'Bad bots' account for about 40 per cent of traffic on ticketing websites

Security researchers Distil Networks claims bot activity is driving away humans from ticketing websites

'Bad bots' account for as much as 40 per cent of the traffic on ticketing websites, according to researchers at security specialists Distil Networks.

The study claims that these automated programmes are used by brokers, cybercriminals and hospitality agencies to perform a variety of activities including denial of inventory, scraping seat map inventory, spinning and scalping of tickets, customer account takeover, and committing frauds.

In the study, research lab of bot mitigation company Distil Networks examined 26.3 billion requests from 180 websites during the period from September 2018 to December 2018. The analysts were surprised to find that 39.9 per cent of ticketing traffic comprises of bad bots. In the US, prominence of ticketing bots was observed, despite legislative measures as well as increasing pressure from artists to intervene.

The primary markets were found to have higher bot traffic (about 42 per cent) compared to venues (26.6 per cent) or secondary markets (23.9 per cent).

Interestingly, perhaps, researchers found that 78 per cent of the bots accessing ticketing websites were highly or moderately sophisticated. Such bots can exhibit more human-like characteristics, which enables them to escape detection.

Eighty-five per cent of the bad bots targeting ticketing companies originated in North America, the study suggested.

According to the researchers, this unwanted bot activity not only affects user experience and website performance, but also increases the cost of running the infrastructure. The bot traffic makes it more difficult for people to purchase tickets, thereby hurting ticket sellers. The integrity of the ticketing website is also compromised due to such unwanted activities.

The researchers also observed a large number of instances where scammers sent bots to ticketing websites to steal usernames and passwords of customers. The stolen credentials were used to steal tickets or payment details from ticketing websites.

"Although the ticketing industry has led the way in terms of bot legislation, as seen with the BOTS Act in the US and similar rulings in Ontario, the UK, Australia and more, websites still face a huge hurdle when protecting against bad bots," says Tiffany Kleemann, CEO of Distil Networks.

"Whether a venue, primary marketplace, or secondary marketplace, any website that sells tickets can fall prey to this criminal activity, and a better understanding of the threat landscape can ensure the proper protective protocol is put in place," she added.

The AI and Machine Learning Awards are coming! In July this year, Computing will be recognising the best work in AI and machine learning across the UK. Do you have research or a project that you think deserves wider recognition? Enter the awards today - entry is free.