crimes from a global perspective, I recently read a great article on this topic. I highly recommend it:
https://www.rekabetregulasyon.com/fintechin-iki-yuzu-papara-vakasi-ve-carla-friedin-uyarilari/
I’d also like to draw your attention to the following points mentioned in the article:
Digitalization Has Moved Banking from Branches to Phones — But Has Oversight and Transparency Kept Pace?
Digitalization has shifted banking from physical branches to smartphones — but has oversight and transparency made the same leap? It appears that as fintech’s sphere of influence expands, regulatory gaps are becoming increasingly visible.
Conclusion and Policy Recommendations
Fried’s article and the case of Turkey show that digital banking leads to the following outcomes:
- Convenience increases risk: Since money transfers via mobile apps can be done with just a tap, deposit loyalty may weaken. This can undermine the stability of banks.
- Credit risk is on the rise: Increases in digital interest rates are fueling a surge in risky loans, potentially accelerating capital flight.
- Regulation is lagging behind: New models like shadow banking, open banking, and BNPL (Buy Now, Pay Later) are not fully covered by existing regulations.
- The Turkish case: Allegations of illegal betting transactions through platforms like Papara and İninal have clearly demonstrated the risks of combining speed with a lack of oversight in the fintech sector.
In this context:
1) Tighter supervision and transaction limits: Digital account transaction limits, suspicious transaction monitoring, and AML/KYC standards must be strengthened.
2) Transparency and rights-based approach to data sharing: Individuals who choose not to share their data in open banking should not be automatically placed in a high-risk category; consumer rights must be protected.
3) Financial literacy: Awareness about the use of fintech should be increased through public education campaigns.
4) Greater regulatory flexibility: Oversight should be expanded in areas like shadow banking (e.g., online mortgages, BNPL, fintech lending), and coordination between regulatory bodies (BRSA, MASAK, CBRT) must be reinforced.
The digital revolution provides convenience, but if regulatory gaps and systemic risks are neglected, banking infrastructure may become fragile. That’s why revolutionary technologies must be supported not only as tools of convenience but also with policy frameworks that ensure long-term reliability.
The Psychological Dimension of Fraud: Squid Game
Now let’s explore the psychological side of all these scams and frauds. In the show, some characters find themselves in Squid Game due to misfortunes, while others are driven by greed and deceitful personalities. Although they are playing childhood games, losing means paying with their lives. The survivors split the prize money.
Despite dozens of people dying after each game, the remaining players vote to continue out of sheer greed. Ultimately, it’s this greed, selfishness, and desire to get rich quickly that leads to the deaths of hundreds. Even the organs of the deceased are sold to organ traffickers.
The Character I Identified With
There are genuinely decent characters in the story. At one point, Squid Game turns into a battle between good and evil. The main character, Seong Gi-hun, fights hard to end the games — but the situation overwhelms him. Still, he never gives up until the end. Actor Lee Jung-jae deserves a round of applause for portraying Seong Gi-hun so well. He brings the character to life perfectly.
I don’t usually like every show I watch, but what kept me hooked on this one was the character of Seong Gi-hun. I felt like I was watching a Korean version of myself on screen. I don’t know if the writer based this character on someone real or created him purely from imagination — but I truly saw myself in him.
I would have made every move and even the wrong decisions that the character made in the show, the same way. For example, despite earning an incredible amount of money in the early games, he refuses to touch it, saying, “There’s blood on this money.” He does everything in his power to end the games, even risking his life. He tries to intervene from within the system, and when necessary, he’s willing to engage in armed conflict. In the end, he sacrifices his own life in place of the baby who’s brought into the game as a player. I would have done all of that too. There wouldn’t have been any other option for me. Because of the deep empathy I felt with Seong Gi-hun, I ended up binge-watching the series.
I was glad the whole thing ended in Korea, but I wasn’t happy to hear that it would continue in America. Out of curiosity, of course, we’ll watch the episodes that take place in the U.S. too. But I truly hope Seong Gi-hun somehow survived and continues to be part of the show.
We Need More People Like Seong Gi-hun
Ultimately, Squid Game presents a grim lineup of dark human traits — widespread greed, the obsession with making more money, selfishness, the urge to control and buy people, and the pitiful willingness to betray even one’s own mother when under pressure. It shows how people’s weaknesses can be exploited to push them into doing things they would never normally consider. Sadly, this same psychological landscape also explains some of what we see in Turkey’s fintech sector.
To avoid shocking, large-scale problems in the long run, we need people like Seong Gi-hun to be active in the sector — people with integrity who can take on leadership roles. On the government side, necessary regulations must be introduced decisively and without loopholes. The Central Bank — as the institution responsible for overseeing and regulating the sector — must follow these processes objectively, without compromise, and act without delay.
Fintech: Financial Technology




