We are experiencing what appears to be bot activity that involves fake accounts using stolen credit cards on our TNEW ticket purchase path. This activity has greatly increased in the past week and is a major issue.
If you use TNEW you should be reviewing orders and on the lookout for fishy behavior.
I'm posting this here to help the community with general awareness. If you discover similar behavior on your TNEW purchase path, perhaps post below or notify Tessitura so they are aware of how widespread this fraud scheme is.
Joseph,
As others have mentioned, this seems to be increasing across the board. A couple of questions for you that may help us all focus our tracking.
I am also curious as to what type of patron facing language organizations have in the purchase path that outlines policies on resale of tickets. I sometimes wonder if a committee made up of member orgs could come up with some standard language to address the reselling of tickets and at the same time could encourage Tessitura to implement a solution that would allow better control over the tickets we sell.
Jeff
Hi Jeffrey,
We're on TNEW and Windcave and have enabled the "lax" AVS, where either the street address or the postal/zip code must match between the patron's account and the billing address that's associated with the credit card.
To answer your questions:- We're definitely seeing shows all within one week of the order, typically one, two or three days- The seats depend on the show. Some of our shows are really well sold, while others have a lot of inventory so the tickets being purchased are pretty much wherever available. - Usually, it's one credit card per account, and it's one or two orders per account. Occasionally we've seen the same credit card being used in multiple orders, but that's more rare. - So far we've only had a handful of tickets actually scanned in. We've been trying to catch these tickets by pulling daily reports of new TNEW accounts created for the previous day and we look for certain "fraud markers" such as a gibberish email @ outlook, a US address, and one or two orders for upcoming concerts. We then add an Nscan message to those tickets so that the attendees can come up to the Patron Services desk and we can ask them questions about where they bought the tickets, what seats and how much they paid. This is a bit of a debate we're currently having - when we first started seeing these disputes over two months ago, we were returning those tickets immediately and so some patrons would come in with invalid tickets. This created a customer service issue, as you can imagine, so we're no longer doing that. However, we've also noticed that only a very small number of people actually attend so we're not sure yet how we're going to proceed. We created a page on our website with ticket reseller info - https://www.tso.ca/concerts-and-events/ticket-information/beware-of-ticket-resellers/ - and we also added messaging to our Print at Home tickets to hopefully deter the bad actors. The copy says: "We only authorize the sale of tickets through Toronto Symphony, Roy Thomson Hall, and Ticketmaster. Tickets purchased from any third-party reseller may not be valid. Visit TSO.CA/TicketResellers or contact Patron Services."
Anastassia,
This is amazing! Thank you for sharing! I am curious, being at a Canadian based organization, are the bad actor accounts typically being created using a US based address or a Canadian based address? For us here in Philadelphia, most of our scalper/fraud accounts are usually located outside of PA and the surrounding states (during our Black Friday sale, we had accounts from IL, IN as the most typical state for fraud accounts).
We also see mostly accounts created with the gibberish @ outlook email addresses, but not always.
I so appreciate you sharing your webpage regarding ticket resellers. You have been very thorough!!
It would be so helpful as your org continues the debate on how to handle these to keep the conversation going here!
I'm definitely happy to keep you updated on our progress and any changes to our process. This has been quite a rollercoaster of an experience!
I think all of the fraud accounts are being created with a US address (we haven't seen any with Canada or any other country). And we do have a lot of legitimate US patrons, so we don't want to block it from purchasing on TNEW.Most of the email addresses are also outlook accounts, but we recently started seeing a few hotmail ones.
We went with AVS-2 on TNEW and the accounts are still created but no new orders so far.We didn't enable it on the Tessitura side. We get calls now from legitimate patrons that they cannot place an order online since we have switched AVS to 2. This enables those orders to go through over the phone. Usually these are patrons with apt #s or po boxes. Verifying that the address matches what they see on their CC bill has not resolved this issue unfortunately, so a few will be forced to always order by phone.We have upped the re-captcha security for signing up and we don't have guest checkout enabled. This has not made a difference on the account creation front. So Im not sure if its really good bots or its human driven. hotmail and outlook have their own bot protections for creating email accounts and they are getting past that too, so not surprising.Had one of the tickets actually get scanned at a show all others are unattended. All end in a charge back.Usually orders are for the day of or the next day. That way the show has happened by the charge-back happens.
Viktor,
Thank you for sharing! This is great information to add to the collection and I like your detail on AVS-2 and how it has affected the issue for you and your patrons.
Viktor - We are self hosted and just turned on AVS-2 through Windcave and are having some issues with patrons being decline online because of the AVS mismatch. When you say you did not enable this on the Tessitura side, do you mean for "Require Postal Code" you made that "Never" if they are calling in to purchase?Jena
We are self hosting Tessitura and TNEW (the ticketing site) is hosted by Tessitura.
So to stop the ticketing fraud on TNEW I have changed the hosted payment setting to AVS 2. I did not change that setting (its still 0) on our locally hosted Tessitura. This way those that call our call center are still able to place an order if the TNEW site blocked them.We are looking into requiring only the postal code for AVS 2 which is a change on windave's side. Still waiting for some answers. The hope is that not checking the street address will eliminate the issue with apt# and PO boxes. This will fix the potential issue with differently formatted addresses, but it will not fix the issue with institutions that do not support address validation. AVS2 will still block those.Not sure where that require postal code setting is that you mentioned. If you let me know I can check what we have it set to.
This is good information. So I could turn on AVS-2 for web only and resort back to AVS-0 for our box office. The area I am referring to is underGo To > Campaigns > References > Payment Methods You have to scroll to the right a little to see Require CVV and Require Postal Code.
Looks like thats always set to never for us.