Sure, they can you on, but which patron is the real patron?
Suppose the ticket was supplied as a PDF. Then it is either in the users Downloads directory or in their email. If that PDF is obtained by a malicious actor, it could be resold countless times. You could have 100 “guests” arrive at a venue with a bogus ticket but only the first one gets in, because they were scanned. That first person may not be the legitimate ticket owner.
Now, if your using their app, they usually put an animation over the barcode, and the gate attendants know to look for that. If that animation isn’t there, don’t scan. Pretty simple instructions to give to anyone. And accessing the app likely requires logging in, probably with some form of MFA (though probably SMS), so it gets a lot more difficult to rip off both the legitimate users and Ticketmaster in this way.
I don’t like having to use a specific app for things like this, but “I kinda get it”.
Now, it’d be better if we had a universal standard format for putting secure, validated passes into the native phone app. Perhaps registering your device to your account via their website, then only allowing the ticket to be installed on one device. I’m sure there’d be more to it, im just spitballing.
AXS does not integrate with google wallet. I put a note in each calendar event which app the tickets are in. At least the Pixel phones now let you put anything in your wallet that is a QR code. I wish it would let us put plain old images in the wallet.
deleted by creator
How the hell would you double dip? They scan you in.
I built a ticketing app for folk festivals 2 decades ago and we had that problem beat even then.
Sure, they can you on, but which patron is the real patron?
Suppose the ticket was supplied as a PDF. Then it is either in the users Downloads directory or in their email. If that PDF is obtained by a malicious actor, it could be resold countless times. You could have 100 “guests” arrive at a venue with a bogus ticket but only the first one gets in, because they were scanned. That first person may not be the legitimate ticket owner.
Now, if your using their app, they usually put an animation over the barcode, and the gate attendants know to look for that. If that animation isn’t there, don’t scan. Pretty simple instructions to give to anyone. And accessing the app likely requires logging in, probably with some form of MFA (though probably SMS), so it gets a lot more difficult to rip off both the legitimate users and Ticketmaster in this way.
I don’t like having to use a specific app for things like this, but “I kinda get it”.
Now, it’d be better if we had a universal standard format for putting secure, validated passes into the native phone app. Perhaps registering your device to your account via their website, then only allowing the ticket to be installed on one device. I’m sure there’d be more to it, im just spitballing.
PGP-encrypted email for everyone, problem solved.
Yah, yah, I know…
Actually think this is more about protecting against unscrupulous scalpers selling tickets multiple times.
When you can just email a pdf or print it, nothing stops you from doing it multiple times.
At the end, it’s ticketbastard that has to listen to the people that got scammed. This method forces authentication and secure the chain of custody.
Mfa does make sense here tbh. I’m more upset by their outrageous fees and monopoly.
Change a number. Then when they scan it you claim it’s an error and then you are dealing with a “technology problem”.
AXS does not integrate with google wallet. I put a note in each calendar event which app the tickets are in. At least the Pixel phones now let you put anything in your wallet that is a QR code. I wish it would let us put plain old images in the wallet.