Live events are back – and fraud has crashed the party

Most of us prepare for a big concert or live event. We pick our outfits in advance, coordinate arrival times with friends, figure out where we might eat, and develop a plan for how we’re going to get home. But are we applying the same level of care to make sure our ticket purchases are safe and secure?

Historically, the answer is no — and fraudsters know it. As event traffic returns to near pre-pandemic levels (consider Taylor Swift crashing Ticketmaster as a sign ticket sales are back on track), an influx of bad actors are rushing to capitalize on opportunities for fraudulent behavior. To prevent negative outcomes, both ticket buyers and sellers must rethink how they approach online security.

By working in tandem, these two groups can better understand the security risks at play in the event ticketing industry and protect themselves against increasingly sophisticated cyberattacks.

concert goers standing at barricade

Event ticketing fraud presents a unique challenge

There are a number of reasons why the live events industry presents a unique challenge for cybersecurity professionals. But one of the biggest factors is that ticket sellers often struggle to understand their buyers’ purchasing behaviors.

To better understand why, consider how a customer’s behavior differs when interacting with a ticket selling platform versus their bank. The customer logs in to their bank’s website or mobile application once every couple days. Most of these interactions cover routine tasks: paying bills, checking their account balance, or verifying a transaction. The consistency of these behaviors (and other unique identifiers like the device they use and how quickly they enter their password) helps the bank understand what to expect from the customer — and helps their security team quickly intervene when they notice suspicious activity.

But when it comes to purchasing tickets for live events, the customer’s behavior is much more erratic. They may only log in to a ticket provider’s website every few months or, in the early stages of the pandemic, every few years. And when they finally do log in, their focus is on rushing to find the best possible tickets to see their favorite band — not on security. This means swift mouse movements, rapid clicking, reloading forms, and other behaviors that they wouldn’t normally perform with an everyday transaction. Picture it: you get a notification that your favorite artist is doing a show in your city. Your attention immediately goes to logistics: Am I free that night? Can I afford a ticket? Which friend can I drag to the show? Questions about the strength of your password and two-factor authentication steps aren’t priorities.

The susceptibility of ticket buyers to fraud and ticket sellers’ lack of insight into these customers’ behaviors have produced alarming outcomes. Attack traffic accounted for approximately one third of all event ticketing traffic in 2021, outpacing the rise in trusted traffic from the same time period. Further complicating matters, an increased number of fraudsters are turning to sophisticated attacks, which can more easily imitate the erratic human behavior often displayed when purchasing tickets, and bypass popular bot-detection tools.

As event ticketing traffic approaches pre-pandemic levels, both ticket sellers and purchasers need to rethink their approach to online security to stay ahead — and safe.

So, how can ticket buyers and sellers work together to combat fraud?

Although the sporadic nature of live event transactions makes it more difficult to prevent fraudulent behavior, there is a silver lining. Because live event tickets transactions are infrequent and high value, customers are more likely to accept increased levels of security friction at checkout. As a result, ticket sellers can add measures like security questions and two-factor authentication without disrupting the overall user experience. Contrast that with our banking customer, who may easily grow annoyed if they have to go through the exact same security hurdles every time they log in to their bank’s mobile app.

But ticket sellers shouldn’t stop there. Tools like behavioral biometrics can also help sellers build profiles on users even if they only buy tickets occasionally. Whenever a user logs in to their platform, biometric tools analyze user behaviors like typing patterns, mouse movements, and average time spent on a webpage to identify any deviations from typical customer behaviors. These tools can help ticket sellers make the most of limited customer data and introduce friction into the user journey when appropriate.

Ticket buyers also bear responsibility for spotting potentially malicious behavior. Fortunately, it doesn’t take a lot to make transactions more secure. Simple measures like implementing strong passwords and two-factor authentication can do wonders to fortify a ticket buyer’s purchase. Ticket buyers should also buy from trusted vendors and inform themselves on their vendor’s refund and ticket delivery policies. Perhaps the most important action tickets buyers can take is exercising caution whenever possible. When ticket buyers are rushing to secure tickets to see their favorite artist, they should pause to consider if they’re overlooking any potential red flags. Fraudsters are counting on ticket buyers rushing through their transactions without any concern for security, so a cautious approach can pay dividends.

Together, ticket buyers and sellers can work together to confront live event fraud head-on. For example, in August, the Better Business Bureau alerted customers to a rise in concert scams. Scammers created look-alike websites to fool customers into purchasing tickets that came at an inflated price, with someone else’s name on them — or worse, didn’t come at all. Of course, ticket sellers need to educate their users on tactics like this to support more secure transactions. But organizations should also look for telltale signs of bad actors like:

  • Multiple accounts being accessed by a unique device
  • Multiple credit cards being tested by an account
  • Multiple changes in billing addresses on an account

If ticket sellers implement tools like behavioral biometrics to root out bad actors and ticket buyers inform themselves on best security practices, fraudsters will struggle to keep up — and people can enjoy their concerts, sporting events, and festivals without any headaches.

Live events are expensive — but scams cost a lot more

The NFL, NBA, and college football are all in full swing, massive artists like Beyonce and Ed Sheeran are announcing tours, and the holiday season is upon us. It’s a stressful time for your wallet.

But before rushing to purchase tickets for your favorite events, pause and consider whether you’re putting your best foot forward from a security perspective. No one wants a fun night out to turn into endless calls with customer service representatives trying to get your money back or countless hours spent trying to determine who has accessed your personal information. And if you’re a seller, there’s even more at stake, so it pays to ask whether you’re doing right by your customers.