Ticketmaster dumps CAPTCHAs to beat touting systems

Buys puzzles system

Could the days of the annoying and increasingly ineffective CAPTCHA web verification box finally be numbered?

According to reports, Global ticket sales powerhouse Ticketmaster is abandoning the standard CAPTCHA (Completely Automated Public Turing test to tell Humans and Computers Apart) in favour of a puzzle-based system from US firm, Solve Media.

This drops the squiggly and easy-to-mistype CAPTCHA's that currently protect most web systems from bots with simple puzzles that would, the theory goes, be harder for a computer to beat.

Where a conventional CAPTCHA might ask the user to enter the phrase 'Progress aRaTEena' after deciphering distorted letters in one half of the phrase, Solve Media's just asks the user a multiple-choice question.

To add salt to this, Solve Media's system employs a range of different puzzles answers to the same question, raising their complexity if it suspects an automated system is entering the text.

That consumers get frustrated with standard CAPTCHA's has been known for years but Ticketmaster is one of the first major companies to go as far as to abandon them altogether in order to streamline online sales.

A wide range of well-known brands have used Solve Media's puzzles but usually only for one-off interactions such as competitions.

"Anecdotally, we're starting to see an uptick in fan satisfaction. We're happy with what we've seen from a security standpoint as well," Ticketmaster's ecommerce vice president Kip Levin told AP.

There's another reason to drop CAPTCHAs - while better than nothing they don't work.

For the last decade web technologists have fought a losing battle to keep out bots, resulting in numerous small innovations. But even some of those have turned out to have weaknesses.

Even quite complex CAPTCHA's can be broken with reasonable consistency using machine intelligence. The problem has always been that the CAPTCHA concept depends on visual cues; making these more complex at best only buys time. Eventually machines catch up.

The ticketing industry has been on the receiving end of these systems, as a case from 2010 underlines in which three men were accused of building an automated network capable of breaking CAPTCHAs fast enough to automate ticketing buying to feed touts.

Will Solve Media's innovation keep the touts out? Only time will tell.

Join the CSO newsletter!

Error: Please check your email address.

Tags TicketmasterPersonal TechPTCsecurity

More about Ticketmaster

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place