I was talking to a friend yesterday, who had wanted to buy tickets to watch one of the India matches at the stadium. After reading about the empty stadiums and counterfeit ticket scams, fans in Pune were fortunately prewarned. So, my friend and another one of his friends valiantly logged in an hour ahead into BookMyShow and waited in the ‘queue.’ And in minutes the tickets were sold out. He later googled other websites where tickets might sell and yes, they were. Only at prices 10x and up to 20 grand apiece at the higher end. They were also being sold on some Instagram and other social handles. Are some of you, fans nodding knowingly in agreement?
This is not the first nor the last time that we see ticket booking bots. We saw this during Covid when people were struggling to secure a slot for getting their jabs, I know some coders who braggingly claimed to be writing personal bots. There were even official bot services like GetJab etc. that were doling out slots and notifications to people as soon as they opened up. Such bots have almost been given the stamp of legitimacy last week when some sharks on Shark Tank ABC, invested in a nice little bot startup that automates internet chores for their app users. So, there might be good bots and bad bots. (To me though, ticket grabbing and appointment squatting don’t sound like particularly polite things to do 😉
But when like me you spend a lifetime in fraud, ‘Bot’ is almost always a bad word. I’ve been through attacks where these evil things would try and apply for cards over 10’s of 1,000 times a minute. Likewise, there are credential stuffing bot attacks, phishing bots, purchasing bots, login bots, brute force bot attacks, DDOS, what not. we fight day in and day out.
The Maharashtra police have established a dedicated team to track social media for black market peddling of #CWC23 tickets, potentially setting up various stings. But like I always say, prevention is infinitely better than waiting for prosecution.
Ticketing platforms really need to get their cybersecurity and fraud teams together urgently to deal with the scalper menace. Perimeter security tools aside, fraud teams should be easily able to develop strong controls like velocity caps, malicious IP and device blocking etc. to deal with this before the bigger matches come up. As India hosts this marquee cricketing event of #ICCCricketWorldCup, we need to make sure that we can kick out show stoppers like these ticketing bots.
While not ideal, one all-weather solution is CAPTCHA or ReCAPTHCHAs. One time, I remember filling out reCAPTCHA for a website with an analyst sitting next to my desk watching over, let’s call him Bob. I solved it like 6 times and failed all six times. “I’m having more than a little trouble cracking this, huh?” I said. Bob’s response was epic. He said, “That’s because Shweta you’re a bot.” Sure. But I’m a very clever bot, and hopefully some shark will invest in my startup some day 😊