Anyone who’s bought tickets to an event on platforms like Ticketmaster or Stubhub has had the experience of waiting at their computer, hoping to make an immediate purchase the second their tickets come on sale.
And then all too commonly, they find themselves out of luck with inventory completely gone in seconds, or seeing the site crash from so much traffic, that they are forced to buy their ticket on a reseller site.
Consumer experiences like these have become the norm on ticket marketplaces as ticket scalping bots continue to impact ticket prices and available volume, often to the detriment of fans and artists.
In this post, we’ll dive into the impacts of automation on major ticketing marketplaces, review some countermeasures taken by those platforms (and where they fall short), and then highlight how behavioral data acquisition can be used to curb bots negatively impacting the entertainment industry.
Ticketing Bots: A Disservice to Fans and Artists
In 2017, Ticketmaster filed a lawsuit against Prestige Entertainment, alleging that over 300K tickets for the popular musical Hamilton had been purchased by them through illicit, automated means, and resold for a profit between 2015 and 2016.
In the lawsuit, Ticketmaster claimed “These orders harmed Ticketmaster and inhibited human consumers from using and enjoying the benefits of Ticketmaster’s ticket purchasing platform”.
This is but one example of the magnitude that automated ticket purchasing, reserving, and reselling can occur at, in an industry projected to be worth $68B by 2025. Perhaps unsurprisingly, in 2019, bots made up 40% of all ticket platform traffic.
Through a combination of automation and fraud, modern ticket scalpers are able to acquire large volumes of popular tickets as soon as they go on sale, and then resell those tickets to frustrated fans at marked up prices to gain a sizable profit.
Typically, scalpers will have hundreds to thousands of marketplace accounts at their disposal, acquired either through taking over legitimate accounts, or creating dummy accounts solely to be used for scalping. These accounts, when combined with bots, flood checkouts when tickets go on sale, bypassing ticket limits on accounts and snapping up all available inventory.
A variation of this scam is when bots are used to “cart hoard” all inventory, forcing fans to make purchases on the scammer’s reseller sites, where the scammer then purchases the original ticket to fulfill the fan’s order.
Ultimately, the losers in this equation are twofold: fans, who must fork over as much as 150% of the original ticket price to see their artist (if they can get tickets at all), and the artists, who make nothing off the marked up prices and unavailable inventory that makes it more difficult to monetize their fanbase.
Attempts to Stop Bots
BOTS ACT 2016
The automated purchases of thousands of Hamilton tickets might have marked a turning point in the ticketing industry, as the same year in 2016, Congress passed the Better Online Ticket Sales (BOTS) ACT, which prohibits automated purchasing of tickets, and subjects claims to FTC enforcement.
While in theory, the act would curb the kinds of scams that plague Ticketmaster, Stubhub and the like, in actuality the act is toothless and nearly impossible to enforce.
It is incredibly difficult to prove automation on the basis of a ticket price alone, as consumers dictate price points, not resellers. Account takeovers and fake account creation further muddy the lineage of how a ticket might have changed hands before finally reaching a fan.
Since consumers aren’t guaranteed any particular ticket price, and purchases are virtually always made on secondary markets knowingly by legitimate fans, there is little to no “fraud” in these transactions that constitutes the kind of real fraud typically regulated by the FTC. Automation on ticketing platforms shows no signs of slowing down six years after the act was passed in 2016.
CAPTCHAs
CAPTCHAs and their various flavors are used across Ticketmaster, Stubhub and many other major ticketing platforms.
The aim with CAPTCHA use is to curb automated behavior at critical points in the user funnel, like when creating an account, logging into an account, reserving a number of tickets or completing the checkout. In theory this would clear the market for legitimate fans to make their purchases.
In a previous post, we’ve covered the shortfalls of CAPTCHAs, though for ticket platforms in particular, looking at the percentage of automated ticketing traffic (40% in 2019), the presence of reseller sites, and the rising number of consumer complaints paints a picture of how ineffective CAPTCHAs are in their intended purpose. They are easily breakable, rendered useless by CAPTCHA solving services and others which mimic “human” behavior.
Also, because ticket purchases are rapid, high-velocity sales, ticketing platforms must be very intentional about where they introduce friction into the purchase funnel, often opting for placing a CAPTCHA at a single point within it.
Every additional additional CAPTCHA in the funnel is another tradeoff between perceived security and purchase velocity.
Using Behavioral Data to Curb Automation
On ticketing platforms, CAPTCHAs are often used as single-point security checks, and thus are prone to “single point of failure” syndrome. The likely risk here is that a scalper bot bypasses the single check, and the ticket platform gathers very little about the device profile in the process of that check, making a future scam by the same device very easy to conduct for the fraudster.
This is where behavioral data acquisition can be used to build a rich device context and subsequently, more accurate risk models for various kinds of fraud.
We’ve covered in a previous article how fine-grained behavioral data collection across device types (interactions, entry speed, data familiarity, application fluency) can be layered into common flows like sign-up and sign-in. Ticketing platforms have nearly identical flows and opportunities for behavioral profile building when done with the correct technology.
And given ticket purchases are rapid, high-velocity sales, this behavioral data gathering can be done continuously without any friction induced for the user, as opposed to the hard block CAPTCHAs present.
The result of this is high-fidelity behavioral fingerprints that are incredibly difficult to fake, for every single device accessing the platform.
From there, risk teams could blacklist those unique fingerprints associated with purchasing tickets across different accounts, or tie those fingerprints to any new accounts created near the ticket release dates as examples.
A Solution to Ticket Scalping
While live entertainment as an industry has seen many setbacks in the past few years alone, automation on ticketing platforms, while a costly one, is not unsolvable.
Using the right technology to build rich behavioral profiles of users can be the building blocks from which risk teams implement policies which finally do a service to fans and artists alike.