Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Technology

Battling bots in the ticketing industry: how best to stymie the scalpers

Battling bots in the ticketing industry: how best to stymie the scalpers

Battling bots in the ticketing industry: how best to stymie the scalpers 

Battling bots in the ticketing industry: how best to stymie the scalpersBy Antoine Vastel, Head of Research at global cybersecurity company DataDome

Nowadays, almost all businesses have an online platform. Within the ecommerce industry, online sites are constructed to provide a seamless shopping experience, providing easy access to hot items. Within the ticketing sector, offering a user-friendly experience for ticket purchases is key, particularly for in-demand shows. Yet, these sites often lack effective protection against malicious lurking bots, which alarmingly now make up  30% of all internet traffic. The troves of customer data and potential to capitalise on flash sales and ticket launches are tempting targets for fraudulent online attacks.

Enter the scalper bot: harnessed by malicious actors to target ticket or product releases and snatch them up faster than humans, selling them on at highly inflated prices. This summer, scalpers stormed the presale queue of Taylor’s 2024 Era’s tour with almost 40,000 fans facing crashing ticket sites and inflated resale prices. This scalper success is particularly alarming given bots succeeded despite the ‘Verified Fan’ presale, established to protect against bots following the previous Ticketmaster fiasco for Taylor’s US tour back in November 2022.

The success rate of these scalper attacks – alongside the financial gain of scalping – will motivate increasing numbers of bad bot attacks over the next few years.This is alarming; recent Datadome research found that 66% of UK websites tested were unprotected against simple bot attacks, highlighting companies’ widespread vulnerability. This poor protection, combined with the growing level of bot sophistication highlights the urgent need for companies to invest more into defences against bot attacks, to avoid the financial and reputation impact of a successful attack.

Bot attack sophistication: scraping paves the way for scalping

Bot attacks are increasingly sophisticated, with bot programmers quick to adopt new technologies like AI and ML to enhance their attacks. Furthermore, these bots come in many forms, and businesses should fear more than just the scalper bots trawling their website. Paving the way for scalper bots are scraper bots, used by cybercriminals to extract data from a website, mobile app or API. They’re dangerous because they can collect information which acts as a gateway to more malicious activities.

Think of scraper bots like burglars assessing their opportunities: they’re peeking into windows, evaluating whether there are any goods worth stealing. Once they’ve confirmed the value of the goods, they can formulate a plan for entry and escape.  On a ticketing site, scraper bots can be used to collect information, monitoring when in-demand tickets go on sale. This enables scalper bots to position themselves at the front of the queue and snatch-up tickets in large batches immediately when they go live, leaving customers frustrated and empty-handed.

Complex bot attacks target more than the ticketing industry. Retailers’ inability to defend against bots led to the huge shortage of PS5 consoles in 2020, where the majority of consoles were snapped up by scalper bots, and sold on for hugely inflated prices. Similarly, in 2021 & 2022, bots played a role in the GPU shortage.

Such attacks are widespread, and incredibly damaging for organisations. They disrupt the customer experience, and risk enormous reputational damage for the business.  The emergence of scraping as a gateway threat highlights the increasingly sophisticated nature of bot attacks, thus the growing importance for companies to develop strong cybersecurity strategies to protect themselves.

Strong defence deters attacks 

To  sufficiently protect against bot attacks, online ticketing sites need more than just a presale or verified fan system. They must improve their online security and become vigilant to scraping and scalping attacks, and opt for a robust cyber strategy with real-time bot detection and prevention software.

Across all industries, robust cybersecurity strategies should  include multiple anti-scalping measures. Implementing behavioural analysis, for example, enables sites to identify genuine human vs bot interactions. This is possible given bot behaviour differs to that of humans; bots typically race to target tickets or in-demand items, as opposed to the slower scrolling typical of  human customers. Once bot behaviour is detected, additional bot detection and deflection methods can be activated.

Sites can also deploy browser or device fingerprinting, whereby websites collect information about a user’s browser or device type and version. This helps to identify bots, given that they use automated browsers or HTTP clients which differ when compared to humans’ non-automated browser activity. Identifying bots through their browser and device parameters increases chances of detection – and they can then be blocked.

Security interferes with the seamless customer experience 

In some instances, security measures in place can disrupt user experience. For example, common CAPTCHAs are used to create challenges difficult enough to stop bots. However, CAPTCHAS also challenge real people, with frustrating test failures slowing down their browsing activity.

To reduce such friction, businesses can reduce the number of CAPTCHAs deployed by ensuring this defensive tactic is always a last resort. Instead, deploying purpose-built detection and mitigation software can reduce successful bot attacks and improve customer experience.

Bot attacks continue to disrupt the online world, leaving customers disappointed when desired items or tickets are scalped out of their hands and distressed when services are slowed by bot activity. Being outplayed by a bot and faced with crashing web pages is frustrating. One such experience damages reputation, but if businesses continue to poorly protect themselves more and more customers will be driven away.

Given that bots are more sophisticated than ever, protecting online sites is an imperative. Improving cybersecurity strategies to match the pace of bot evolution will enable continual protection, ensuring companies beat the bots and avoid the reputational and financial damage such attacks threaten.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!

By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post