The bot problem that has put distribution giant Ticketmaster under scrutiny this year is set to exacerbate as automated systems bypass standard preventative measures. At the same time, regulation is rarely enforced, and consumers are ready to pay jacked-up prices for in-demand items on resale markets.
Bad Bunny’s “sold out” concert on December 9 was supposed to be one of the largest shows ever held in Mexico City. Instead, the Puerto Rican superstar went on stage to a visibly emptyish stadium floor as thousands of fans still waiting outside were denied entry by Ticketmaster, a distributor.
Fans, including some who bought tickets directly from Ticketmaster, were told their passes were counterfeit or duplicated and, therefore, canceled.
The show at Azteca Stadium, Latin America’s largest, was sold out months ago, with more than 80,000 tickets snatched up in minutes. Ticketmaster said that 4.5 million people sought to buy tickets to Bad Bunny’s Mexico City shows, the “highest number in the country’s history.”
It is unclear how many of those were resellers using automated systems – or bots – to outcompete “traditional” consumers. Still, some tickets did end up in secondary markets, where they were sold at inflated prices.
Ticketmaster blamed the “unprecedented number” of counterfeit tickets purchased from unofficial vendors for its Bad Bunny fiasco. It said that some holders of valid tickets were denied access because its ticket scanning machines malfunctioned as a result.
The company apologized and said it would refund legitimate tickets. It will also pay a 20% compensation fee as demanded by Profeco, Mexico’s consumer protection agency, which said it received more than 1,600 complaints. In addition, Profeco had started an antitrust probe against Ticketmaster, which could lead to a fine amounting to 10% of the company’s revenue in 2021.
The agency’s head, Ricardo Sheffield, said Ticketmaster was “corrupt and criminal,” while Mexico’s President Andrés Manuel López Obrador called on Bad Bunny to throw a free concert in the country’s capital city for “defrauded” young people.
The political fallout was reminiscent of a similar controversy in the US, where Ticketmaster and its parent company, Live Nation, are facing a class-action lawsuit and, reportedly, an antitrust investigation by the Department of Justice over a botched sale of tickets to Taylor Swift’s Eras Tour. The company blamed a “staggering” number of bot attacks for the mess.
Shopping with bots
Ticketmaster’s troubles illustrate how the unresolved bot problem can cost companies millions of dollars and lasting reputational damage.
“Bot attacks damage the customer relationship – even if there’s no immediate effect on sales. The customer lifetime value certainly takes a hit in the long run, which is hugely damaging to brands,” said Nathan Duparick, director of product management at Forter, an online fraud prevention company.
“Scammers often go after these items because tickets have a high resale value, and it takes little effort on their part. Unfortunately, the ticket vendors themselves and loyal customers, like we saw with Taylor Swift, are the ones who suffer,” he noted.
The problem does not only affect ticket sales for in-demand shows but also apparel and footwear companies releasing products like special edition sneakers. According to Forter, merchants that offer limited stock drops are five to six times more vulnerable to bot attacks than other retailers.
Bot traffic increased 106% on a year-on-year basis in 2021 alone and is a “massive” problem for retailers, Duparick said. “With more and more transactions conducted online, I expect bot attacks will become even more frequent,” he said.
Bots are designed to circumvent conventional fraud detection systems like CAPTCHA by allowing their users to input multiple email and shipping addresses with typically minor alterations to an actual address. As they are configured to use proxies, vendor platforms cannot identify that multiple orders are coming from the same IP address.
In addition to robbing consumers of the opportunity to purchase their wanted item at an official retailer’s price, bots pose other risks.
“Bots are used for common types of account takeover attempts that can put a consumer’s personal information and payment details in the hands of fraudsters. These attacks are commonly referred to as credential stuffing and credential cracking attacks,” Duparick said.
Bots can also be used in distributed denial-of-service, or DDoS, attacks, flooding a website with traffic that could cause outages impacting consumers.
What can be done about it?
Ticketmaster has a Smart Queue tool in place to tackle “bot abuse,” but users have criticized it as ineffective and making their experience on the platform even more of a hassle than before. The company’s dominant market position has also led to criticism that it is perpetuating the system of inflated prices.
The recurrent ticket sales mess suggests that whatever anti-bot precautions Ticketmaster has implemented, they don’t do the job.
“In order for ticket vendors to prevent fraud on the next big tour, these organizations should consider deploying automated fraud solutions that detect bot-powered attacks in real-time using identity-based insights. These solutions can quickly analyze the buyer's persona to discern if they are a legitimate customer or a bot,” Duparick said.
The Better Online Ticket Sales (BOTS) Act, which outlaws ticket scalping using bot technology, was signed into federal law in 2016. It was enforced for the first time in January 2021 when the Federal Trade Commission (FTC) said it was taking action against three New York-based ticket brokers. It planned to subject them to a $31 million penalty for allegedly using automated software to illegally buy tens of thousands of tickets for popular concerts and sporting events.
The BOTS Act had bipartisan support, and two senators who backed it, Marsha Blackburn (R-Tenn.) and Richard Blumenthal (D-Conn.), the ranking member and chair, respectively, of the Subcommittee on Consumer Protection, Product Safety, and Data Security, questioned whether the FTC was doing enough to enforce it in a letter to the agency.
Tickets to hot events will remain a “huge target” for bot fraud as long as fans are willing to pay a larger price tag to see their favorite artists, according to Duparick. “Don’t feed the beast. Avoid shopping on resale sites when possible to disincentivize scammers,” he said.
More from Cybernews:
Subscribe to our newsletter