Are ecoPayz Casinos Safe? UKGC, FCA Safeguarding and the Real Risks Behind Payz E-Wallets
Loading...
Why the honest answer to ‘is this safe’ starts with a number nobody quotes
The number I want you to sit with for a moment is this: among UK e-money firms that became insolvent between 2018 and 2023, the average shortfall in funds owed back to clients was around 65 per cent. That’s the FCA’s own figure, published in the safeguarding consultation that has shaped the regulator’s recent work. Sixty-five per cent. Two thirds of client money, gone, in the worst-handled cases of the last few years.
What's inside this guide
I lead with that because the casino-payments industry tends to answer the safety question with brand reassurance — “Payz is FCA-regulated, so your money is safe” — and that’s a category error. Payz is FCA-regulated. So were several of the firms that ended up in that 65 per cent shortfall figure. Regulation is the floor, not the ceiling, and “is this safe” deserves an answer with structure to it.
This piece is the structured answer. Two regulators stack here: the FCA on the wallet side, the UKGC on the casino side. Each has its own perimeter, its own enforcement record, and its own gaps. I’ll walk you through the safeguards that exist, the limits of those safeguards, the financial picture of the firm operating Payz, and the regulatory changes hitting the e-money sector in 2026. Nothing alarmist. Nothing reassuring beyond what the evidence supports.
The two regulators that share the perimeter and why that matters
A UK player using Payz at a UKGC-licensed casino is operating inside two regulatory regimes simultaneously, and most of the safety conversation collapses into mush because people don’t distinguish them.
The UKGC regulates the casino. As of November 2025, the regulator licenses 2,179 gambling operators in Great Britain, applying conditions that cover responsible gambling, anti-money-laundering, technical standards and operator conduct. When the UKGC enforces against a casino — and they do, regularly — the penalties target the casino’s licensing position, not the wallet’s. The wallet sits outside that perimeter.
The FCA regulates the wallet. PSI-Pay Ltd, the firm operating Payz, holds FCA Authorised E-Money Institution status under registration number 900011. That brings the wallet under the Electronic Money Regulations 2011 and the FCA’s safeguarding rules — segregation of client funds, prudential requirements, ongoing reporting. When the FCA acts, it acts on the wallet’s regulatory permissions, not on any casino’s licence.
The practical implication is that “is Payz safe” is two questions in a trench coat. Is the wallet safe? Ask the FCA, look at PSI-Pay’s accounts, examine the safeguarding regime. Is the casino safe? Ask the UKGC, look at the operator’s licence history, check the enforcement record. A perfectly safe wallet sitting behind a sketchy casino is not a safe experience. A perfectly safe casino transacting with a struggling wallet is also not a safe experience. Both regulators have to be doing their job.
The UKGC’s view of the industry it regulates has been candid recently. Andrew Rhodes, the regulator’s chief executive, opened his keynote at ICE Barcelona late last year with a line that has stayed with me: “Gambling in Great Britain has reached the highest GGY we have ever seen — £15.6bn. Those official statistics will tell you plenty about what is going on with gambling in Great Britain.” The regulator is supervising a £15.6 billion market through the FCA-supervised wallet stack — and that scale is exactly why getting the safeguarding architecture right matters.
How FCA safeguarding actually protects your wallet balance
The safeguarding regime that applies to PSI-Pay and other authorised e-money institutions is the single most important consumer protection in the e-wallet space, and it’s the one most often misunderstood. Here’s what it actually does.
The Electronic Money Regulations require an authorised EMI to segregate client funds — the money you put into the wallet — from the firm’s own working capital. The client funds must be held either in a designated safeguarding account at an authorised credit institution (a bank), or invested in low-risk authorised assets, or covered by an insurance policy or equivalent guarantee. The firm cannot lend out client funds, cannot use them as collateral, and cannot net them against its own liabilities.
What safeguarding doesn’t do is provide a Financial Services Compensation Scheme guarantee equivalent to the £85,000 protection on a UK current account. There is no FSCS for e-money balances. If an EMI becomes insolvent, the safeguarded funds are recovered and distributed to clients on a pro-rata basis, but the distribution depends on whether the segregation has been operated correctly throughout the firm’s life.
And here’s where that 65 per cent shortfall figure I opened with becomes relevant. The FCA found, in the cases of insolvent e-money firms between 2018 and 2023, that segregation had been operated imperfectly — sometimes through honest error, sometimes through more serious failings — and the average client recovery was therefore well below 100 per cent. That history is why the FCA published Policy Statement PS25/12 in August 2025, introducing mandatory monthly reporting, annual safeguarding audits and enhanced fund reconciliation requirements that come into force on 7 May 2026.
The annual safeguarding audit requirement applies only to firms that have safeguarded more than £100,000 in relevant funds during a rolling 53-week period — a threshold PSI-Pay clears comfortably given the scale of Payz’s UK customer base. So the new regime applies to Payz in full, not in any reduced form.
The macro context for why this matters: the share of UK consumers using e-money accounts rose from around 1 per cent in 2017 to 7 per cent in 2022, and has continued growing since. The FCA’s then-head of research at UK Finance, Adrian Buckle, summarised the broader shift in payment behaviour bluntly: “More than half of UK adults used mobile wallets, mobile banking overtook desktop as the main way people access their accounts, and cash fell below 10 per cent of all payments.” E-money is no longer a niche; it’s the mainstream way Britons hold and move small amounts of money. The regulatory architecture is catching up to that reality.
What Mastercard scheme membership adds and what it doesn’t
The Payz Mastercard is the consumer-facing piece of PSI-Pay’s most distinctive regulatory feature: its Principal Member status with Mastercard International Incorporated, held since 2009. That status is rarer than the surrounding marketing suggests and has real implications for how the wallet operates.
Principal Member status means PSI-Pay can issue Mastercard-branded prepaid and debit cards in its own right, rather than going through a sponsoring bank. The firm is licensed to issue across 173 countries and 44 currencies, and the cards it issues sit inside the standard Mastercard scheme — with the same chargeback rights, the same dispute mechanisms, and the same scheme-rule protections as any other Mastercard product.
That brings a layer of protection that doesn’t exist for purely closed-loop e-wallets. If you use a Payz Mastercard to make a purchase and the merchant fails to deliver, you have access to the Mastercard chargeback process — which is governed by Mastercard’s own scheme rules and isn’t dependent on PSI-Pay’s discretion. The dispute process operates between the issuing institution (PSI-Pay) and the acquiring institution (the merchant’s bank), with Mastercard arbitrating, exactly as it does for any other card transaction.
What scheme membership doesn’t do is extend chargeback rights to gambling deposits. UK Gambling Commission rules and Mastercard’s own scheme rules combine to treat gambling transactions as completed at the moment of deposit, with no chargeback right available simply because the player lost the money they wagered. This is a feature of all card-based gambling payments, not a Payz-specific limitation, and it’s worth being explicit about.
PSI-Pay’s CEO Phil Davies has been candid about the compliance overhead of running an authorised card-issuing operation. In a published case study on the firm’s due-diligence process, he noted: “We need to be crystal clear to prove that what our customers are providing is real and authentic. We are also required to conduct checks on politically exposed persons and OFAC because of our relationship with MasterCard — an American company with a different set of standards.” That layered compliance — UK FCA rules, Mastercard scheme rules, US OFAC obligations — is one of the reasons the wallet runs a tighter KYC regime than purely consumer-payments products.
What PSI-Pay’s accounts actually say about counterparty health
Looking at the firm operating your wallet through the lens of its financial statements is unfashionable in consumer payments, where reviews focus on user experience. It shouldn’t be. The provider’s financial health is the floor under everything else.
PSI-Pay’s 2024 accounts paint a clear picture: total assets of £64.97 million, down 9.79 per cent year-on-year, with net income of £260,634 for the financial year. The firm holds approximately 0.16 per cent of the UK e-money market by relevant measure, putting it 58th among domestic EMIs. Those are not the numbers of a hyper-growth fintech; they’re the numbers of a niche specialist running a stable book of business.
Read in context, that profile has both reassuring and cautionary elements. The reassuring side: PSI-Pay has been operating since 2006, it has held its FCA authorisation since the EMR regime came in, it has held Mastercard Principal Member status for over fifteen years, and it has delivered a corporate statement on its Payz partnership making clear that “our ability to successfully support a growing and developing solution over 20 years is testament to our agility, knowledge and ability to deliver.” That’s institutional continuity in a sector where many EMIs have come and gone.
The cautionary side: a £64.97 million balance sheet and £260,634 in net income is small. It’s not the scale at which a regulator-grade liquidity buffer absorbs every conceivable stress scenario. The 0.16 per cent market share means PSI-Pay is small enough that an idiosyncratic event — a major fraud, an unexpected regulatory penalty, a settlement-side disruption — would matter more than it would at a larger institution.
What I take from all of this is that PSI-Pay is a steady, properly-supervised institution operating within its means. It’s not a too-big-to-fail bank, and the player’s wallet balance is not protected by FSCS. The FCA safeguarding regime is the binding protection, and the safeguarding regime is being materially strengthened in 2026. For an informed player, holding the bulk of one’s gambling float in the wallet between active play sessions is fine. Treating the wallet as a long-term store of value, with substantial sums held over many months without active monitoring, is a misreading of what an e-wallet is structurally for.
What 2025 enforcement told us about UKGC casino-side controls
The other half of the safety picture is the casino. The UKGC’s enforcement record over 2025 is the best evidence of how the regulator is actually policing the £15.6 billion gambling market, and the pattern of action tells you what to look for in an operator’s behaviour.
Between May and December 2025, the UKGC took regulatory action against 13 gambling operators for failures across AML, counter-terrorism financing, social responsibility, and technical-and-hosting standards. Total AML-related fines in the UK casino sector during 2025 exceeded £50 million — a record-level figure that signals how serious the regulator has become about money-laundering controls.
The headline cases each carried their own diagnostic value. Spreadex was fined £2,022,000 on 7 May 2025 for AML and social-responsibility failures. NetBet Enterprises Limited received a £650,000 fine plus a mandatory independent audit on 5 November 2025 for AML and SR failures. Videoslots Limited paid £650,000 on 20 November 2025 for AML and SR failures including, specifically, the use of pre-paid digital vouchers for gambling without effective oversight — a finding that has direct implications for how UKGC operators now police certain e-wallet and voucher routes.
What those cases reveal collectively is a regulator that’s prepared to take action against operators of all sizes when the controls don’t work in practice. The Videoslots case is particularly instructive for Payz users because the regulator focused not on the existence of controls but on whether the controls functioned when tested. An operator that has “deposit limits” but whose limits don’t actually limit deposits, or whose AML thresholds let through transactions that should have been flagged, is in breach regardless of how the policy reads on paper.
For a player choosing a UKGC casino, the practical takeaway is to look at whether the operator has been on the receiving end of recent enforcement — that’s publicly searchable on the UKGC’s website — and to weight an operator’s recent posture appropriately. An operator that’s just paid a meaningful fine is, paradoxically, often the safest near-term choice: they’ve been under recent regulator scrutiny, they’ve signed remediation undertakings, and their controls are demonstrably being supervised. An operator that’s never come up at all is either operating to high standards or hasn’t been examined recently. The two are hard to distinguish from outside.
Why the unregulated alternative is meaningfully worse
Any safety analysis of regulated payment routes is incomplete without the comparison to the unregulated alternative. The UK gambling black market — unlicensed offshore sites that don’t hold UKGC licences and don’t accept the FCA-supervised payment stack in any clean form — represents an estimated 5 per cent of UK online betting and gaming activity, based on PwC research published for the Betting and Gaming Council in late 2025. The forecast trajectory is worse: H2 Gambling Capital projects black-market stakes rising from £17 billion in 2025 to more than £33 billion by 2028.
Those numbers matter because they describe the alternative a player faces when they get fed up with a regulated operator’s KYC, withdrawal review, or AML controls. The frustration is real — a six-hour withdrawal review is irritating, a request to upload a recent bank statement for source-of-funds verification feels intrusive — but the alternative is meaningfully worse. Grainne Hurst, the BGC’s chief executive, summarised the dynamic plainly: “What we are seeing is a harmful black market scaling up, while the regulated sector is being put under increasing pressure by taxes and red tape.”
The structural advantage of using Payz at a UKGC-licensed casino is regulatory recourse. If the operator behaves badly, you have a regulator to complain to. If the wallet fails, you have an FCA-supervised firm with safeguarding obligations and an audit trail. If a transaction goes wrong, you have a Mastercard scheme dispute process. None of those exist on an offshore site that doesn’t hold a UKGC licence; the operator can simply ignore complaints, freeze accounts, and disappear behind shell-company structures.
The trade-off is friction. The regulated sector is more annoying to use precisely because the controls function. Friction is not a bug; it’s the safeguarding regime working as intended. A player who responds to friction by exiting to unregulated alternatives is trading recoverable annoyances for unrecoverable losses.
The 7 May 2026 regulatory shift and what it changes for you
The FCA’s Policy Statement PS25/12, published on 7 August 2025, introduced a strengthened safeguarding regime for payments and e-money firms with an effective date of 7 May 2026. The changes are material, and Payz users should understand what they actually do.
The headline obligations are three. First, mandatory monthly reporting to the FCA on safeguarded funds, including reconciliation between the firm’s records and the safeguarding accounts at credit institutions. Second, an annual safeguarding audit by an external auditor for firms that have safeguarded more than £100,000 in relevant funds over a rolling 53-week period — a threshold PSI-Pay clears, so the audit applies in full. Third, enhanced fund reconciliation requirements that tighten the operational standards for how segregated client funds are tracked.
From the wallet user’s perspective, you won’t see most of this directly. There won’t be a notice in the Payz app announcing “PS25/12 compliance enabled”. What you’ll see, gradually, is a tightening of internal controls — slightly more rigorous KYC during account changes, occasionally more granular questions during higher-value deposits or withdrawals, and a generally more conservative posture from the wallet during anti-fraud reviews. These are appropriate responses to the regulatory shift, not signs of dysfunction.
What the regime change doesn’t do is retroactively recover the 65 per cent shortfall figure that motivated it. Funds that have already been lost in past EMI insolvencies aren’t restored. The new regime is forward-looking, designed to lower the probability of future shortfall events by making them harder to develop unnoticed. The improvement should be real, but it’s not a magic shield.
The longer-term consequence is consolidation pressure on smaller EMIs. A firm at PSI-Pay’s 0.16 per cent market-share scale has to absorb the same compliance overhead as a much larger institution, and that overhead is rising. Whether that affects Payz specifically is a question for the medium term, but it’s worth being aware of the structural pressure on the broader e-money sector.
What a fake Payz casino actually looks like and how to spot one
The category I want to close with is the most consumer-relevant: how to spot a casino that claims to accept Payz but isn’t actually a UKGC-licensed operator. The pattern is consistent enough that a five-minute check almost always catches it.
Check the UKGC licence number. Every legitimate UK-facing operator must display its licence number, usually in the website footer with a link to the regulator’s register entry. Click the link. If it takes you to the regulator’s website and the operator’s details match, you’re on a licensed site. If it doesn’t link, or links to a fake “licence verification” page, you’re not.
Check the Payz logo and the cashier. A real Payz integration shows Payz alongside other e-wallets in the cashier with the current branding. A fake will sometimes show only the older ecoPayz branding — which the brand transitioned away from on 10 May 2023 — or will show a logo but the cashier flow doesn’t actually invoke a Payz authorisation step. The ecoPayz-to-Payz transition is the kind of detail real integrations get right and fakes get wrong; the history of the rebrand is worth knowing for that reason alone.
Check the terms and the company information. Legitimate UKGC operators publish the operating company’s registered address, company number and gambling licence number in a way that you can verify against Companies House and the UKGC register. Fakes either provide nothing or provide details that don’t match either register.
Check the deposit flow before you fund. A real Payz deposit will bounce to a hosted authorisation page on a payz.com domain (or, on the app, into the Payz app itself). A fake will collect Payz credentials inline on its own page — which is a phishing pattern, not a payment integration. Never enter Payz login credentials on a casino site directly.
Check the responsible-gambling tooling. UKGC operators must offer deposit limits, time limits, self-exclusion (via GAMSTOP) and links to support services. A site that has none of these, or whose limits don’t actually function when tested, is not licensed in the UK, irrespective of what its homepage claims.
If PSI-Pay became insolvent tomorrow, what fraction of my Payz balance would the FCA safeguarding rules recover?
The honest answer is that recoveries from past EMI insolvencies have averaged around 35 per cent of client funds — meaning the historic average shortfall has been around 65 per cent. That figure is the FCA"s own, and it"s the reason PS25/12 is tightening the safeguarding regime from May 2026. The legal framework requires segregation of client funds, but historic recoveries depend on how well segregation was operated in practice and on the residual assets available to be distributed pro-rata. There is no FSCS guarantee equivalent to the £85,000 protection on a UK current account.
Does "Mastercard Principal Member" status legally protect my casino balance the same way card chargebacks do?
No. The Principal Member status means PSI-Pay can issue Mastercard-branded cards in its own right and that those cards sit inside the standard Mastercard scheme with normal chargeback rights for ordinary purchases. Gambling deposits, however, sit outside chargeback eligibility under both Mastercard scheme rules and UKGC rules — the transaction is treated as completed at the moment of deposit. Chargeback protection applies to purchases made with the Payz Mastercard at merchants, not to gambling deposits funded via the wallet.
Does PS25/12"s mandatory monthly reporting and annual safeguarding audit actually apply to PSI-Pay given the £100,000 threshold?
Yes, in full. The £100,000 threshold applies to firms that have safeguarded more than that amount in relevant funds over a rolling 53-week period — a level PSI-Pay clears comfortably given the scale of its Payz customer base. The new regime applies to the firm without any reduced form. The audit must be performed by an external auditor and covers the operational integrity of the safeguarding arrangements, not just the existence of segregation accounts.
How do I check that a casino claiming to accept Payz is genuinely UKGC-licensed?
Look in the website footer for the UKGC licence number, click the link to the regulator"s register, and confirm that the operating company"s details match. If the footer doesn"t link to the regulator"s actual website or the register entry doesn"t match, the operator isn"t licensed in the UK regardless of what marketing claims appear elsewhere on the site. A legitimate Payz integration will also bounce you to a hosted authorisation page on a payz.com domain or into the Payz app for confirmation, rather than collecting Payz credentials inline on the casino"s own page.
Articles
Prepared by the Ecopayz Casino UK editorial staff.