8

The New York Times recently has an article that talks about how scalpers are using bots to programmatically buy up lots of concert tickets, making it harder for ordinary fans to buy up tickets. For instance, it says that they may buy up more than 60% of tickets to some popular concerts, or up to 200,000 tickets each day (in aggregate).

Why is it hard to stop scalpers from buying up lots of tickets?

The NY Times article talks about how Ticketmaster is trying to stop this by using CAPTCHAs, and how the scalpers are defeating the CAPTCHAs (e.g., through online services that will solve them for less a cent per CAPTCHA). But why is Ticketmaster focusing on CAPTCHAs as their main line of defense?

For instance, why can't Ticketmaster look at the credit card used to buy the tickets, and place a limit on the number of tickets bought per credit card? Or, why can't they require confirmation of ownership of a phone number (e.g., text you a code that you enter, or call up your phone and read off a code that you enter into the website, to verify that you own the phone number), and place a limit on the number of tickets bought per phone number? It seems like there are many other defenses that might be available -- why is this problem so hard?

D.W.
  • 98,420
  • 30
  • 267
  • 572
  • They actually screwed up worse than that - the scalpers were able to use the ticket purchase system before the tickets officially went on sale, simply by directly sending requests to the scripts. In doing so, they could purchase hundreds of tickets before any legitimate customers got a look-in. – Polynomial May 27 '13 at 08:44
  • This is very unlikely to be a solvable problem by any means of remote/electronic identification only, because agents simply don't have the authority to demand of clients identification that would be considered secure enough. I've seen other identification methods in place, where you're free to purchase (or reserve) up to a specified number of tickets per person online, but notified of requiring to produce an identification paper in person upon collecting them at the ticketing office, which is possible only on the day or up to a few days before the event the tickets were issued for. – TildalWave May 27 '13 at 19:42
  • 3
    Switching to an auction model would prevent this. The bots are only the symptoms of a broken market. – CodesInChaos May 27 '13 at 21:52
  • @CodesInChaos the auction model would likely dry up the market altogether. – AbsoluteƵERØ May 28 '13 at 01:04
  • @D.W. - They likely do place a limit. The problem is there is a fine line of preventing a bot from purchasing tickets and preventing a real customer ( with a great deal of money ) from purchasing alot of tickets. – Ramhound May 28 '13 at 16:28

1 Answers1

5

Phone numbers are easy to come by as are credit card numbers. Most credit card companies offer 1 time use credit card numbers and phone numbers can be had for less than a couple of bucks per month. It wouldn't be that hard to setup many SkypeIn or Google Voice numbers for example to get around the phone system issue.

It would make things a little bit more complicated since a person would likely still have to answer the phone, but it's also more expensive to implement and requires making calls out for every ticket purchase. It also complicates the ticket purchasing experience for customers which would likely be greeted poorly.

There is also the obvious question of how does the activity hurt Ticketmaster? They are still selling tickets and unless they see a drop off in venues using them, it doesn't really hurt them any, so why should they give up revenue or raise their costs to the venues (their real customers) when they can make a visible pass at trying by introducing Captchas.

Security is about analysing risk and cost and determining the point at which the mitigation of risk is worth the cost. There doesn't seem to be a very compelling case for them at the moment to invest heavily in making it more difficult since it doesn't directly impact them and with their market position, is unlikely to have a significant impact on them.

From their point of view, the cost of preventing scalping may exceed the cost of letting it happen.

AJ Henderson
  • 41,816
  • 5
  • 63
  • 110
  • 1
    An extra albeit quite ordinary explanation: Ticketmaster may be in collusion with the scalpers. – Deer Hunter May 27 '13 at 11:19
  • Arguably they wouldn't be in collusion with the scalpers as there are laws that prevent such a thing. Though assuming laws prevent a company from doing something might be a bit dangerous. ;) – Steve May 27 '13 at 19:33
  • @SteveS there are also antitrust laws but it seems that Ticketmaster has successfully avoided these as well. – AbsoluteƵERØ May 28 '13 at 01:05
  • *"it's also more expensive to implement and requires making calls out for every ticket purchase"* - Surely this isn't that hard. You can completely automate the process of verifying the person's phone number (Google Voice does it; they place an automated phone call to you, use text-to-speech to read you a 4-digit code, and you enter in the code into the web page). This isn't rocket science -- it's not that hard, and it's not that expensive. – D.W. May 28 '13 at 01:52
  • 1
    @D.W. making a telephone call for every ticket sale is significantly more expensive than a captcha (which is effectively free). Keep in mind that Google Voice isn't 0really free, it's just they use it to train their speech recognition and some would argue to have access to your phone records and they think the cost is worth that. – AJ Henderson May 28 '13 at 04:09