39C3: Fraudsters Defrauded the Deutschlandticket of Millions
4 months ago
- #public-transport
- #cybersecurity
- #fraud
- Central blacklist for UIC tickets now used by various transport companies to combat fraud.
- Triangle fraud causes the most damage, with criminals using stolen bank details to buy and resell tickets.
- Total fraud damage estimated at up to 267 million Euros from January to October 2024.
- Illegal shop d-ticket.su sold tickets signed with a stolen cryptographic key, causing at least 2.9 million Euros in damages.
- Security practices of technology partner mo.pla criticized, including vulnerabilities in PayPal payments and refusal to join industry-wide blocking system.
- Key blocking delayed due to vacation and illness of responsible employee, highlighting staffing issues.
- Industry only implemented binding security measures after public pressure, including mandatory bank account verification and secure key management.
- Deutschlandticket price to increase to 63 Euros, with financing secured until 2030.