The problem is the lack of centralization - there should obviously only be one issuer of this ticket and thus just only one website / app to keep bug free.
Lack of centralization is one part of it (see also: communal digital services), yes, but the complete lack of standards and guidelines is also a massive issue. I tried buying a Deutschlandticket from the DB Navigator app a while back, and immediately ran into some issues:
- they only take credit card, probably because of the massive SEPA fraud they've had happen
- they require id verification with a third party(!), which then only supports the e-perso(!!) or video ident(!!!), which they could've just used the actual PostIdent service for, which would've provided an alternative for non-smartphone-havers / people who'd rather not have their ID and face recorded by some Eastern European company until the end of time
- their entire authentication system was down when it came to actually purchasing
buying from my local Verkehrsverbund was a single tap in their app instead, with no id verification whatsoever. If DB's offering were the only option it would be an absolute travesty.
ChatGPT managed the following given the submitted source URL and the prompt "summarize the key technical facts into two sentences suitable for a hacker news comment".
Deutschlandticket fraud stemmed from decentralization and weak controls: tickets were issued instantly on unverified SEPA debits, and a leaked or mismanaged signing key let attackers mint valid tickets at scale. Poor revocation and fragmented verification meant many fraudulent tickets still scanned as valid, enabling mass resale and huge losses.
Germany has missed the digitalisation train, but how long will it continue to miss it for?
At least, transparent issues like this one can only help.
The problem is the lack of centralization - there should obviously only be one issuer of this ticket and thus just only one website / app to keep bug free.
Lack of centralization is one part of it (see also: communal digital services), yes, but the complete lack of standards and guidelines is also a massive issue. I tried buying a Deutschlandticket from the DB Navigator app a while back, and immediately ran into some issues:
- they only take credit card, probably because of the massive SEPA fraud they've had happen
- they require id verification with a third party(!), which then only supports the e-perso(!!) or video ident(!!!), which they could've just used the actual PostIdent service for, which would've provided an alternative for non-smartphone-havers / people who'd rather not have their ID and face recorded by some Eastern European company until the end of time
- their entire authentication system was down when it came to actually purchasing
buying from my local Verkehrsverbund was a single tap in their app instead, with no id verification whatsoever. If DB's offering were the only option it would be an absolute travesty.
tl;dw please?
"Transcript" it's called :)
ChatGPT managed the following given the submitted source URL and the prompt "summarize the key technical facts into two sentences suitable for a hacker news comment".
Deutschlandticket fraud stemmed from decentralization and weak controls: tickets were issued instantly on unverified SEPA debits, and a leaked or mismanaged signing key let attackers mint valid tickets at scale. Poor revocation and fragmented verification meant many fraudulent tickets still scanned as valid, enabling mass resale and huge losses.
This is a good concise summary, regardless of provenance.