• ikidd@lemmy.world
      link
      fedilink
      English
      arrow-up
      43
      ·
      7 months ago

      How the hell would you double dip? They scan you in.

      I built a ticketing app for folk festivals 2 decades ago and we had that problem beat even then.

      • JasonDJ@lemmy.zip
        link
        fedilink
        English
        arrow-up
        9
        arrow-down
        3
        ·
        7 months ago

        Sure, they can you on, but which patron is the real patron?

        Suppose the ticket was supplied as a PDF. Then it is either in the users Downloads directory or in their email. If that PDF is obtained by a malicious actor, it could be resold countless times. You could have 100 “guests” arrive at a venue with a bogus ticket but only the first one gets in, because they were scanned. That first person may not be the legitimate ticket owner.

        Now, if your using their app, they usually put an animation over the barcode, and the gate attendants know to look for that. If that animation isn’t there, don’t scan. Pretty simple instructions to give to anyone. And accessing the app likely requires logging in, probably with some form of MFA (though probably SMS), so it gets a lot more difficult to rip off both the legitimate users and Ticketmaster in this way.

        I don’t like having to use a specific app for things like this, but “I kinda get it”.

        Now, it’d be better if we had a universal standard format for putting secure, validated passes into the native phone app. Perhaps registering your device to your account via their website, then only allowing the ticket to be installed on one device. I’m sure there’d be more to it, im just spitballing.

        • blusterydayve26
          link
          fedilink
          English
          arrow-up
          5
          ·
          edit-2
          7 months ago

          There you go, assuming the problem is worth the corporation’s time and money to bother solving. The correct answer is to not bother hiring a customer support department and telling people that they’re SOL when stuff goes wrong. The goal is to take in more money than you spend on customer support, so you spend none.

      • wolfpack86@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        7 months ago

        Actually think this is more about protecting against unscrupulous scalpers selling tickets multiple times.

        When you can just email a pdf or print it, nothing stops you from doing it multiple times.

        At the end, it’s ticketbastard that has to listen to the people that got scammed. This method forces authentication and secure the chain of custody.

        • RippleEffect@lemm.ee
          link
          fedilink
          English
          arrow-up
          1
          ·
          7 months ago

          Mfa does make sense here tbh. I’m more upset by their outrageous fees and monopoly.

      • GladiusB@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        2
        ·
        7 months ago

        Change a number. Then when they scan it you claim it’s an error and then you are dealing with a “technology problem”.

    • bitchkat@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      7 months ago

      AXS does not integrate with google wallet. I put a note in each calendar event which app the tickets are in. At least the Pixel phones now let you put anything in your wallet that is a QR code. I wish it would let us put plain old images in the wallet.