The payment service provider Nexi, through which the Free Software Foundation Europe (FSFE) has processed donation payments, has terminated its contract with the non-profit organization without prior notice. Donations from more than 450 supporters are affected.
The FSFE is informing about the incident on its website. Affected donors will also receive an email explaining the situation. Those who donate to the FSFE via direct debit or have set up regular credit card donations before November 18, 2025, are affected by this. Nexi has stopped processing payments there.
The reason, according to the FSFE, is that the payment service provider Nexi S.p.A, or Nexi for short, requested access to private data a few months ago, which the FSFE interprets as access to the supporters' usernames and passwords. The FSFE did not comply with this. In response to inquiries about why this information was necessary and whether it was legal, the FSFE received only "vague and unsatisfactory explanations, referring to generally required risk analyses."
Plug pulled
Ultimately, the FSFE stopped receiving donations through Nexi's system. On March 10, the organization received notification that the contract was terminated on March 7, 2026, because the deadline for data transmission had not been met. However, the organization stated that it was not aware of any such deadline.
The FSFE had already prepared for the switch to a new payment service provider, but an automatic transfer of supporter accounts is not possible. The more than 450 affected supporters must take action to process their donations through the new provider. The FSFE is now seeking public attention because, based on experience, some people do not receive or read emails from the organization. This causes the organization to lose donors, which noticeably impairs its work for free software.
The FSFE cannot understand Nexi's decision. Lately, the organization has provided extensive FSFE documents for the security audit conducted by Nexi. This also included information from senior executives. All questions were answered. However, the FSFE had to draw the line where Nexi demanded access to confidential and private supporter data.
Nexi Germany GmbH told heise online: „The situation with our former client FSFE arose in the context of updating our KYC procedure, which could not be completed in this case and led to the termination of the account due to a lack of response from the client. As for requesting data: We would never, under any circumstances, ask for other users’ login credentials or passwords. In this specific case, we merely requested test login credentials to verify the portal and ensure that users could cancel their access to avoid subscription traps. This request for test access apparently led to a misunderstanding, for which we apologize to FSFE. Our Customer Service Team will be contacting FSFE shortly regarding this matter.“
The organization has already updated the information on the FSFE donation page. Affected individuals can set up their donations through the new provider here.
Update
Added statement from Nexi Germany GmbH.
(dmk)
Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.
This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.