Pain points

Over the past decade, digital transformation of the traditional paper ticket system has greatly improved user experience allowing for fast and seamless access to our favourite events. In most cases, all that is required is a smart phone device and a network connection. Nonetheless, most etickets today, despite their digitalisation, still display or hold static information, which is susceptible to duplication and fraud both on & offline. In addition, network contention, particularly at large-scale events, can cause considerable problems in the issuing of tickets and/or accessing them on the day. 


shutterstock_300059927 resize

Ticket still based on static, duplicable information

The use of static information across multiple industries from usernames, passwords right down to QR codes and static credit card numbers is still commonplace. This information can easily be intercepted by threat actors, and current eticketing solutions are equally susceptible. In the US around 12% of people who purchased concert tickets reported being scammed, whilst in the UK six in ten Londoners reported falling victim to ticket fraud. Once a ticket is issued in the form of a QR, barcode or even through near field communication (NFC), this information can be easily duplicated or copied. Dynamic security technologies have been posed to resolve some of these challenges, where the static information is constantly changing, but crucially these require constant network connection as they rely on 2-way (bi-directional) token exchanges to function (just like 2FA and MFA). 



shutterstock_2105509202 resize-2

Network contention poses multiple challenges

When thousands of spectators confined to a certain area attempt to access their smartphone 4G or 5G network, network congestion becomes highly problematic. Internet access from any device often becomes unattainable, which means ticket issuing and ticket access during an event and on-demand can be incredibly challenging. As a result, people often resort to less secure means of ticket issuing including screenshots, downloads, and printouts of previously purchased tickets. In the case of the Champions League final in France 2022, this caused major issues as these screenshotted tickets were illegally stolen and resold, resulting in chaos at the entry points. This is a clear example of how digital fraud can quickly pose physical security risks for spectators at large scale events. In addition, resorting to these measures negates some of the key reasons for e-ticketing in the first place, including improved simplicity, user experience in addition to environmental factors.   

shutterstock_2279305153 resized

The Solution

swIDch’s eTicketing OTAC provides a constantly changing, dynamic, time variable eticketing solution which can be generated on-demand locally by the user, without relying on network connection. This means ticket holders can generate a super secure, constantly changing eticket which is unique to the individual user and cannot be used by anyone else at any point.

eTicketing OTAC provides:
  • Generation of secure, dynamic etickets inside an app, which can be used to uniquely identify and authenticate visitors
  • Dynamic QR/barcode/NFC codes generated without needing network infrastructure to exchange tokens
  • Time window for validity configurable from seconds to hours
  • Dynamic codes which do not duplicate, and cannot be re-used
  • Removal of the need for any static information  

OTAC ensures only known and authorised ticket holders can access events using dynamic, non-reusable, constantly changing code guaranteed with 0% duplicates (defeats packet sniffing attacks)


Potential solution flow for e-Ticketing

OTAC solution builder image v.2



Unique features of swIDch’s OTAC technology in eTicketing include:

  • Uni-directional authentication (no network environment required)
  • Unique dynamic code  for each individual user - no more duplication or ticket fraud
  • Highly configurable code parameters  enabling deployment with minimal UI changes ((including QR code, barcodes, and NFC)
  • Can be deployed on existing infrastructure (no large, expensive infrastructure changes required)
  • Lower CPU overhead  (ie faster) compared to other authentication/encryption methods
  • Lightweight SDK/applet  available to implement code generator (on users smartphone app)
  • Low CPU overhead for code verifier  which can be implemented on a central backend server or in lightweight module 
  • Efficient user and device authentication management reducing time and manpower requirements
  • Significant cost saving  when compared to alternative solutions 
  • Faster and lower cost compared to authentication methods using PKI certificates

To understand more how swIDch’s eTicketing OTAC can revolutionise your systems, contact us below.   



Contact us today

Why swIDch

OTAC, developed by swIDch, is the original technology
that provides all of the following features, tested and substantiated
by the University of Surrey technical report
Why swIDch
sufficient to IDENTIFY user
Uni-directional authentication in
off-the-network environment

Single-step identification and authentication with the code alone. Include our biometric option and get single-step MFA. Vastly improved UX by removing steps.

OTAC is a dynamic code, which means the code is constantly changing. Eliminates all use of static information. Forget usernames and passwords forever. Vastly reduced workload for IT helpdesks. 

No network connection required for generating OTAC, enabling uninterrupted use no matter where you are. No more waiting for additional tokens/OTPs and no need for heavy public key infrastructure (PKI). 


Highly configurable code parameters and lightweight SDK/applet means wide range of deployment options on many devices across multiple sectors.