Payment biz pulls plug on open source charity after KYC spat

Free Software Foundation Europe says it was asked for supporters' passwords; Nexi insists it only wanted test credentials to check cancellation flows

by · The Register

The Free Software Foundation Europe says its electronic-payments provider Nexi Group unexpectedly "cancelled" its account – cutting the charity off from around 450 donors.

The latest blog post from the charity, which helps to support free software, claims that over the past few months, Nexi requested "access to private data, which we understood to be specifically the usernames and passwords of our supporters. We have refused this request."

FSFE claims that efforts to "clarify" the request and why this data was "necessary and legal" were met with "vague and unsatisfactory explanations relating to a general need for risk analysis."

"Subsequently, we found ourselves unable to receive credit card donations through Nexi's system. In the afternoon of 10 March, we were further informed that our contract had been cancelled a few days prior on 7 March, due to our supposed failure to meet their deadline to fulfil their request. This deadline was not communicated to us beforehand, despite us having been Nexi's customer for the past 15 years."

The "more than 450 current FSFE supported that use automatic renewal with credit or debit card are impacted by Nexi's decision, and the non-profit says it has prepared a transtion to a new payment provider, though "existing supporter accounts cannot be migrated automatically."

A spokesperson at Nexi Group told The Register that to comply with fraud prevention requirements imposed by the German financial regulator BaFin, it contacted customers - merchants and service providers - including FSFE, to carry out additional checks under the Know-Your-Customer (KYC) process.

"In the case of the FSFE, this process could not be completed due to a lack of response from the customer, which ultimately led to the termination of the agreement."

It added: "As regards the request for data, Nexi would never, as a matter of principle, ask for other users' personal login details or passwords. In this specific case, Nexi merely requested test login details in order to properly check the portal and ensure that users can cancel their access, thereby avoiding subscription traps.

"This request for test access appears to have led to a misunderstanding, and we have reached out to FSFE to follow up on this."

It is worth noting that the FSFE is not part of the United States-based Free Software Foundation — it's one of several sister organizations, not subsidiaries, along with the Free Software Foundation India and the Free Software Foundation Latin America.

Notably, the organization distanced itself from the original FSF when it learned that Richard Stallman had returned back in 2021, although it still works alongside the American organization. ®

The DMA hasn't changed Big Tech's anticompetitive DNA, says Free Software Foundation EuropeAdvocacy group wants more changes, starting with Device NeutralityThomas Claburn, 07 Mar 2024Nanny state discovers Linux, demands it check kids' IDs before bootingOpinion: Age-verification laws target operating systems because apparently teenagers having root access is now a safeguarding crisisSteven J. Vaughan-Nichols, 13 Mar 2026Rust Foundation tries to stop maintainers corroding: Memory safety costs money: Maintainers Fund to directly pay developers for their workRichard Speed, 05 Nov 2025Open source devs consider making hogs pay for every downloadOpinion: Careless big-time users are treating FOSS repos like content delivery networksSteven J. Vaughan-Nichols, 28 Feb 2026