Crypto payment cards and financial crime risks

Key takeaways:

• Crypto-funded payment cards allow users to easily convert digital assets and make card payments using pre-paid debit cards; in almost 70% of cases, these required minimal or even no identity verification.

• Conversion of illicit crypto assets remains a key obstacle for criminals; schemes such as these, with poor or no control measures, easily bypass this restriction.

• Crystal’s research indicates that once crypto is loaded onto a card, transactions appear as ‘normal’ card payments, obscuring the upstream origin of funds as crypto.

• Crystal Intelligence identified almost one hundred crypto card providers with an associated volume of over $1.18B in on-chain inflows between 2024 and early 2026; the market showed strong growth, increasing at a rate of 66% year-over-year.

• Around 70% of the providers identified offer cards with no KYC or low-friction onboarding. Some providers market and issue cards without any identity checks.

• Traced flows show exposure to darknet markets, sanctioned entities, scams, mixers, and gambling platforms -representing $166.5M in identified high-risk inflows.

What are crypto-funded payment cards?

Crypto-funded payment cards – often referred to colloquially as ‘crypto debit cards’ enable users to ‘load’ crypto onto a pre-paid debit card, typically as stablecoins, then spend it as normal currency wherever major debit cards are accepted, including at point-of-sale terminals or online merchants. The cards typically convert the pre-loaded digital assets into fiat at the time of spending, making them functionally indistinguishable from conventional debit cards at the receiving financial institution.

This represents a significant compliance blind spot for both crypto services and traditional financial institutions. The payment card ecosystem was built to monitor card transactions; it was not designed to screen the original deposit of funds before it enters the payment network. When the source of funds in a transaction is a blockchain wallet exposed to sanctioned entities, darknet markets, or fraud, the risk travels invisibly into the traditional financial system.

Crystal Intelligence’s research into this ecosystem – covering almost 100 providers and over $1.18B in traced on-chain flows linked to crypto card funding wallets from January 2024 to January 2026- reveals both the scale of the market and the extent of the monitoring gap it creates.

Mapping the crypto-funded payment card ecosystem 

Crystal identified almost one hundred crypto-funded payment card services operating across two distinct provider categories:

1. Dedicated crypto card providers: Crypto-native platforms whose primary product is issuing virtual or physical payment cards funded with crypto.
2. Crypto exchanges offering card programs: Platforms such as Crypto.com, Wirex, Uphold, SpectroCoin, Mercuryo and Nebeus, where payment cards are a secondary service alongside trading and exchange functions.

Large virtual asset service providers (VASPs) whose card programs accounted for only a fraction of their overall activity were excluded from the on-chain volume analysis to avoid skewing the results. For example, our on-chain analysis of a Hong Kong-based VASP revealed total volumes of $2.04B received and $2.56B sent, which exceeds the entire dataset of smaller service providers. The analytical focus remained on providers where crypto cards constitute the primary service offering.

Structure of crypto card programs

Crypto-funded card programs typically operate through a multi-layered structure involving virtual asset service providers, program managers, issuing banks (bank identification number, or BIN, sponsors), and card networks.

Above: Chart illustrating the potential KYC gap caused by crypto-funded payment card infrastructure: Although the network’s KYC procedures are appropriate and proportional, it doesn’t have oversight of the onboarding identification processes at the level of the card issuer and provider. These may not be adequate, which may result in financial crime risk. Source: Crystal Intelligence.

 

While crypto card providers interface directly with users, they do not issue cards themselves. Instead, cards are issued through BIN sponsorship arrangements involving licensed financial institutions. In the cases identified, some entities acted as BIN sponsors or principal members of card networks and may appear as the issuer in BIN data while operating within a broader framework supported by underlying regulated institutions.

In this structure, BIN sponsors retain responsibility for regulatory compliance, including KYC and AML obligations, while Visa and Mastercard provide the underlying payment infrastructure and enforce network-level rules. Card networks do not onboard crypto providers directly, and their oversight is primarily exercised through the issuing BIN sponsor.

This layered model can result in fragmented visibility across participants, where the entity interacting with cryptocurrency flows is not always the entity directly supervised within the traditional financial system. As a result, the origin of funds is not fully visible across all layers of the payment chain.

Distribution channels of crypto-funded payment cards and grey-market infrastructure

Providers were identified through structured open-source intelligence (OSINT) analysis across open web platforms, Telegram channels, crypto forums, and mobile application stores.

Of the almost one hundred service providers identified:

• 87.9%operate via websites or software-as-a-service (SaaS) platforms
• 12.1%operate primarily through Telegram

Telegram-based services frequently advertise low- or no-verification card issuance. This parallel grey-market infrastructure operates with minimal accountability and is largely absent from standard compliance monitoring.

KYC failures at onboarding: 67% of service providers offer no or low-friction ID verification

Low-Friction vs No KYC Services ‘Low-Friction’ onboarding usually involves the service provider collecting information from the user without conducting any further verification. In these instances, a user may be able to sign up with false information and gain access to the service. No KYC services require any information to be provided at all. Legally, some jurisdictions permit low-friction onboarding; typically, this is for accounts that transact less than $1000. Furthermore, given that these services are delivered remotely and without in-person verification, it is unclear how providing such services without controls constitutes effective AML risk management.

Crystal tested platforms directly, registering accounts and reviewing onboarding requirements. The findings indicate systemic KYC deficiencies across the sector:

• 67.7% providers offer no KYC or low-friction identity verification
• Several platforms issued cards without completing any identity checks
• Multiple providers showed weak or absent enforcement of geographic restrictions

These gaps mean that crypto-funded payment cards are, in many cases, accessible to users in jurisdictions where financial services are restricted or prohibited – including sanctioned countries. When combined with crypto payment rails, weak onboarding creates direct AML vulnerabilities that no amount of downstream card transaction monitoring can fully remediate.

Blockchain infrastructure of crypto-funded payment card providers

Crystal’s investigations identified approximately 120 wallets associated with card provider infrastructure, of which 66% were unique, including deposit and operational hot wallets. Meanwhile, 34% were linked to nested services, where smaller providers rely on the infrastructure of larger platforms.

The ecosystem is multi-chain. Observed networks include Ethereum, Binance Smart Chain (BSC), Tron, Solana, and the TON blockchain. However, the popular TRON network dominates, with USDT on Tron serving as the primary funding asset across providers.

Tron’s low transaction costs, high throughput and widespread exchange support make it particularly suited to high-volume payment flows. These are characteristics that serve both legitimate users and those seeking to move value at scale with minimal friction.

Transaction volume: blockchain analytics traced $1.18B in on-chain flows

Total transaction volume flows reached $1.16B received, and $1.16B sent– figures that reflect sustained monthly growth and confirm that crypto-funded payment cards are transitioning from niche products into a mainstream payment segment.

Year-over-year growth 2024-2025

Above: Chart showing year-over-year growth patterns of crypto payment card services from January 2024 to January 2026, illustrating that in- and outflows closely mimic each other throughout the covered period. Source: Crystal Intelligence.

 

Year	Total Received	Total Sent
2024	$415.5M	$410.7M
2025	$689.8M	$690.3M

Inbound volume grew approximately 66% year-over-year. Monthly volumes rose more than fivefold from January to December 2024 and continued to exceed $50 – 75M per month throughout 2025. Notable peaks include November 2025 ($76.8M received) and December 2025 ($74.4M received) – the highest monthly volumes in the dataset.

January 2026 recorded $60.3M received and $62.3M sent, suggesting the elevated pace has continued into the new year.

Large exchange-linked crypto-funded payment card programs

Crystal conducted a separate analysis of a Hong Kong-based VASP offering crypto-funded Visa cards alongside centralized exchange services. The value of its on-chain volumes -$2.04B received, and $2.56B sent-exceeds the entire aggregated dataset of smaller providers. Because the licensed VASP operates as a full exchange, it was excluded from the primary analysis to prevent it from distorting results.

High-risk exposure: $161.7M in high-risk inflows at dedicated crypto-funded payment card providers

Across the analyzed wallets, Crystal identified $166.4M in high-risk flows, dominated by high-risk inflows ($161.7M). The breakdown reveals a concentration in gambling, but with material exposure across a range of serious financial crime categories.

Entity Type (Total Flows)	Received	Sent
Gambling ($153,8M)	$153,628,456	$147,805
Sanctions ($3,8M)	$2,551,348	$1,266,785
Stolen Coins ($3.5M)	$1,325,033	$2,191,928
Scams ($2.5M)	$1,906,157	$618,978
Mixers ($1.7M)	$1,577,635	$107,892
Illegal Services ($1.5M)	$1,469,866	–
Dark Market ($593,000)	$429,345	$163,296
Ransom ($238,000)	$59,331	$178,391
Terrorism Financing ($6,151)	$261	$5,891
Total ($166,4M)	$161,711,439	$4,680,965

Above: Chart illustrating the dominance of high-risk inflows (97.18%), in particular, gambling. Source: Crystal Intelligence.

 

Gambling accounts for 92.4% of high-risk flows by volume. However, the presence of sanctioned entities, mixers, dark market addresses, and terrorism financing indicators – even in smaller proportions – is notable. At this transaction scale, even a fraction of a percent represents a meaningful absolute value.

Above: Chart illustrating the dominance of gambling (92,4%, or $153.8M)in overall high-risk flows, while also detecting other risk vectors, however small. Source: Crystal Intelligence.

Case studies: what on-chain tracing reveals about platforms whose primary product is crypto-funded payment cards

Case Study #1: Unlicensed Entity A

Entity A is a crypto-based financial services platform offering virtual payment cards and payment infrastructure for online and offline transactions. The platform was identified as operated by a company registered in Georgia that does not hold a license to conduct virtual asset activity. Entity A linked wallets processed approximately $478.8 million in inflows and $378.4 million in outflows on the TRON network.

Above: Among identified counterparties, inbound transactions show notable interaction with gambling-related services (~30.1%), as well as licensed and unlicensed exchanges, while the remaining portion consists largely of unidentified entities. Outbound flows include transactions to licensed exchanges (~4.6%), unlicensed exchanges (~3.0%), and gambling-related entities, with most destinations remaining unattributed. Source: Crystal Expert.

 

Despite its unverified licensing status, the platform promotes crypto-to-fiat conversion, team payouts, international payments, QR-based retail transactions, and virtual card issuance with 3-D Secure authentication, all operating through a major card network via BIN sponsorship.

Crystal discovered two BIN sponsors (issuing banks) in as many jurisdictions offering three such services via a major card network that would not have control over the onboarding procedures for the end-user.

On-chain tracing for case study 1

To better understand the flow of funds through the platform, Crystal Intelligence conducted an on-chain tracing analysis of transactions associated with Entity A-linked wallets. The analysis aimed to identify key counterparties, transaction patterns, and potential exposure to higher-risk entities. The results show interactions with entities associated with elevated financial crime risk, including sanctioned entities, gambling platforms, and fraud-linked wallets.

Above: As illustrated in the on-chain tracing, funds from multiple sources are routed through intermediary wallets before reaching Entity A infrastructure. Some of these sources include wallets that later interact with sanctioned entities, including addresses linked to the United States Office of Foreign Assets Control (OFAC) and the National Bureau for Counter Terror Financing of Israel (NCBTF). Source: Crystal Expert.

After reaching Entity A–controlled wallets, portions of the traced funds are transferred onward through additional intermediaries. In several observed paths, funds move from Entity A to wallets that later interact with sanctioned entities, gambling platforms, and wallets linked to terrorism financing reports.

The flows also show repeated interactions with gambling-related entities, indicating that part of the activity is connected to gambling services within the crypto ecosystem.

Once converted into platform balances, these funds can be used for virtual card payments or online transactions, which appear within traditional payment networks as standard card activity. From the inbound side, this demonstrates how funds originating from high-risk or illicit sources are converted into spendable balances. From the outbound side, flows show funds moving to high-risk counterparties, indicating that these funds can both integrate into the traditional financial system and continue to circulate within high-risk activity.

Without blockchain tracing capabilities, the origin of these funds would remain largely invisible to participants within the conventional financial system.

Case Study #2: Unlicensed Entity B

Entity B advertises virtual payment cards funded directly with cryptocurrency and does not require identity verification at onboarding. Users can obtain and fund cards without completing KYC, although the platform includes a general statement referencing compliance with AML and regulatory requirements. Entity B–linked wallets processed approximately $4.23 million in inflows and $4.90 million in outflows on the BNB Smart Chain (BSC).

Meanwhile, the platform references Canada as its jurisdiction but discloses no verifiable legal entity or license.

Above: Among identified counterparties, inbound transactions show interaction with unlicensed exchanges (~11.8%), online wallets (~13.2%), payment processors (~4.7%), and gambling-related services (~6.2%). Outbound flows include transactions to licensed exchanges (~27.0%), unlicensed exchanges (~12.0%), and gambling-related entities (~7.7%). Source: Crystal Expert.

Crystal’s investigation identified three BIN sponsors across multiple jurisdictions supporting four crypto-funded card services with limited or no KYC requirements across two major card networks. As with similar structures, issuing entities do not maintain visibility into end-user onboarding, limiting their ability to assess identity-related risks.

On-chain tracing for case study 2

Further blockchain tracing identified direct interactions between Entity B–linked wallets and several high-risk entities. The observed transaction patterns are consistent with potential off-ramping activity, in which crypto originating from higher-risk sources is consolidated within service wallets before being converted to fiat and spent via card infrastructure.

Once converted into card balances, these funds can be spent through major card networks, appearing as standard payment transactions to merchants and acquiring banks. Without blockchain analytics, the origin of these funds would remain largely invisible within the traditional payment ecosystem.

Above: Funds originating from sources associated with gambling platforms, sanctioned entities, and addresses reported for fraud were transferred to wallets linked to Entity B infrastructure. Source: Crystal Expert.

The KYC compliance gaps our case studies of crypto-funded payment card platforms reveal

Both cases illustrate the same structural problem. Funds from high-risk sources enter the crypto card infrastructure, are converted into card spending power, and re-emerge in the traditional payment ecosystem as indistinguishable from any other card payment. The crypto origin disappears entirely from view. Without blockchain tracing, there is no mechanism within the card network to detect or flag it.

BIN sponsorship: how crypto-funded payment cards enter traditional payment networks

Crypto-funded card programs depend on regulated financial institutions – issuing banks and BIN sponsors -to access payment networks. Ultimately, Crystal identified 54 BINs associated with over 35 crypto-funded card providers in nine countries, with several issuers operating across multiple jurisdictions.

These issuers operate across Hong Kong, Estonia, Lithuania, the UK, Poland, Spain, Canada, Malaysia, and the United States. In many cases, the issuing bank is not disclosed by the crypto card provider and can only be identified through BIN analysis, limiting visibility for compliance and monitoring.

The charts below present these findings across five dimensions: overall KYC distribution, card network split, no-KYC VASP concentration by BIN, issuer entity frequency for no-KYC programs and no-KYC BIN distribution by jurisdiction.

Above: Of the 54 BIN records identified across 35 crypto-funded payment card providers, 32 (59%) operate without KYC requirements at the point of card issuance, enabling cardholders to transact using crypto-backed funds without identity verification. Source: Crystal Intelligence.

Above: Hong Kong (48%) accounts for the largest share of no-KYC BIN records by jurisdiction, followed by the USA (19%). Source: Crystal Intelligence.

BIN concentration

Across the 32 no-KYC BIN records identified, 22 unique BINs were observed. A small subset of these BINs is shared across multiple crypto-funded payment card providers, accounting for a disproportionate share of the total records, while the majority are used by a single provider.

One BIN represents the highest concentration risk, being used by seven distinct crypto-funded payment card providers, equivalent to 22% of all no-KYC records. A limited number of additional BINs are shared across multiple providers, while most remain exclusive to a single entity.

This concentration highlights a structural dependency on a small number of BINs, pointing to a limited set of issuing entities enabling a significant portion of anonymous crypto-funded payment card access.

Jurisdictional distribution

No-KYC crypto-funded payment card issuance is geographically concentrated, with Hong Kong accounting for nearly half of all identified records (47%). The United States follows with 16%, while the Netherlands and Singapore each represent smaller shares. The remaining jurisdictions, including Ukraine, Spain, the United Kingdom, Iceland, Brazil, and Morocco, each account for a minimal portion of activity.

This concentration reflects the role of certain jurisdictions as key incorporation hubs for crypto-adjacent financial service providers, particularly those operating crypto-funded payment card infrastructure with limited KYC requirements.

Above: A single issuing group (BIN Sponsor A) is identified as the dominant provider of no-KYC. More broadly, a small number of issuer entities account for the majority of no-KYC exposure, suggesting that issuer-level compliance interventions could have an outsized impact on reducing anonymous card access. Source: Crystal Intelligence.

 

The findings point to a concentrated structural risk, in which a limited number of issuing entities and BIN sponsors drive a disproportionate share of no-KYC crypto-funded payment card activity. This concentration amplifies systemic exposure, as weaknesses at the issuer level can scale across multiple providers and jurisdictions.

Issuing banks and BIN sponsors face potential financial crime exposure when onboarding or transaction monitoring controls are insufficient. Card issuers typically monitor card transactions but have limited or no visibility into the crypto transactions used to fund card balances. This is where the compliance gap materializes: funds originating from high-risk sources can enter the traditional payment system after crypto-to-fiat conversion, and the risk does not travel with them.

Regulatory implications 

• Cross-domain AML oversight:
  Crypto AML frameworks and card network compliance may operate independently. Crypto-funded cards bridge these systems, but no single regulatory authority currently oversees both ends of the transaction chain. Cross-domain oversight mechanisms – requiring coordination between crypto regulators and card network supervisors – are not yet standard practice in most jurisdictions.
• BIN sponsor due diligence: 
  Banks sponsoring BINs for crypto-funded card programs face increasing scrutiny. Enhanced monitoring of crypto card programs, minimum KYC standards for card issuance, and stricter onboarding requirements for program partners are likely to become baseline regulatory expectations as awareness of this risk vector grows.
• Transaction monitoring integration: 
  Financial institutions interacting with card networks may unknowingly process transactions funded by unverified or high-risk crypto. Transaction monitoring systems can be enhanced by incorporating known crypto card program indicators – including BIN lists, card issuer identifiers, and known deposit wallet addresses – to surface these flows before they clear undetected.

The role of blockchain analytics in addressing the KYC gaps of crypto-funded payment cards

Traditional payment monitoring cannot see where funds originated before they entered the card program. This is a structural limitation, a gap that better card-side monitoring alone cannot close.

Blockchain analytics provides the investigative layer that directly addresses this. Crystal Expert enables compliance teams and investigators to:

• Trace the origin of funds before card loading
• Identify high-risk upstream activity – sanctions exposure, darknet interactions, mixer usage
• Map funding flows between crypto platforms and card issuers across 330+ blockchains

This visibility is not a complement to existing compliance frameworks: for crypto card programs, it is a prerequisite. The case studies demonstrate that the activity that matters most occurs on-chain, before the card transaction takes place. That is precisely where the monitoring gap is largest, and where blockchain analytics is the only tool that can close it.

The compliance blind spot

Crypto-funded payment cards are growing rapidly, processing hundreds of millions of dollars annually, and operating in the space between crypto compliance frameworks and traditional card network oversight. The ecosystem includes providers with no KYC, no disclosed legal entity, and no VASP license – yet they issue cards running on Mastercard and Visa infrastructure through regulated issuing banks.

This is the compliance blind spot: Crystal’s on-chain analysis traced over $166M in high-risk inflows across 78 identified wallets. The two case studies demonstrate how funds linked to sanctions, gambling, and fraud reach traditional payment networks undetected.

The monitoring gap will not close solely through card transaction monitoring. It requires blockchain analytics to trace the source of funds before the card is loaded – and that capability exists now.

This is the latest installment in Crystal Intelligence’s Compliance Blind Spots series. Read the previous entries: Cash-to-Crypto Risks and Mobile Wallets and the Hidden Infrastructure of Crypto Settlement.