The New York Times recently has an article that talks about how scalpers are using bots to programmatically buy up lots of concert tickets, making it harder for ordinary fans to buy up tickets. For instance, it says that they may buy up more than 60% of tickets to some popular concerts, or up to 200,000 tickets each day (in aggregate).
Why is it hard to stop scalpers from buying up lots of tickets?
The NY Times article talks about how Ticketmaster is trying to stop this by using CAPTCHAs, and how the scalpers are defeating the CAPTCHAs (e.g., through online services that will solve them for less a cent per CAPTCHA). But why is Ticketmaster focusing on CAPTCHAs as their main line of defense?
For instance, why can't Ticketmaster look at the credit card used to buy the tickets, and place a limit on the number of tickets bought per credit card? Or, why can't they require confirmation of ownership of a phone number (e.g., text you a code that you enter, or call up your phone and read off a code that you enter into the website, to verify that you own the phone number), and place a limit on the number of tickets bought per phone number? It seems like there are many other defenses that might be available -- why is this problem so hard?