Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore the massive fraud vulnerabilities in Germany's flagship Deutschlandticket transport policy through this detailed conference talk from the 39th Chaos Communication Congress. Discover how the rushed implementation of a unified national ticketing system across thousands of decentralized German transport companies created opportunities for industrial-scale fraud, resulting in hundreds of millions of euros in losses compensated from state and federal budgets. Learn about the political, policy, and technical mistakes that led to this crisis, including the investigation of fraudulent tickets from d-ticket.su using compromised private signing keys and the widespread SEPA Direct Debit fraud where criminals mass-purchase tickets with invalid or stolen IBANs before reselling them on Telegram. Examine the specific technical vulnerabilities in the ticketing infrastructure, understand how fraudsters exploit the immediate ticket issuance before payment verification, and analyze the inadequate revocation systems that fail to address fraudulent transactions. Gain insights into the detective work involved in tracking down fraudsters through their operational mistakes, the uncooperative responses from responsible parties, and the broader implications for secure digital payment systems. Consider the lessons learned from this transportation policy disaster and explore potential solutions to ensure the Deutschlandticket's viable future while maintaining the balance between accessibility and security in large-scale digital infrastructure projects.
