All my Deutschlandtickets gone: Fraud at an industrial scale [video]
media.ccc.deGermany has missed the digitalisation train, but how long will it continue to miss it for?
At least, transparent issues like this one can only help.
The problem is the lack of centralization - there should obviously only be one issuer of this ticket and thus just only one website / app to keep bug free.
Lack of centralization is one part of it (see also: communal digital services), yes, but the complete lack of standards and guidelines is also a massive issue. I tried buying a Deutschlandticket from the DB Navigator app a while back, and immediately ran into some issues:
- they only take credit card, probably because of the massive SEPA fraud they've had happen
- they require id verification with a third party(!), which then only supports the e-perso(!!) or video ident(!!!), which they could've just used the actual PostIdent service for, which would've provided an alternative for non-smartphone-havers / people who'd rather not have their ID and face recorded by some Eastern European company until the end of time
- their entire authentication system was down when it came to actually purchasing
buying from my local Verkehrsverbund was a single tap in their app instead, with no id verification whatsoever. If DB's offering were the only option it would be an absolute travesty.
Isn’t that one of the problems mentioned in the video? Being able to buy and get the ticket before the payment is fully validated?
(Or did your local Verkehrsverbund require you to use another payment for the initial purchase other than bank transfer?)
Hetzner does this invasive ID flow for credit cards now. Fortunately they don't bother with PayPal.
Airbnb wanted access to my bank account transaction details (via Plaid) a while ago, "to verify my credit card". Hotels have never looked so appealing.
At some point booking.com decided it doesn't want to accept my money because I'm a fraud, apparently, so I use it to search and then book directly at the hotel, and booking.com doesn't get their commission.
Germany has a tendency to wish something into existence with a law, and stop there. No guidelines, no tools, no enforcement. Often not a thought about feasibility. Nothing past the press release.
Sometimes a law will be in effect for two or three years and virtually no one will even know about it. Recycling electronics in supermarkets? Nope. E-Rechnung mandated for all B2B invoices? In your dreams.
I work at the other end of the spectrum, reducing friction for new immigrants to Germany. I find it especially frustrating. I could explain how things should be, but it would be pointless when reality is far more disappointing.
As German speaking person, we can be glad it’s not a fax ticket.
Is there a similar ticket, flat for 50 Dollar per month, that takes you through the US? I wonder who pays for the real cost of the ticket, who cleans and repairs the trains, who invests in infrastructure and all that. I always wonder how the germans can pull this off for 50 Euro. Magic.
> I wonder who pays for the real cost of the ticket
Everybody already has local regional tickets anyway. And most people can't be in more then one place at the time anyway. And most people stay in the same region most of the time anyway.
So really you are not losing much compared to having separate local region tickets in a system where the long distance trains are separated.
> who cleans and repairs the trains
The already existing organizations that have run the trains for a long time.
> who invests in infrastructure and all that
The government ...
> I always wonder how the germans can pull this off for 50 Euro. Magic.
Its not magic its just a transportation policy and taxes.
Not sure I understand your point about
Everybody already has local regional tickets anyway. And most people can't be in more then one place at the time anyway. And most people stay in the same region most of the time anyway.
I live in Rostock. So if I want to go to Berlin or Hamburg (you know, where stuff like actual airports are) I am crossing "regional borders" even if it is a 200-250 km trip to each city
Continental USA: 8 million square kilometer.
Germany: 0.35 million square kilometer.
On the point of the upkeep, locals know German trains are now legendary for unpunctuality and cancellations, so maybe it's not working. But the answer is obviously (trigger warning for the libertarians...) taxes.
The ticket came about because energy prices went crazy after their energy dealer Putin went crazy and warry, I think it was an attempt to motivate people to take public transport rather than have them moan about fuel prices going way way up...
fyi regional trains (which the deutschlandticket is valid for) are very punctual, it is the long distance/ICE trains that are always late/broken, and you cannot ride those with thw deutschlandticket anyways.
Are you crazy? I use local trains daily and they are everything, but punctual. Also, S-Bahn? Worst service ever.
idk what to tell you except that your personal experience does not generalize, see https://www.deutschebahn.com/de/konzern/konzernprofil/zahlen...
the regional trains run by regional orgs rather than db get similar results, e.g. bwegt in baden württemberg or beg in bavaria
https://beg.bahnland-bayern.de/de/aufgaben/kontrollieren/pue...
https://vm.baden-wuerttemberg.de/de/mobilitaet-verkehr/bahn-...
no they are not. source: i am german and i use regional trains occasionally
thats great, but they are on time 85% of the time vs long distance trains' 62%
https://www.deutschebahn.com/de/konzern/konzernprofil/zahlen...
see my other comment too
Most local and S-Bahn trains in Germany are pretty decent, data is pretty clear on this. Its not Swiss level but still pretty good. Nothing compare to ICE.
not sure what you count RB/RE as, but they are absolutely broken as well in my experience.
The german trains, even at their worst, are so much better than anything in the US. Complaining can also be a sport in Germany. Take a ride on Njtransit or the NYC subway to appreciate the difference. Or try to get anywhere in New Jersey without a car. In many parts of Germany, you can get almost anywhere conveniently with only public transportation.
what’s going on in New York is irrelevant. The trains in Germany are largely bad. Bad enough that I don’t use them unless I have to. Once they’re at that stage it doesn’t matter how much worse they get for me, I still won’t use them.
Uh, I received a call from my credit card company saying that train tickets were bought using my card in Germany. I told them I haven't been in Germany for the last decade, and was issued a new card.
So at least your credit card issuer (presumably) actually has a working fraud department.
In the private sector, fraud detection is often heuristic based. So this was probably flagged because you didn't buy German railway tickets in the recent past and maybe even you didn't buy anything else in or near Germany.
I remember years ago getting a decline on a credit card transaction to pay for one of my ISPs, and then hours later a phone call. My bank apparently didn't understand (yet, this is years ago) that ISPs are like, not necessarily physically nearby and so since the ISP is on another continent and I had no other nearby transactions it was flagged as likely fraud.
tl;dw please?
There's a summary directly below the video (though its not a very good summary). Basically, it's easily to generate valid tickets with fake bank credentials, which then get canceled later (but after already being resold).
"Transcript" it's called :)
That's... a totally different thing. There is actually a summary though below the video.
ChatGPT managed the following given the submitted source URL and the prompt "summarize the key technical facts into two sentences suitable for a hacker news comment".
Deutschlandticket fraud stemmed from decentralization and weak controls: tickets were issued instantly on unverified SEPA debits, and a leaked or mismanaged signing key let attackers mint valid tickets at scale. Poor revocation and fragmented verification meant many fraudulent tickets still scanned as valid, enabling mass resale and huge losses.
This is a good concise summary, regardless of provenance.
Instead of making a fuss, have you considered taking another look at the video page? It includes a summary that helps show why those technical facts are actually relevant in the context of German society, and hints at how those things came to happen. I would normally not bother with a comment, but this time I'm genuinely curious as to how someone might have missed scrolling down to see the summary.
(edit: the fussy bit, where the poster complains about downvotes, has been edited out. I'm leaving my comment the way it is.)