Paper tickets, like these for the recent UEFA Champions League final, are giving ground to digital tickets, but those are also subject to fraud. (Getty Images)
Security tech keeps advancing, but the bad guys are keeping up. Are there any advances on the horizon that will make scams a thing of the past?
Ticket fraud has come a long way since the days of counterfeit ducats and untrustworthy street scalpers. With today’s high-tech world of mobile ticketing and remote credit card transactions, the practice has now entered the realm of sophisticated hackers and fraudsters who prey on the vulnerabilities of every newly devised security system with a never-ending, quickly accelerating cat-and-mouse/whack-a-mole competition.
Last year, 12% of people reported in a CNBC poll that they had bought a concert ticket which turned out to be a scam. That means of the 94 million people who attended shows in the U.S., according to the web site Statista, 11 million of them were victims of fraud.
Experts in ticket fraud are reluctant to talk about their methods in the media for fear the information gets in the wrong hands.
There is already information on how to try to beat security systems on the Internet, said Holly Sandberg, credit and fraud manager for Irvine, Calif.-based ticketing, fundraising, analytics and technology solutions company Paciolan. “It’s not even just the dark web anymore,” she said. “People are selling stolen credit cards on Facebook.”
“It’s a tricky thing trying to educate both venues and consumers, because at the same time, you’re also educating the fraudster,” said Mandi Grimm, director of training and fraud manager at Raleigh, N.C.-based Etix. “I don’t think it will ever go away completely.”
The cause of ticket fraud these days is largely bad credit card transactions. Buyers who gravitate to shady secondary sites could be purchasing tickets that were bought by stolen credit card numbers. Another scam, incongruously dubbed “friendly fraud,” involves purchasing tickets with a legitimate credit card, then disputing the charges, which sends the issue back to the banks to adjudicate. This approach is also sometimes used by parents to argue charges on credit cards they’ve loaned to their kids.
“The rules for card-not-present [Internet] transactions very heavily favor the cardholders,” Sandberg said.
“Ticket fraud is not a victimless crime,” said Daniel Chang, director of national ticketing for Caesars Entertainment. “It hurts everybody, from the venues who lose out on income, to the ticket buyer who purchases a fake ticket, to the banks who issue the credit cards.”
Other common forms of ticket fraud include copying print-at-home tickets or taking screenshots of bar codes, both of which have already spawned security measures to counteract them.
Anthony Esposito, vice president of ticket operations for the Atlanta Braves and chair elect of the trade association INTIX, made the move from PDF tickets to mobile when the team moved into SunTrust Park in 2017. “The only hard tickets are for large group or walk-up sales,” he said. “We had one guy who made 11 copies of his ticket and sold them all.”
“That makes for a really difficult experience for both the venue and the patrons,” said Grimm. “Our venues end up getting very creative at how to turn a tense, stressful situation into a more positive one. We can’t issue a refund, obviously, but we can offer to sell them tickets if there are any available. Most importantly, we can educate the consumer on where he bought the ticket and suggest legitimate alternatives.
“It’s definitely something you want to handle with kid gloves.”
The situation should be approached “from a place of compassion,” agreed Chang. “It’s our job to steer them in the direction of legitimate ticket sellers.”
Some big companies have stepped up to offer solutions, which are just as quickly hacked.
Grimm points out that in 2017, when Google introduced its bot-stopper, Invisible reCAPTCHA, which streamlines the process of determining the presence of a human, “within 24 hours, there were instructions on the dark web how to beat it.”
Both Chang and Esposito are high on Ticketmaster’s recently introduced SafeTix, which is being introduced for the coming NFL season. Addressing the issue of bar code screenshots, the application, part of Ticketmaster’s “next-generation digital tracking and venue access control platform Presence … gives event owners control over their mobile tickets through an encrypted barcode that automatically refreshes every few seconds.”
“I think it’s going to transform the industry,” says Chang.
Still, ticket fraud remains a thorny issue, one that will not be resolved easily.
“We’ve come a long way in terms of how we work to stop this,” Sandberg said. “We need to speak freely with our competitors, use these new automated tools and get smarter about how we investigate things, both manually and electronically. In all my years doing this, have we come up with an infallible solution? No, but that doesn’t mean people should stop working towards that goal.”
“Much of it is just being vigilant, checking IDs, credit cards, background information,” said Chang.
“The general public needs to be educated,” offered Grimm. “But I don’t think this will ever go away completely.”
“I’ve learned to be very careful about what I say about this in public,” admitted Sandberg. “Whenever some new technology is introduced, the first thing I do is look at the vulnerabilities.”
“I’m a pretty hardened skeptic when it comes to stopping fraud. I put on the hat of a bad guy and try to search out the weaknesses.”
Nevertheless, according to Esposito, progress is being made. “Since the introduction of the chip, we’ve seen the amount of fraudulent credit cards go down. It’s definitely not as heavy as it was two years ago. It’s being caught earlier in the process.
“Consumers have become a lot smarter about mobile ticketing, and we’re able to stay in touch with them a lot easier, too, communicating with them through their arrival at the ballpark, while they’re at the stadium and even afterward.”
In the end, though, Sandberg urged the ticket buyer to be wary and for any victims of fraud to report it to the police. “Getting that information to law enforcement is what’s absolutely going to put a dent in this,” she said. “That’s why we all have to work together.”