We are experiencing what appears to be bot activity that involves fake accounts using stolen credit cards on our TNEW ticket purchase path. This activity has greatly increased in the past week and is a major issue.
If you use TNEW you should be reviewing orders and on the lookout for fishy behavior.
I'm posting this here to help the community with general awareness. If you discover similar behavior on your TNEW purchase path, perhaps post below or notify Tessitura so they are aware of how widespread this fraud scheme is.
How would you suggest reviewing the orders to identify fishyness? Any tips to keep a lookout for?
A big tell is the email address. Often they use an email that is not real. The way to figure that out is to put whatever is after the @ sign into a browser and see if it takes you to an actual website. We also use a couple dashboards that look for accounts that have up to our total ticket limit in one or more purchases for the run of a show. We have another dashboard that looks for any accounts with ticket purchases over our limit. Our ticket office then refunds tickets on accounts that have violated our ticket policy.
Hey Joseph,
This has been on the increase for months now. We are TNEW but I believe this is happening to non-TNEW members as well. We have heard organizations outside the Tessitura Network (especially Broadway presenters) are also seeing a dramatic increase in this behavior. There's quite a few threads about this on many of the forums. I'm hoping Tessitura sees all of these posts and works to help us fight back against these bad actors. I have a couple dashboards we use to find accounts that have broken ticket limits if you'd like them.
Chris
I've noticed that ours are a lot of gibberish@outlook, or gibberish@hotmail. And US states that are not normal to us. Yes, we're a tourist destination, but I've seen Utah and Wisconsin in new accounts. I also run the New Record Summary for the web user, and scan it for whacked out email addresses. I inactivate the accounts if there's no activity, and pass to box office if they do have an order. We also run the Attendance by Performance report to scan future shows and large orders that don't make sense
Christopher Cuhel said:I have a couple dashboards we use to find accounts that have broken ticket limits
which i found in one of other forums, lovingly stole, and am about to put into the system!
I do also agree/hope that everyone who is noticing alerts Tessitura so we have an idea of how bad it really is. And I would love if there could be a public response from Tessitura in the near future about what's going on/what can be done/what is being done, assuming it really is bad as I fear
We are still on Windcave and enabled strictest AVS. Hoping that helps stop some of the bleeding we were feeling. We have started seeing "address not match, zip match" and some of the records don't have an address match in Windcave so they are rejecting. Below are the AVS settings we could choose from and went with option 2. We don't want to open the flood gates if we can help it.
Joseph,
As others have mentioned, this seems to be increasing across the board. A couple of questions for you that may help us all focus our tracking.
I am also curious as to what type of patron facing language organizations have in the purchase path that outlines policies on resale of tickets. I sometimes wonder if a committee made up of member orgs could come up with some standard language to address the reselling of tickets and at the same time could encourage Tessitura to implement a solution that would allow better control over the tickets we sell.
Jeff
Hi Jeffrey,
We're on TNEW and Windcave and have enabled the "lax" AVS, where either the street address or the postal/zip code must match between the patron's account and the billing address that's associated with the credit card.
To answer your questions:- We're definitely seeing shows all within one week of the order, typically one, two or three days- The seats depend on the show. Some of our shows are really well sold, while others have a lot of inventory so the tickets being purchased are pretty much wherever available. - Usually, it's one credit card per account, and it's one or two orders per account. Occasionally we've seen the same credit card being used in multiple orders, but that's more rare. - So far we've only had a handful of tickets actually scanned in. We've been trying to catch these tickets by pulling daily reports of new TNEW accounts created for the previous day and we look for certain "fraud markers" such as a gibberish email @ outlook, a US address, and one or two orders for upcoming concerts. We then add an Nscan message to those tickets so that the attendees can come up to the Patron Services desk and we can ask them questions about where they bought the tickets, what seats and how much they paid. This is a bit of a debate we're currently having - when we first started seeing these disputes over two months ago, we were returning those tickets immediately and so some patrons would come in with invalid tickets. This created a customer service issue, as you can imagine, so we're no longer doing that. However, we've also noticed that only a very small number of people actually attend so we're not sure yet how we're going to proceed. We created a page on our website with ticket reseller info - https://www.tso.ca/concerts-and-events/ticket-information/beware-of-ticket-resellers/ - and we also added messaging to our Print at Home tickets to hopefully deter the bad actors. The copy says: "We only authorize the sale of tickets through Toronto Symphony, Roy Thomson Hall, and Ticketmaster. Tickets purchased from any third-party reseller may not be valid. Visit TSO.CA/TicketResellers or contact Patron Services."
Anastassia,
This is amazing! Thank you for sharing! I am curious, being at a Canadian based organization, are the bad actor accounts typically being created using a US based address or a Canadian based address? For us here in Philadelphia, most of our scalper/fraud accounts are usually located outside of PA and the surrounding states (during our Black Friday sale, we had accounts from IL, IN as the most typical state for fraud accounts).
We also see mostly accounts created with the gibberish @ outlook email addresses, but not always.
I so appreciate you sharing your webpage regarding ticket resellers. You have been very thorough!!
It would be so helpful as your org continues the debate on how to handle these to keep the conversation going here!
I'm definitely happy to keep you updated on our progress and any changes to our process. This has been quite a rollercoaster of an experience!
I think all of the fraud accounts are being created with a US address (we haven't seen any with Canada or any other country). And we do have a lot of legitimate US patrons, so we don't want to block it from purchasing on TNEW.Most of the email addresses are also outlook accounts, but we recently started seeing a few hotmail ones.
We went with AVS-2 on TNEW and the accounts are still created but no new orders so far.We didn't enable it on the Tessitura side. We get calls now from legitimate patrons that they cannot place an order online since we have switched AVS to 2. This enables those orders to go through over the phone. Usually these are patrons with apt #s or po boxes. Verifying that the address matches what they see on their CC bill has not resolved this issue unfortunately, so a few will be forced to always order by phone.We have upped the re-captcha security for signing up and we don't have guest checkout enabled. This has not made a difference on the account creation front. So Im not sure if its really good bots or its human driven. hotmail and outlook have their own bot protections for creating email accounts and they are getting past that too, so not surprising.Had one of the tickets actually get scanned at a show all others are unattended. All end in a charge back.Usually orders are for the day of or the next day. That way the show has happened by the charge-back happens.
Viktor,
Thank you for sharing! This is great information to add to the collection and I like your detail on AVS-2 and how it has affected the issue for you and your patrons.
Viktor - We are self hosted and just turned on AVS-2 through Windcave and are having some issues with patrons being decline online because of the AVS mismatch. When you say you did not enable this on the Tessitura side, do you mean for "Require Postal Code" you made that "Never" if they are calling in to purchase?Jena
We are self hosting Tessitura and TNEW (the ticketing site) is hosted by Tessitura.
So to stop the ticketing fraud on TNEW I have changed the hosted payment setting to AVS 2. I did not change that setting (its still 0) on our locally hosted Tessitura. This way those that call our call center are still able to place an order if the TNEW site blocked them.We are looking into requiring only the postal code for AVS 2 which is a change on windave's side. Still waiting for some answers. The hope is that not checking the street address will eliminate the issue with apt# and PO boxes. This will fix the potential issue with differently formatted addresses, but it will not fix the issue with institutions that do not support address validation. AVS2 will still block those.Not sure where that require postal code setting is that you mentioned. If you let me know I can check what we have it set to.