Bots live in data centers and can't join the queue
Every ticket bot must run on a computer somewhere. People that run bots usually run lots of them, which means they need a data center to support them. You can set the Queue-Fair Security Gates to automatically exclude requests from known data centers including Amazon, Google and Azure cloud services, as well as known bad actor IP address ranges, without excluding real users or fans connecting from their home, office or mobile phone.
Uniquely to Queue-Fair, the data center check is applied at both the Pass and Join gates, to prevent credentials gathered by a human that Joined the queue at home from being sent to bots at a data center to get Passed in large numbers to your ticket site.
Using a PreSale page ensures fairness
If you have tickets, sneakers, NFTs or any other item going on sale at a particular time, then we always recommend deploying a Queue-Fair PreSale page. This page has a countdown clock, and when the appointed opening time for your event is reached, everyone watching the PreSale page joins the queue automatically.
Fans who join the queue from the PreSale page get a random queue position. Everyone who joins after the opening time, who didn't come in time to see the PreSale page, is inserted after them in first-come, first-served order.
The randomizer ensures that the event opening is fair - everyone who saw the PreSale page has the same chance of being close enough to the front of the queue to buy a ticket, and there's no advantage to scalpers, touts or bad actors who arrive early. If the number of people in the queue is large compared with the stock available, it makes it unlikely that any individual will be able to obtain more than one queue position close enough to the front to buy tickets before you sell out.
Network-Edge and Server-Side Security
Many of our customers prefer the simplicity and ease of integration with their online platforms of our Client-Side JavaScript Adapter, but some bot security checks can only take place on your servers, or at the Network Edge if you are using a Cloud provider. With Queue-Fair, you can continue to use the JavaScript Adapter and add a small amount of code to your servers to support the bot checks (the Hybrid Security Model), or you can do the entire process at the Network Edge or on your servers with our open source code, available in multiple languages.
When you use a Network Edge Adapter, Queue-Fair can intercept requests before they even reach your servers, providing optimum protection from DoS and DDoS attacks.
How can I prevent ticket bots, sneaker bots or human scalpers from making multiple purchases?
Once a person is Passed by Queue-Fair, they have a limited time to use your site to make purchases, called the Passed Lifetime. The ticket issuer should set this long enough to support slower internet users to finish their transaction, including time for a Forgot Password process. Setting this to a short time can help prevent humans from purchasing tickets over and over again - but not bots as a ticketing bot can work sites to buy a ticket much more quickly.
Instead, once a person has completed ticket checkout with their credit card details, your server can securely delete their queue position, preventing users from buying more tickets. If they try to buy tickets again, they'll be sent to the back of the queue, making each queue position single use for buying your tickets, sneakers or NFTs, beer or whatever it is for which people are queuing. This is an effective way to prevent multiple ticket purchases by sneaker bots, humans, and humans using bots alike.
Invitation-only queues using Join Tokens
By default, the Queue-Fair service will let everyone who visits the Queue URL join the queue. You can enable Join Tokens, which are securely signed tokens from your site that must be presented by each user when they attempt to Join the queue in order to receive a queue position.
Join Tokens operate automatically - your users won't have to type them in when they are buying your high demand limited edition sneakers - and you can choose to have your Join Tokens single use, meaning that each token can only be used once to join the queue. For many of our customers, single use Join Tokens are the ticket scalping answer they've been looking for.
So, if you are sending out marketing emails, you can send a different Join Token in each one that goes out - or you can require a login to accounts on your site before someone is sent to the queue when selling tickets, and give a unique Join Token to each login. If you can tie the Join Token to real users' crypto-wallet, credit card details, credit card number or physical delivery address, that's a great way of preventing the same person from joining the queue multiple times, thus preventing users from buying a ticket from you multiple times too.
Conclusion
Companies looking for a secure way to sell can search no more! Whether you are selling tickets, limited edition sneakers or anything high demand, Queue-Fair runs the most feature rich and secure queues on the market, though other less secure virtual waiting room providers charge much higher prices. We have a wealth of bot security features that you can easily customize to protect your buisness and fans from sneaker bots, ticketing bots and any other sort of bot:
- Secure signature that is specific to the users' browsers
- Requires use of browser features to be passed by the queue
- Limit per minute and total Joins and Passes by IP addresses
- Data center bots banned automatically
- Use Google reCAPTCHA or hCAPTCHA to ensure it's humans in your queues
- Proof of Work challenge stops bots obtaining large numbers of queue positions
- Delete each queue position after purchase to make each queue position single use
- Make your queue invite-only with Join Tokens to ensure one queue position, and one order per human customer
More details on beating sneaker bots and ticketing bots for your events and sales are in the Security Guide in the Help section of the Portal, and you can raise support tickets with your accounts team or account representative if you need help using these features, or need an answer to something specific regarding our services. How many of these bot security features you wish to use on your Virtual Waiting Room account is up to you.