Nex Payment Business Shuts Down Open‑Source Charity After KYC Dispute

The dispute began when Nexi Group, the Italian payments processor that has handled the Free Software Foundation Europe’s (FSFE) donations for 15 years, issued a Know‑Your‑Customer (KYC) request that the charity says demanded the usernames and passwords of its supporters. According to The Register, FSFE’s blog post claims the provider “requested access to private data, which we understood to be specifically the usernames and passwords of our supporters” and that the charity refused the request, citing privacy concerns. Nexi’s response, also reported by The Register, frames the request as a routine fraud‑prevention measure mandated by Germany’s financial regulator BaFin, and insists it never asks for actual user passwords, only “test login details” to verify cancellation flows and avoid subscription traps.

FSFE says the lack of a clear deadline or explanation for the data request left it unable to comply, prompting Nexi to terminate the contract on 7 March—a decision the charity only learned about on 10 March when its payment gateway stopped processing credit‑card donations. The Register notes that the termination immediately affected more than 450 recurring donors who use automatic renewal, forcing the nonprofit to scramble for an alternative processor. Because supporter accounts cannot be migrated automatically, FSFE will need to ask each donor to re‑enter payment details, a process that could jeopardize a significant portion of its fundraising pipeline.

Nexi’s spokesperson told The Register that the KYC check “could not be completed due to a lack of response from the customer,” and that the termination was a last‑resort action after the charity failed to meet the undocumented deadline. The company also clarified that the request for “test access” was intended solely to confirm that users could cancel subscriptions without falling into “subscription traps,” and that any misunderstanding stemmed from the phrasing of the request. Nexi added it has reached out to FSFE to resolve the issue, but the charity’s public statements suggest no satisfactory resolution has been reached.

The episode underscores the tension between stringent European AML/KYC regulations and the operational realities of non‑profit organisations that rely on low‑friction donation flows. While BaFin’s rules aim to curb fraud, they can impose burdensome data‑collection demands that clash with the privacy‑first ethos of the free‑software community. FSFE’s experience highlights how a mis‑aligned compliance request can disrupt a charity’s revenue stream, especially when the provider’s communication is “vague and unsatisfactory,” as The Register puts it.

Industry observers note that the incident arrives at a time when payment processors are under heightened scrutiny from regulators across the EU, and many are revisiting their KYC protocols to balance legal obligations with customer‑experience concerns. Although the story has not attracted comment from other payment‑industry analysts, the broader context suggests that similar disputes could emerge as regulators tighten AML standards, potentially prompting non‑profits to seek providers with more transparent compliance frameworks or to build in‑house payment solutions. For now, FSFE is transitioning to a new provider, but the loss of automatic renewal data may have a lasting impact on its fundraising capacity.