Sure, they can you on, but which patron is the real patron?
Suppose the ticket was supplied as a PDF. Then it is either in the users Downloads directory or in their email. If that PDF is obtained by a malicious actor, it could be resold countless times. You could have 100 “guests” arrive at a venue with a bogus ticket but only the first one gets in, because they were scanned. That first person may not be the legitimate ticket owner.
Now, if your using their app, they usually put an animation over the barcode, and the gate attendants know to look for that. If that animation isn’t there, don’t scan. Pretty simple instructions to give to anyone. And accessing the app likely requires logging in, probably with some form of MFA (though probably SMS), so it gets a lot more difficult to rip off both the legitimate users and Ticketmaster in this way.
I don’t like having to use a specific app for things like this, but “I kinda get it”.
Now, it’d be better if we had a universal standard format for putting secure, validated passes into the native phone app. Perhaps registering your device to your account via their website, then only allowing the ticket to be installed on one device. I’m sure there’d be more to it, im just spitballing.
There you go, assuming the problem is worth the corporation’s time and money to bother solving. The correct answer is to not bother hiring a customer support department and telling people that they’re SOL when stuff goes wrong. The goal is to take in more money than you spend on customer support, so you spend none.
How the hell would you double dip? They scan you in.
I built a ticketing app for folk festivals 2 decades ago and we had that problem beat even then.
Sure, they can you on, but which patron is the real patron?
Suppose the ticket was supplied as a PDF. Then it is either in the users Downloads directory or in their email. If that PDF is obtained by a malicious actor, it could be resold countless times. You could have 100 “guests” arrive at a venue with a bogus ticket but only the first one gets in, because they were scanned. That first person may not be the legitimate ticket owner.
Now, if your using their app, they usually put an animation over the barcode, and the gate attendants know to look for that. If that animation isn’t there, don’t scan. Pretty simple instructions to give to anyone. And accessing the app likely requires logging in, probably with some form of MFA (though probably SMS), so it gets a lot more difficult to rip off both the legitimate users and Ticketmaster in this way.
I don’t like having to use a specific app for things like this, but “I kinda get it”.
Now, it’d be better if we had a universal standard format for putting secure, validated passes into the native phone app. Perhaps registering your device to your account via their website, then only allowing the ticket to be installed on one device. I’m sure there’d be more to it, im just spitballing.
There you go, assuming the problem is worth the corporation’s time and money to bother solving. The correct answer is to not bother hiring a customer support department and telling people that they’re SOL when stuff goes wrong. The goal is to take in more money than you spend on customer support, so you spend none.
PGP-encrypted email for everyone, problem solved.
Yah, yah, I know…
Actually think this is more about protecting against unscrupulous scalpers selling tickets multiple times.
When you can just email a pdf or print it, nothing stops you from doing it multiple times.
At the end, it’s ticketbastard that has to listen to the people that got scammed. This method forces authentication and secure the chain of custody.
Mfa does make sense here tbh. I’m more upset by their outrageous fees and monopoly.
Change a number. Then when they scan it you claim it’s an error and then you are dealing with a “technology problem”.