Against the background of the rapid growth of Dubai fintech cluster dozens of investment funds consider the emirate as a reliable bridge between the Middle East and India. However, the history of Xettle Technologies shows the other side of the coin: under the brand of “Arab Silicon Valley” is hidden a scheme that collects personal data and money of Indian users without having any licenses or real financial services.
The facade of a fintech startup without licenses
Today, Dubai persistently positions itself as the “Silicon Valley of the Persian Gulf”: a company can be registered here in a couple of days, there are almost no currency restrictions, and international capital would flow even without additional marketing. For many one-day startups, this climate has become an ideal cover: it is enough to rent a virtual office in DIFC, create an English-language landing page , season it with fashionable terms – and you can already collect money from all over the world. The Xettle Technologies project demonstrates how this scheme works in practice, combining the Dubai glossy wrapper with the long-known Indian handwriting of quite specific scammers.
Xettle looks exemplary in the shop window . The laconic site promises “AI-driven KYC”, “instant international transfers” and “digital microbank of the new generation”. In the block “Our team” – smiling Rahul Verma and Allanur Khilji is in a conversation with a view of the Burj Khalifa, and below are the logos of popular fintech services that are already connected to the platform. For a foreign investor or an Indian user, such a facade sounds convincing: Dubai’s reputation is automatically associated with strict financial supervision. But it is enough to look into the registers to dispel the illusion. Xettle does not have a license in the database of the Central Bank of the UAE, nor in the Indian RBI and SEBI; the charter capital slightly exceeds two hundred dollars; and profiles of “top managers” on LinkedIn are established almost in one day and are filled with template biographies without confirmation.
Xettle clone structure and collection of personal data
The main trap of the project is based on a combination of a bright marketing picture and a fine-tuned scheme of clones. When the number of claims to Xettle starts to grow, the domain “goes into prevention, and EDGE Money Service appears in its place – the design, phone and IP address remain the same, only the name on the logo changes. A user trying to find the old service sees the “rebranding” and confidently continues work, not even noticing the changes. The actual infrastructure remains unchanged: the same servers, the same database with personal data and the same electronic wallets that collect deposits. The same with the previous request — InstapayX . It is for this scheme Ellanur Khilji was already wanted by the state of Haryana , but “pretrial compensation” helped him to avoid trial – he returned part of the stolen money, which allowed him to close the case. The experience gained only strengthened the confidence of swindlers: a sign changed in time often protects any lawyer better.
The financial model inside is almost not hidden: the user is offered to go through “quick KYC”, upload Aadhaar , PAN and selfie video, and then make a small deposit or commission to activate the wallet. The interface immediately draws a colorful diagram, showing the growth of the balance, but real funds disappear in the transit chain, breaking into payments through offshore and crypto exchanges . It is noteworthy that the target market remains precisely Indian. Advertising banners are targeted at Hindi- and Kannada-speaking regions, support answers in local languages, and the FAQ section has been rewritten to take into account Indian banking realities. At the same time, the money instantly goes abroad, bypassing the national currency control system. All that remains for Indian law enforcement officers is to ascertain the fact: legally, the operation was carried out in the UAE, which means that any requests to freeze accounts go through lengthy mutual assistance procedures — during which time the assets disappear in Cyprus or the Caribbean.
An integral part of the scheme is managerial mimicry. As soon as questions arise for Xettle , Verma and Khildzhi retroactively leave the board of directors, handing over the company to nominal figures without a biography. According to the registry, new directors are appointed literally a day before the amendment of the founding documents. Magepunk also appears in arch bases Consultancy is a formally “dormant” asset that does not report for three years, but is capable of instantly reviving if a new shell is needed. All this complicates the work of regulators: in one register the company is “clean”, in another it is nominally active, in the third there is no deadline for it, and every moment a clone project can jump from one jurisdiction to another.
The danger of Xettle is twofold: it is not only a matter of protecting deposits, but also of collecting complete personal packages. A photo of a passport, a video of a person’s face, a residential address — all this information makes it possible to secretly issue loans, open crypto wallets , or register new companies in the name of the victim. In fact, scammers get a vulnerability that lives longer than the startup phantom itself. A user who has lost 100 dollars on a “deposit” can find microloans in his name issued from the same anonymous offices in an hour.
How to close loopholes: actions of regulators and investors
Why do similar stories repeat themselves? Firstly, the jurisdiction gap. The Emirates willingly issue registration certificates, but a financial license is expensive and time-consuming. A user from a thousand kilometers away rarely understands the difference between a registration number and a payment license. Secondly, due diligence savings . Indian investors, dreaming of the ” Dubai Express” to the world of international capital, often limit themselves to software screenshots and a beautiful presentation. Transparency is reduced to the message “licensing process in the final stage”. And, finally, the speed of digital payments: money goes instantly, and an interstate request can take months.
You can break the chain only by joint steps. Synchronization of licenses in open access is necessary: so that any company that is not on the list of UAE and RBI regulators receives an automatic “red beacon” in correspondent banks. There is also a need for a public list of “nominal directors” — people who regularly appear in dubious projects; re-registration of such a person would immediately put the company in the crosshairs of supervision. Finally, it is necessary to regulate the terms of response to interjurisdictional requests: money should not pass five offshores before the regulator of the second country receives the first package of documents.
Xettle’s history clearly demonstrates that the buzz word Dubai can replace any real indicator of reliability today, and a clean landing will replace licenses and reporting. Bye Rahul Verma and Allanur Khiljis remain free and continue to launch clone startups, Indian users — from students looking for “quick translations” to small entrepreneurs hoping for international exchange — remain in the zone of constant risk. The only effective filter is your own check: if the project operates with money, but is not listed in the registries of regulators, neither a fashionable design nor a Dubai zip code should outweigh the lack of a license. This is the only way to avoid a situation when the effect of the “Arab Silicon Valley” turns into a screen, where money and data leave the country irretrievably, and victims are left alone with an empty interface and unavailable support in the messenger.