Sure, they can you on, but which patron is the real patron?
Suppose the ticket was supplied as a PDF. Then it is either in the users Downloads directory or in their email. If that PDF is obtained by a malicious actor, it could be resold countless times. You could have 100 “guests” arrive at a venue with a bogus ticket but only the first one gets in, because they were scanned. That first person may not be the legitimate ticket owner.
Now, if your using their app, they usually put an animation over the barcode, and the gate attendants know to look for that. If that animation isn’t there, don’t scan. Pretty simple instructions to give to anyone. And accessing the app likely requires logging in, probably with some form of MFA (though probably SMS), so it gets a lot more difficult to rip off both the legitimate users and Ticketmaster in this way.
I don’t like having to use a specific app for things like this, but “I kinda get it”.
Now, it’d be better if we had a universal standard format for putting secure, validated passes into the native phone app. Perhaps registering your device to your account via their website, then only allowing the ticket to be installed on one device. I’m sure there’d be more to it, im just spitballing.
Sure, they can you on, but which patron is the real patron?
Suppose the ticket was supplied as a PDF. Then it is either in the users Downloads directory or in their email. If that PDF is obtained by a malicious actor, it could be resold countless times. You could have 100 “guests” arrive at a venue with a bogus ticket but only the first one gets in, because they were scanned. That first person may not be the legitimate ticket owner.
Now, if your using their app, they usually put an animation over the barcode, and the gate attendants know to look for that. If that animation isn’t there, don’t scan. Pretty simple instructions to give to anyone. And accessing the app likely requires logging in, probably with some form of MFA (though probably SMS), so it gets a lot more difficult to rip off both the legitimate users and Ticketmaster in this way.
I don’t like having to use a specific app for things like this, but “I kinda get it”.
Now, it’d be better if we had a universal standard format for putting secure, validated passes into the native phone app. Perhaps registering your device to your account via their website, then only allowing the ticket to be installed on one device. I’m sure there’d be more to it, im just spitballing.
PGP-encrypted email for everyone, problem solved.
Yah, yah, I know…