Payment biz pulls plug on open source charity after KYC spat

In the world of financial technology, where KYC (Know Your Customer) procedures are the foundation of security, a clash of civilizations has occurred. On one side, we have Nexi Group, the European electronic payments giant; on the other, the Free Software Foundation Europe (FSFE), a non-profit organization guarding software freedom and data privacy. The result? A sudden contract termination, the cutting off of funds from 450 regular donors, and mutual accusations of misunderstanding basic principles of digital security.

The conflict, which led to the end of a 15-year collaboration, began with a mundane request for verification. According to the FSFE, Nexi demanded access to private data that the organization interpreted as the logins and passwords of its donors. In the open source world, where user privacy is treated almost as sacred, such a request triggered immediate resistance. On the other hand, Nexi claims there was a fatal misunderstanding, and their goal was merely to obtain test data to verify whether the subscription cancellation process works correctly and does not constitute a consumer trap.

Bureaucratic impasse and disappearing donations

For the Free Software Foundation Europe, the consequences of this decision are immediate and painful. The organization lost the ability to automatically renew payments from nearly 450 donors who supported it regularly using credit and debit cards. Worse still, the migration process to a new payment provider does not allow for the automatic transfer of payment data. This means that each of these individuals must manually set up their support again, which in the world of non-profit foundations usually results in an irreversible loss of a portion of revenue.

The most striking aspect of this case is the manner in which the cooperation was terminated. FSFE claims it learned of the contract termination on March 10, while the actual notice was supposed to have occurred three days earlier. The organization argues that they were never given a specific deadline to provide the requested data, and their requests for clarification of the legal and technical basis of the query were dismissed with generalities about "risk analysis." This is a classic example of a situation where rigid corporate procedures hit an entity for which transparency and data protection are not just marketing slogans, but the foundation of existence.

• 450 donors cut off from automatic payments
• 15 years of uninterrupted cooperation ended in a few days
• No possibility of automatic migration of supporting accounts
• Interpretational conflict regarding the scope of requested authentication data

BaFin regulations vs. open source ethics

Nexi Group defends its position, citing the strict requirements of BaFin (the German Federal Financial Supervisory Authority). In an era of fighting financial fraud and money laundering, payment institutions are forced to conduct increasingly deep verification of their clients. According to a Nexi spokesperson, the request for "test login data" was intended to verify the donor portal for so-called subscription traps. The goal is to ensure that the user can easily opt-out of payments at any time, which is one of the requirements of European consumer law.

From an editorial perspective, it is hard not to get the impression that both parties are speaking completely different languages. For a bank, a "test account" is a standard audit procedure. For an organization like FSFE, which has been fighting surveillance and excessive data collection for years, a request for any access data to systems storing donor information sounds like a hacking attempt. Nexi claims it would never ask for real user passwords, but the lack of precise communication led to a paralysis of which the foundation's financial liquidity became the victim.

"Nexi's approach is a textbook example of how a lack of understanding of the specifics of the non-profit sector and an obsession with KYC procedures can lead to the destruction of trust built over decades."

Consequences for the digital payments ecosystem

This incident sheds light on a broader problem: the growing gap between financial service providers and technology organizations concerned with privacy. As KYC and AML (Anti-Money Laundering) become increasingly restrictive, entities promoting free software and decentralized technologies will more frequently end up on the "blacklists" of automated risk assessment systems. If a payment giant cannot communicate with a reputable organization like FSFE, then smaller open source projects may soon be completely pushed out of the traditional financial circuit.

It is worth noting that the Free Software Foundation Europe is not directly affiliated with Richard Stallman's American FSF (from which it distanced itself in 2021), making it an entity operating fully within European jurisdiction. This makes the conflict with Nexi even more significant — both organizations operate within the same legal system, yet they were unable to reach a compromise that did not end in a funding cutoff.

This situation forces technology organizations to change their strategy. Relying on a single payment provider, especially one that uses opaque risk assessment algorithms, is becoming too risky. FSFE has already announced a move to another provider, but the operational and reputational cost of this change is enormous. This is a lesson for the entire industry: in the world of digital finance, technological sovereignty must go hand in hand with the diversification of funding channels.

In the coming years, we will witness an escalation of such conflicts. Financial institutions, under pressure from regulators such as BaFin or ESMA, will strive for full transparency of their clients' operations. Conversely, pro-privacy movements will put up increasingly tough resistance against sharing data they consider sensitive. If a standard of communication between the "world of procedures" and the "world of privacy" is not established, the non-profit sector will have to look for alternatives outside the traditional banking system, which may accelerate the adoption of crypto-payments in the sphere of public benefit organizations.