The ticketing industry is under constant threat from malicious bots, with bad actors targeting these platforms for financial gain. Bots accounted for 31.1% of all traffic to entertainment platforms in 2024, with attacks ranging from scalping and credential stuffing to carding operations. When one public museum experienced a surge in fraudulent transactions, they turned to Imperva to stop the attack in its tracks.
Here’s how we helped them regain control, safeguard their operations, and prevent significant financial losses.
The Vulnerability: Carding Bots Exploiting Checkout Endpoints
The attack began as a low-and-slow carding operation, where bots tested stolen credit card information by attempting small purchases on the ticketing platform. Unlike high-volume attacks, these bots mimic human behavior to avoid detection, targeting the platform’s checkout endpoint.
The impact on the organization was severe:
- Fraudulent tickets were successfully booked using stolen cards.
- Chargebacks from banks piled up, damaging the company’s finances and reputation.
- The ticketing system faced intermittent slowdowns as the bots continued their operations.
How the Attack Was Detected
The museum realized something was amiss when they noticed a sudden spike in traffic at the checkout endpoint. Upon further investigation, they identified multiple IP addresses repeatedly attempting to book tickets using different credit card numbers. This was not a brute-force attack with overwhelming traffic but a calculated, low-and-slow attempt to exploit their system.
What Is a Low-and-Slow Attack?
Unlike rapid, high-volume bot attacks, low-and-slow attacks aim to evade detection by mimicking legitimate user behavior. Instead of flooding a server, these bots operate stealthily, sending minimal requests over a prolonged period. In ticketing, this can result in systems grinding to a halt during key events, leaving fans unable to purchase tickets and causing reputational damage.
The beauty—and danger—of a low-and-slow attack lies in its subtlety. Traditional bot detection systems, designed to flag rapid bursts of activity, often fail to catch these bots.
Imperva’s Response: Stopping the Carding Bots
When Imperva was brought in, the attack was already causing operational and financial strain. Our team quickly assessed the situation and implemented a series of measures to mitigate the threat and prevent future incidents.
Immediate Actions:
- Identify the signature of the attack: We identified the signature of the attack and applied rate limiting to the checkout endpoint and introduced behavioral analysis flags to block suspicious activity.
- Tracking Carding Events: Imperva’s tools were deployed to monitor patterns and track potential carding attempts.
Long-Term Solution:
We applied a behavioral model to identify and block the carding bots in real-time. This model has been used successfully to detect and mitigate both account takeover attacks and carding attacks.
The Results
With the checkout endpoint protected, the ticketing platform saw:
- A complete halt to fraudulent ticket bookings.
- Significant reduction in chargebacks from banks.
- Stabilized system performance, enabling legitimate customers to purchase tickets without disruption.
What Makes Carding Attacks So Dangerous?
Carding attacks are particularly harmful because they exploit payment systems directly, leading to:
- Financial Losses: Chargebacks can result in steep fines and lost revenue.
- Reputational Damage: Customers lose trust in a platform that cannot secure their payment details.
- Operational Strain: Continuous bot activity can slow down or even crash critical systems.
Trends in Ticketing Bot Attacks
The Imperva 2024 Bad Bot Report reveals that ticketing platforms are among the most targeted within the Arts and Entertainment sectors. Key trends include:
- Scalping Bots: These buy tickets in bulk, reselling them at inflated prices.
- Credential Stuffing: Bots use stolen login credentials to hijack user accounts.
- Carding Bots: As seen in this case, these validate stolen credit cards through small purchases.
- Low-and-Slow Attacks: Increasingly used to evade detection while causing significant harm over time.
In 2024, automation on ticketing sites surged to 86.5% of all traffic, with bad bots accounting for a third of that total.
What to look out for
As bots grow more advanced, ticketing platforms should look out for:
- Unusual traffic patterns on sensitive endpoints like login and checkout.
- Spikes in failed transactions, which may indicate carding attempts.
- Recurrent traffic from IPs such as residential proxy IPs, signaling persistent bot operations.
Evaluate your Business Logic:
- Evaluate Your Business Logic: Assess the business logic underlying your APIs and applications to identify potential vulnerabilities that attackers could exploit for malicious purposes. Look for ways to introduce restrictions that mitigate these risks.
- Add Restrictions Where Possible: If feasible, implement restrictions within your business logic to limit opportunities for abuse. Focus on preventing misuse at the source.
- Implement Advanced Protections if Needed: When restrictions are not sufficient or practical, reinforce your defenses by incorporating advanced solutions like Advanced Bot Protection to safeguard your applications and APIs from sophisticated bot attacks.
How to Beat the Ticketing Tricksters
Protecting against sophisticated bots requires more than traditional defenses like CAPTCHAs or IP blacklisting. Here’s how to stay ahead:
- Invest in Bot Management Solutions: Use tools like Imperva Advanced Bot Protection and ATO to detect and block malicious activity.
- Monitor and Analyze Traffic: Behavioral analytics can distinguish between legitimate users and bots.
- Educate Your Team: Stay informed about evolving threats to recognize and respond quickly.
At Imperva, we protect ticket sales platforms from the most advanced bot threats. With our solutions, you can safeguard your platform, protect your customers, and prevent financial losses.
Ready to protect your ticket sales? Visit our Advanced Bot Protection product page to learn how we can help.
The post How Imperva Protects the Arts Industry from Ticketing Abuse by Carding Bots appeared first on Blog.