Sure, they can you on, but which patron is the real patron?
Suppose the ticket was supplied as a PDF. Then it is either in the users Downloads directory or in their email. If that PDF is obtained by a malicious actor, it could be resold countless times. You could have 100 “guests” arrive at a venue with a bogus ticket but only the first one gets in, because they were scanned. That first person may not be the legitimate ticket owner.
Now, if your using their app, they usually put an animation over the barcode, and the gate attendants know to look for that. If that animation isn’t there, don’t scan. Pretty simple instructions to give to anyone. And accessing the app likely requires logging in, probably with some form of MFA (though probably SMS), so it gets a lot more difficult to rip off both the legitimate users and Ticketmaster in this way.
I don’t like having to use a specific app for things like this, but “I kinda get it”.
Now, it’d be better if we had a universal standard format for putting secure, validated passes into the native phone app. Perhaps registering your device to your account via their website, then only allowing the ticket to be installed on one device. I’m sure there’d be more to it, im just spitballing.
There you go, assuming the problem is worth the corporation’s time and money to bother solving. The correct answer is to not bother hiring a customer support department and telling people that they’re SOL when stuff goes wrong. The goal is to take in more money than you spend on customer support, so you spend none.
Sure, they can you on, but which patron is the real patron?
Suppose the ticket was supplied as a PDF. Then it is either in the users Downloads directory or in their email. If that PDF is obtained by a malicious actor, it could be resold countless times. You could have 100 “guests” arrive at a venue with a bogus ticket but only the first one gets in, because they were scanned. That first person may not be the legitimate ticket owner.
Now, if your using their app, they usually put an animation over the barcode, and the gate attendants know to look for that. If that animation isn’t there, don’t scan. Pretty simple instructions to give to anyone. And accessing the app likely requires logging in, probably with some form of MFA (though probably SMS), so it gets a lot more difficult to rip off both the legitimate users and Ticketmaster in this way.
I don’t like having to use a specific app for things like this, but “I kinda get it”.
Now, it’d be better if we had a universal standard format for putting secure, validated passes into the native phone app. Perhaps registering your device to your account via their website, then only allowing the ticket to be installed on one device. I’m sure there’d be more to it, im just spitballing.
There you go, assuming the problem is worth the corporation’s time and money to bother solving. The correct answer is to not bother hiring a customer support department and telling people that they’re SOL when stuff goes wrong. The goal is to take in more money than you spend on customer support, so you spend none.
PGP-encrypted email for everyone, problem solved.
Yah, yah, I know…