Enlarge image
Berlin's Governing Mayor Franziska Giffey (SPD, r.) and Bettina Jarasch, Senator for the Environment, Mobility, Consumer and Climate Protection (Greens) are promoting the 29-euro ticket
Photo: Lisi Niesner / REUTERS
Berlin is pushing ahead with a follow-up regulation for the popular 9-euro ticket - and as is sometimes the case when pushing ahead, inaccuracies are not always immediately apparent.
The 29-euro ticket for the Berlin tariff zone AB, which is available for October, November and December, is already available in the customer centers of the Berliner Verkehrsbetriebe and on the BVG website.
However, a subscription is required for this.
New customers who do this online will then receive a confirmation by email.
Sebastian Pertsch is one of them.
However, the Berlin journalist noted that the further procedure described in the e-mail is almost the opposite of forgery-proof, as he explains on Twitter.
Because it can take a few days or even weeks for the BVG to send the new subscribers their chip cards by post.
Until then, according to the email that Pertsch received, you should print out the attached image file of the subscription entry ticket, enter your name and show it to a ticket inspection along with an ID document.
The "subscription entry ticket" itself also says that it is valid when printed out, "in connection with a photo ID of the person specified on the subscription entry ticket".
But Pertsch noticed that the image file is not unique, but the same for every customer, including the QR code for verification.
This can be recognized by the fact that the Internet address (URL) of the image file can be found in the source text of the e-mail.
This address is openly accessible and does not contain any personalization.
In other words, anyone who knows the address and calls it up or has a subscriber's e-mail forwarded can print out the "subscription entry card" themselves and enter their own name.
Inspectors can therefore not immediately determine whether you have really taken out a subscription, i.e. paid for the ticket.
Criminal energy is part of it, but the hurdle to fraud is extremely low.
BVG: "Not clear so far"
When asked, the BVG reacted quickly and a little contritely: The subscription entry card with QR code, a press spokesman told SPIEGEL, “is only valid in connection with the personalized e-mail order confirmation and an ID document.
A printout is not mandatory.
In case of doubt, it is enough to show the e-mail order confirmation and the subscription entry card with QR code on the mobile phone display.« Unfortunately, this is also »not clear so far« in the FAQ on the BVG website, and now they want to »immediately improve it «.
Previously it read:
»As long as you have your VBB-fahrCard
for October 2022
has not yet been delivered, your subscription order confirmation (subscription entry ticket), which was sent to you as a pdf file after the order, is valid as a personal travel authorization, but no longer than October 31, 2022.
Please carry this in printed form and also a personal document with you to identify yourself in the event of an inspection.«
According to the spokesman, everyone who has subscribed online will be “informed promptly by email” that the email is part of the proof, but does not have to be printed out.
"Starting tomorrow, the name will then be entered directly into the subscription entry card, so that there is double security," he continued.
We regret “the unclear communication” and apologize “for any uncertainties”.
Of course, the "unclear communication" could still be exploited.
Forging the email may be a bit more involved than just writing the name on a piece of paper, but it's not difficult.
The inspectors would have to pay for the unclear announcements by the BVG, while fraudsters could hope that any checks, especially in full lanes, would not be so accurate.
In other words, what is "double security" if the security level was previously zero?
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/PHVPFFR6CVG73KXKSA43KOUVPU.jpg)
