Beating Sneaker Bots, Ticket Bots, Scalpers and Touts

It's a competitive world out there, and people are always trying to find ways to gain advantage. Here's how to protect your site from ticket bots with Queue-Fair when someone tries to cross the line.

As far as your busy onsales are concerned, you might think the more orders the better, but you might also have a problem with certain individuals buying more of your product than you consider fair use. Even though it may not yet be illegal in your country - and ticket bots for events frequently are illegal - it's something responsible ticket issuers, companies and artists take seriously when selling tickets, and retailers when selling limited supply products - in the shoe business where limited edition sneakers like air jordans have much higher prices on the resale market, automatic purchase bots are known as sneaker bots.

When a small number of people or bots act to snap up all the NFTs, sneakers or tickets you have for sale it can leave your other customers feeling left out, disappointed that they didn't get the chance to buy, and fears over ticket bots and scalpers buying more tickets for live events than real fans can easily make the news or be posted on twitter, harming your brand. It's just the same with sneaker bots.

answer account support tickets from first ticket bot benefits automation company

For NFT drops in particular, it is important that you control the rate at which NFTs are purchased or minted - meaning one per customer at a fixed rate of customers - as otherwise gas fee prices on the underlying crypto network will rise if a single individual or multiple individuals attempt to make too many transactions in too short a time, which can result in hundreds of millions of dollars of wasted gas fees, even from single drop events.

So how can you stop these people, who may use automatic software (ticket bots and sneaker bots) that emulates a browser, that they frequently find on discord, from buying all your stock to sell on for more money?

Queue-Fair helps you ensure one order per legitimate, human customer, at a rate that you control

There are several measures that you can adopt with Queue-Fair - at your option - to ensure that it's only people who are buying from your site during high demand sale events, not ticket bots or sneaker bots, and that they can only buy a ticket from you once, not pay for more tickets over and over again.

Bot use falls into two categories - completely automatic, where the bot functions without human interaction, and user controlled. A user controlled bot will use information gathered from a real human's browser to automate the buying process.

Then you also have purely human scalpers or touts, who aren't using sneaker bots or ticket bots, but buy from you again and again as soon as they have the opportunity, often to sell on secondary market services, so real fans get a worse deal and pay much higher prices.

Uniquely in the industry, Queue-Fair is feature rich in security controls that are designed to deal with all three classes of bad actor while protecting your servers.

young entrepreneur with trophy room purchase market sellers create higher prices for profit opinion

limited quantity stock sellers create millions resell profit company fairly reselling

How can I prevent ticket bots and sneaker bots from accessing my site?

The Queue-Fair system supports a range of tools to prevent ticket bots or sneaker bots from accessing your site while you sell tickets or sell shoes, or anything else for that matter, fitted as standard. For a start, every customer that is Passed by the Queue-Fair system gets a unique signature that your website can check to verify that each customer has been queued appropriately. If they fail the bot check, they get sent to the queue automatically - so bots and fans alike cannot cheat the queue and complete a ticket transaction on ticket websites without queuing.

Uniquely in the industry, our signatures include information specific to the user's browser, so if a user chooses to share the signature online, it's not an effective way to help others to skip the queue to access your ticket purchasing systems, sites or events.

The Queue-Fair system also requires the use of cookies and JavaScript in order to pass each user - and many bots don't support these browser features, and can't get through to ticket sites - while the browsers used by human fans all do support the required functionality.

Security Gates at Join and Pass

To catch a ticketing bot that is sophisticated enough to support JavaScript and handle internet cookies like a browser, we operate bot Security Gates at the Join stage, when a visitor is attempting to join the queue, and then again at the Pass stage, when they are passed from the front of the queue to your website.

These bot security gates are normally only used when sites are busy, because when your website is not busy, you want Queue-Fair to be transparent to support good bots like the Google Crawler, that indexes your website for search results, but not ticketing bots or sneaker bots that are active when your site is handling a busy sale.

If you want these bot security checks to be active all the time on your website, not just when your site is busy, you can make them Always On by setting the SafeGuard Rate (the threshold of busy-ness at which your queue turns on automatically) to zero, meaning that Queue Pages will always be shown, and the bot security checkpoints will always be run for all visitors, filtering out any ticket bot all the time.

The first and most obvious way to exclude sneaker bots and ticket bots is to use a CAPTCHA. Queue-Fair supports Google reCAPTCHA and also hCAPTCHA - you can take your pick, and can apply CAPTCHA at the Join gate to prevent a ticketing bot from joining the queue, or at the Pass gate to prevent them from being passed through to your site, or on both events.

If you don't want to inconvenience your human visitors with a CAPTCHA process, you can also use Queue-Fair's innovative Proof of Work challenge system, which runs silently in the background when someone tries to join the queue. The Proof of Work challenges that must be solved to receive a queue position become increasingly hard with successive Join attempts from each same IP address that tries to join the queue to buy a ticket. Harder challenges take more compute expenditure and time to solve, so Proof of Work makes it not cost effective for any ticket bot to join the queue or buy tickets for live events in large numbers, so you fill your queue with fans, not bots.

You can also set caps on the number of Joins per minute per IP address, and the number of total Joins per IP address for your queue, so multiple attempts to join the queue from a single IP address are automatically detected and banned. You can apply these caps on IP addresses to the Pass gate too.

Bots live in data centres and can't join the queue

Every ticket bot must run on a computer somewhere. People that run bots usually run lots of them, which means they need a data centre to support them. You can set the Queue-Fair Security Gates to automatically exclude requests from known data centres including Amazon, Google and Azure cloud services, as well as known bad actor IP address ranges, without excluding real users or fans connecting from their home, office or mobile phone.

Uniquely to Queue-Fair, the data centre check is applied at both the Pass and Join gates, to prevent credentials gathered by a human that Joined the queue at home from being sent to bots at a data centre to get Passed in large numbers to your ticket site.

first ticket bot illegal for live events stops real users account server websites

Using a PreSale page ensures fairness

If you have tickets, sneakers, NFTs or any other item going on sale at a particular time, then we always recommend deploying a Queue-Fair PreSale page. This page has a countdown clock, and when the appointed opening time for your event is reached, everyone watching the PreSale page joins the queue automatically.

Fans who join the queue from the PreSale page get a random queue position. Everyone who joins after the opening time, who didn't come in time to see the PreSale page, is inserted after them in first-come, first-served order.

The randomiser ensures that the event opening is fair - everyone who saw the PreSale page has the same chance of being close enough to the front of the queue to buy a ticket, and there's no advantage to scalpers, touts or bad actors who arrive early. If the number of people in the queue is large compared with the stock available, it makes it unlikely that any individual will be able to obtain more than one queue position close enough to the front to buy tickets before you sell out.

Network-Edge and Server-Side Security

Many of our customers prefer the simplicity and ease of integration with their online platforms of our Client-Side JavaScript Adapter, but some bot security checks can only take place on your servers, or at the Network Edge if you are using a Cloud provider. With Queue-Fair, you can continue to use the JavaScript Adapter and add a small amount of code to your servers to support the bot checks (the Hybrid Security Model), or you can do the entire process at the Network Edge or on your servers with our open source code, available in multiple languages.

When you use a Network Edge Adapter, Queue-Fair can intercept requests before they even reach your servers, providing optimum protection from DoS and DDoS attacks.

How can I prevent ticket bots, sneaker bots or human scalpers from making multiple purchases?

Once a person is Passed by Queue-Fair, they have a limited time to use your site to make purchases, called the Passed Lifetime. The ticket issuer should set this long enough to support slower internet users to finish their transaction, including time for a Forgot Password process. Setting this to a short time can help prevent humans from purchasing tickets over and over again - but not bots as a ticketing bot can work sites to buy a ticket much more quickly.

Instead, once a person has completed ticket checkout with their credit card details, your server can securely delete their queue position, preventing users from buying more tickets. If they try to buy tickets again, they'll be sent to the back of the queue, making each queue position single use for buying your tickets, sneakers or NFTs, beer or whatever it is for which people are queuing. This is an effective way to prevent multiple ticket purchases by sneaker bots, humans, and humans using bots alike.

Invitation-only queues using Join Tokens

By default, the Queue-Fair service will let everyone who visits the Queue URL join the queue. You can enable Join Tokens, which are securely signed tokens from your site that must be presented by each user when they attempt to Join the queue in order to receive a queue position.

Join Tokens operate automatically - your users won't have to type them in when they are buying your high demand limited edition sneakers - and you can choose to have your Join Tokens single use, meaning that each token can only be used once to join the queue. For many of our customers, single use Join Tokens are the ticket scalping answer they've been looking for.

So, if you are sending out marketing emails, you can send a different Join Token in each one that goes out - or you can require a login to accounts on your site before someone is sent to the queue when selling tickets, and give a unique Join Token to each login. If you can tie the Join Token to real users' crypto-wallet, credit card details, credit card number or physical delivery address, that's a great way of preventing the same person from joining the queue multiple times, thus preventing users from buying a ticket from you multiple times too.

Conclusion

Companies looking for a secure way to sell can search no more! Whether you are selling tickets, limited edition sneakers or anything high demand, Queue-Fair runs the most feature rich and secure queues on the market, though other less secure virtual waiting room providers charge much higher prices. We have a wealth of bot security features that you can easily customise to protect your buisness and fans from sneaker bots, ticketing bots and any other sort of bot:

Secure signature that is specific to the users' browsers
Requires use of browser features to be passed by the queue
Limit per minute and total Joins and Passes by IP addresses
Data centre bots banned automatically
Use Google reCAPTCHA or hCAPTCHA to ensure it's humans in your queues
Proof of Work challenge stops bots obtaining large numbers of queue positions
Delete each queue position after purchase to make each queue position single use
Make your queue invite-only with Join Tokens to ensure one queue position, and one order per human customer

More details on beating sneaker bots and ticketing bots for your events and sales are in the Security Guide in the Help section of the Portal, and you can raise support tickets with your accounts team or account representative if you need help using these features, or need an answer to something specific regarding our services. How many of these bot security features you wish to use on your Virtual Waiting Room account is up to you.

Beating Sneaker Bots, Ticket Bots, Scalpers and Touts

Queue-Fair helps you ensure one order per legitimate, human customer, at a rate that you control