John Grimm, senior director at Thales e-Security, examines how e-ticketing scams at the Six Nations championship can be thwarted
This weekend, rugby pandemonium will sweep across the UK once again as the Six Nations rugby tournament kicks off. Over the next few weeks, England, France, Italy, Scotland and Wales all be fighting for the chance to knock defending champions Ireland off the top spot.
While some fans may have been lucky enough to get tickets to the games to cheer on their home nation, others may find themselves being turned away at the turnstiles because, unfortunately, major ticketed events are fast becoming lucrative hunting grounds for would-be criminals.
As e-tickets become increasingly common, so does the risk of fraud. Without proper safeguards, e-tickets are much easier to replicate and fake than the traditional printed tickets. At the Rugby World Cup last year, for example, thousands of avid rugby fans were left disappointed as they discovered they were victims of ticket fraudsters through unofficial websites. Therefore, how can we reduce this risk and ensure tickets are valid and with their rightful holder?
E-ticketing, on mobile devices, has today become an essential for the majority of consumers. This method of delivery is fast becoming an ‘expectation’ for customers rather than a ‘luxury’. And it’s not difficult to see why. It’s on-demand, convenient and customers carry their mobile in their in the pockets everywhere they go.
However, balancing this level of convenience with security is of paramount importance. Only once a trusted infrastructure for issuing e-tickets is in place will widespread adoption of this method amongst consumers, across industries, be achieved.
Tackling the fraudsters
We can look at the airline industry, which has made significant investment in secure e-ticketing, to see how this is currently being achieved. Electronic boarding passes offer passengers a quick, easy solution to get from A to B and, as such, they have been quickly accepted by travellers. However, security is, of course, a primary concern in the airline industry and an altered boarding pass could bring catastrophic consequences.
By utilising digital signatures for boarding pass barcodes, their integrity and authenticity can be validated. This helps protect customers against forgery and enables validation upon check-in. Carriers use private signing keys to sign barcodes and issue associated public certificates from a public key infrastructure (PKI) for their validation. It is these private signing keys that underpin the security of the entire system. The ability to properly safeguard and manage these keys is an essential part of the puzzle, particularly when you consider that the easiest way to try to issue a non-authentic boarding pass is to compromise the carrier’s private signing key – allowing you to apply a legitimate signatures over an illegitimate pass.
Protecting private signing keys in specialised hardened devices or hardware security modules (HSMs) ensures that they are held within a protected environment, as well as allowing carriers to set specific access control policies to ensure that they are only used for their authorised purpose. As a result, would-be criminals are unable to exploit the weaknesses associated with storing keys on application servers and fraudulently assume the identity of the signing airline, or event organisers, and issue what appear to be legitimate tickets.
A winning combination of convenience and security
Secure e-ticketing needs to be at the top of the agenda for big sporting events, such as the Six Nations, if we are to prevent criminals capitalising on fandom. With more major events coming up this summer, such as the 2016 Olympics and the UEFA European Championships in France, there will be more opportunities for fraudsters to take advantage of a consumer frenzy. Organisers, then, need a secure solution to e-ticketing. Only when this is in place will fans and spectators willingly embrace e-tickets with confidence, knowing that fraudsters have been kept at bay.
How much do you know about tech in sport? Try our quiz!