Ticketing fraud: Are you giving fraudsters a ticket to ride?

Largely enabled by online ticket sales, ticketing fraud shows no signs of slowing down.

Recent figures published by Action Fraud estimate that ticketing fraud in the UK alone cost the country £6.7/$8.66 million in 2023 – up from £5.3/$6.8 million in 2015.

This works out at an average of £772 per consumer victim – a frightening statistic that risks undermining overall confidence in online ticket sales and the reputation of companies in the sector.

Further to this, the number does not include the number of real tickets sold by ticketing companies that were purchased with stolen credentials, nor the tickets bought by unscrupulous secondary sellers using bots and other techniques to game the system.

Ticketing companies need to take every precaution and technological advance to fight back against the clear lead that fraudsters have established. What's more, ticketing scams also affect the travel and hospitality sector – resulting in airline fraud, among others.

Through Ravelin's work in the ticketing industry and analysis via our graph networks, we have seen and been able to visualise a number of key trends in ticketing fraud and what to do to fight back.

Let's take a deeper look.

Ticket fraudster type 1: Scalpers and touts

Profile: These people usually use bots and other automation techniques. They are on the hunt for high-demand tickets for resale. These are a scourge of the promoter, the artists and the public.

Giveaway: Multiple accounts and credit cards across a limited number of devices – but no chargebacks.

Ravelin's advice: Use graph visualization to clearly identify these actors. It is then a matter of a policy choice about what to do as these people aren’t necessarily doing anything illegal (although that is changing), but might be acting against fair use terms of service.

Ticket fraudster type 2: Professional fraudsters

Profile: Using stolen card details, they like to buy (steal) multiples of easily resellable or transferable tickets – e.g. sports, cinema or theme park passes. They will also attempt one-off purchases of high-value tickets for resale.

Giveaway: Multiple inactive accounts with no payment methods saved, multiple chargebacks on connected accounts, and/or multiple phone numbers that are usually disposable.

Ravelin's advice: Every confirmed chargeback that comes into the business should uncover dozens and sometimes hundreds of inactive or dormant connected accounts. With the Connect graph networks, Ravelin sniffs out connections via shared devices, phone numbers, email addresses, and card numbers so you can see connected accounts instantly. These accounts should be blocked from making further purchases.

Note that it is professional fraudsters who will also attempt to take over legitimate customers' accounts, in the hopes of finding and abusing personal details and stored payment cards. Your approach to these will be similar to typical ATO fraud prevention.

Below you can see how Ravelin's graph network, based on a single actor, has picked up 247 connected card numbers, 33 connected chargebacks, 53 connected phone numbers and 163 connected emails accounts.

This has been made possible through link analysis, which here has caught a network could cripple a ticketing company if left unchecked.

Ticket fraudster type 3: Lifestyle fraudsters

Profile: These guys are out for a good time on someone else’s dime. They are often looking for luxury experiences and will even defraud multiple companies in one night to get it.

This means tickets for the game, same day hotel, limitless taxi-rides and takeout food delivered to the hotel – all on stolen card details. This type of fraudster is more likely to have learned the tools of the trade by following "influencers" on low-quality social media.

Note also that so-called FaaS (fraud as a service) is closely associated with lifestyle fraudsters, as they are in the same networks and often align in methods.

Giveaway: Higher than normal transaction value, newly created accounts, multiple payment attempts, suspicious email address, disposable phone number.

Ravelin advice: Machine learning fraud prevention models will pick up any anomalies in a new purchaser compared to your usual buyer. You’ve spent a lot to secure the right to sell these tickets, so you need to be sure that that you are selling to a legitimate cardholder without ruining the customer experience in so doing.

Fraud strategy for ticketing brands

We don’t believe the picture needs to be bleak for ticketing companies. While it is certainly true that precautions need to be taken and vigilance kept high, using a smarter approach can balance the scales back towards the merchant.

Analysis of your existing, historic data using the right tools is the fastest way to expose and eliminate a great deal of your risk exposure.

One should also consider company policy:

• What are your current aims as an organization?
• Is growth or customer retention more important?
• What is your risk tolerance?
• Do you consider ticket reselling to be a fact of life or does it negatively affect the experience of your customers?
• How frequently do you experience organized fraud attacks?

All of these are questions will help shape your fraud prevention strategy.

For ticketing companies, it is essential to be able to manage fraud attacks at the front door with a tool that can scale, adapt to new types of attacks and act faster than the bots to keep your business secure and your customers happy.

If you're in the ticketing industry and struggling with increased amounts of fraud – or reputational damage due to fraud – Ravelin's team of fraud experts are at hand to discuss how we could fuel your secure growth.

Book a call today.

Further reading

• Why there’s no single indicator for fighting fraud
• RavCon 2024 talk: Real-life stories of real-time fraud attacks
• Online payment fraud infographic
• Connect guide - How to use graph networks effectively in fraud prevention
• A simple introduction to Connect, Ravelin's graph database
• Faas – Fraud-as-a-Service