Against fraud : Agreement reached on security measures for the Deutschlandticket

After months of back and forth, the German transport companies and associations agreed on new security standards for the Deutschlandticket at the participants' meeting of VDV eTicket Service GmbH & Co. KG on May 6. This means that there is now a contractual framework to curb the systematic fraud that has been rampant on the Deutschlandticket for one and a half years and which, despite the measures agreed, will still grow to the sum of 500 million euros.

In the first ten months of last year alone, a total of 267 million euros was generated by various fraudulent schemes. A working group of the industry associations VDV, BSN and Mofair had already specified and developed proposed technical requirements. These include mandatory bank account verification at the time of purchase, central blocking lists for invalid tickets, secure key management for signing tickets and copy protection measures for cell phone tickets. Key technical steps are to be implemented by June 30. From October 1, only tickets for Germany that meet the new security standards will be valid.

Daniel Ackers, Head of Communication and Strategy at VDV eTicket Service, spoke to heise online of an "industry consensus". "All relevant points on IT security have been agreed. We have thus achieved clear results that are jointly supported by the entire public transport industry. Based on the results of the task force on ticket security, [...] the participants' meeting has thus created the contractual framework conditions that define identical and binding requirements for the secure issue and control of the Deutschlandticket for all market participants." Previously, there were different security requirements for the ticket systems used and also different contractual provisions, which encouraged different types of fraud.

Deutsche Bahn also expressly welcomed the resolutions when asked by heise online. "Our clear goal is to protect our customers and all industry partners from fraud attempts with the Deutschlandticket," explained a Deutsche Bahn spokesperson. The company's change of heart is remarkable – in a similar vote in November 2024, DB Regio had voted against common security standards for the Deutschlandticket, which meant that the necessary majority was not achieved due to DB Regio's high voting weight. Deutsche Bahn has not yet responded to an inquiry about the reasons for the rethink.

Up to 500,000,000 euros in fraud losses

The discussion about uniform safety standards became louder after several large-scale cases of fraud were uncovered –, not least in the context of the debate about the future of the Deutschlandticket. As heise online was able to show, the calculated total damage caused by various fraud schemes is likely to add up to half a billion euros by the time the security measures are fully implemented.

Although it had been clear to those involved since the beginning of 2023 that the rapidly implemented large-scale project was conducive to various fraud scenarios, a lack of overarching responsibility, particular interests of the companies and the resulting failure to agree on uniform security standards led to delays. Some transport associations had already introduced their own security measures. Deutsche Bahn, for example, has required account verification via external service providers since the end of 2023. The Rhein-Main-Verkehrsverbund (RMV) has been using the open banking platform Tink to verify account data for new direct debits since the summer. Nevertheless, fraudsters have repeatedly been able to exploit loopholes at other transport companies, for example through

1. payment fraud, which leads to chargebacks and direct financial losses.
2. Ticket copies: A single ticket is used by multiple copies by different people at the same time.
3. Forged tickets: Technically skilled fraudsters create deceptively genuine forgeries by manipulating the security features.
4. Revenue concealment: Incomplete or manipulated reports of ticket sales by transport companies prevent a fair distribution of revenue.

You can read more about the background in the following investigative article:

(vza)