Over the past decade, digital transformation of the traditional paper ticket system has greatly improved user experience allowing for fast and seamless access to our favourite events. In most cases, all that is required is a smart phone device and a network connection. Nonetheless, most etickets today, despite their digitalisation, still display or hold static information, which is susceptible to duplication and fraud both on & offline. In addition, network contention, particularly at large-scale events, can cause considerable problems in the issuing of tickets and/or accessing them on the day.
Ticket still based on static, duplicable information
The use of static information across multiple industries from usernames, passwords right down to QR codes and static credit card numbers is still commonplace. This information can easily be intercepted by threat actors, and current eticketing solutions are equally susceptible. In the US around 12% of people who purchased concert tickets reported being scammed, whilst in the UK six in ten Londoners reported falling victim to ticket fraud. Once a ticket is issued in the form of a QR, barcode or even through near field communication (NFC), this information can be easily duplicated or copied. Dynamic security technologies have been posed to resolve some of these challenges, where the static information is constantly changing, but crucially these require constant network connection as they rely on 2-way (bi-directional) token exchanges to function (just like 2FA and MFA).
Network contention poses multiple challenges
When thousands of spectators confined to a certain area attempt to access their smartphone 4G or 5G network, network congestion becomes highly problematic. Internet access from any device often becomes unattainable, which means ticket issuing and ticket access during an event and on-demand can be incredibly challenging. As a result, people often resort to less secure means of ticket issuing including screenshots, downloads, and printouts of previously purchased tickets. In the case of the Champions League final in France 2022, this caused major issues as these screenshotted tickets were illegally stolen and resold, resulting in chaos at the entry points. This is a clear example of how digital fraud can quickly pose physical security risks for spectators at large scale events. In addition, resorting to these measures negates some of the key reasons for e-ticketing in the first place, including improved simplicity, user experience in addition to environmental factors.
swIDch’s eTicketing OTAC provides a constantly changing, dynamic, time variable eticketing solution which can be generated on-demand locally by the user, without relying on network connection. This means ticket holders can generate a super secure, constantly changing eticket which is unique to the individual user and cannot be used by anyone else at any point.
eTicketing OTAC provides:
- Generation of secure, dynamic etickets inside an app, which can be used to uniquely identify and authenticate visitors
- Dynamic QR/barcode/NFC codes generated without needing network infrastructure to exchange tokens
- Time window for validity configurable from seconds to hours
- Dynamic codes which do not duplicate, and cannot be re-used
- Removal of the need for any static information
OTAC ensures only known and authorised ticket holders can access events using dynamic, non-reusable, constantly changing code guaranteed with 0% duplicates (defeats packet sniffing attacks)
Potential solution flow for e-Ticketing
Unique features of swIDch’s OTAC technology in eTicketing include:
- Uni-directional authentication (no network environment required)
- Unique dynamic code for each individual user - no more duplication or ticket fraud
- Highly configurable code parameters enabling deployment with minimal UI changes ((including QR code, barcodes, and NFC)
- Can be deployed on existing infrastructure (no large, expensive infrastructure changes required)
- Lower CPU overhead (ie faster) compared to other authentication/encryption methods
- Lightweight SDK/applet available to implement code generator (on users smartphone app)
- Low CPU overhead for code verifier which can be implemented on a central backend server or in lightweight module
- Efficient user and device authentication management reducing time and manpower requirements
- Significant cost saving when compared to alternative solutions
- Faster and lower cost compared to authentication methods using PKI certificates
To understand more how swIDch’s eTicketing OTAC can revolutionise your systems, contact us below.
Contact us today
that provides all of the following features, tested and substantiated
by the University of Surrey technical report
sufficient to IDENTIFY user