Ticketmaster dumps CAPTCHAs to beat touting systems

Buys puzzles system

Could the days of the annoying and increasingly ineffective CAPTCHA web verification box finally be numbered?

According to reports, Global ticket sales powerhouse Ticketmaster is abandoning the standard CAPTCHA (Completely Automated Public Turing test to tell Humans and Computers Apart) in favour of a puzzle-based system from US firm, Solve Media.

This drops the squiggly and easy-to-mistype CAPTCHA's that currently protect most web systems from bots with simple puzzles that would, the theory goes, be harder for a computer to beat.

Where a conventional CAPTCHA might ask the user to enter the phrase 'Progress aRaTEena' after deciphering distorted letters in one half of the phrase, Solve Media's just asks the user a multiple-choice question.

To add salt to this, Solve Media's system employs a range of different puzzles answers to the same question, raising their complexity if it suspects an automated system is entering the text.

That consumers get frustrated with standard CAPTCHA's has been known for years but Ticketmaster is one of the first major companies to go as far as to abandon them altogether in order to streamline online sales.

A wide range of well-known brands have used Solve Media's puzzles but usually only for one-off interactions such as competitions.

"Anecdotally, we're starting to see an uptick in fan satisfaction. We're happy with what we've seen from a security standpoint as well," Ticketmaster's ecommerce vice president Kip Levin told AP.

There's another reason to drop CAPTCHAs - while better than nothing they don't work.

For the last decade web technologists have fought a losing battle to keep out bots, resulting in numerous small innovations. But even some of those have turned out to have weaknesses.

Even quite complex CAPTCHA's can be broken with reasonable consistency using machine intelligence. The problem has always been that the CAPTCHA concept depends on visual cues; making these more complex at best only buys time. Eventually machines catch up.

The ticketing industry has been on the receiving end of these systems, as a case from 2010 underlines in which three men were accused of building an automated network capable of breaking CAPTCHAs fast enough to automate ticketing buying to feed touts.

Will Solve Media's innovation keep the touts out? Only time will tell.

Tags: Ticketmaster, Personal Tech, security, PTC

Google introduces Chrome 'factory reset' pop-ups to tackle extensions hijacks

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Email Security and Data Protection

Encrypt your sensitive email

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.