Live Nation’s IT capabilities are under fire as lawmakers gathered to question its handling of the Taylor Swift Eras Tour ticket sale and the lack of competition within the ticketing industry.
Live Nation President and CFO Joe Berchtold blamed bots and scalpers for the poor customer experience during the ticket sale in a Senate hearing Tuesday, prompting senators across the aisle to dispute the company’s bot activity safeguards.
“We knew bots would attack that on-sale, and we planned accordingly,” Berchtold told the Senate Judiciary Committee. “We were then hit with three times the amount of bot traffic that we'd ever experienced, and for the first time in 400 verified fan on-sales, they came after our verified fan password servers as well.”
The bots failed to penetrate the company’s systems or acquire any tickets, Berchtold said, but the attack required Ticketmaster to “slow down and even pause” sales.
It led to “a terrible consumer experience, which we deeply regret,” he said.
Shortly after the November incident, Ticketmaster reported bot traffic resulted in 3.5 billion total system requests, four times the amount of system requests than the company’s previous peak.
Despite the technology hurdles, legislators suggested Live Nation did not do enough to protect fans from technical issues and bad actors.
Berchtold previously told Sen. Marsha Blackburn, R-TN, that Live Nation had a hard time distinguishing a bot attack from a consumer.
“The local power company down here, that is not the billion dollar company that you are, can tell when they’ve got a bad actor in their system,” Blackburn said during the hearing. “Do we need to make certain you have better people around your IT team?”
Staying diligent against bot attacks
Bot attacks are not new villains for businesses. In 2016, lawmakers passed the Better Online Ticket Sales Act, also referred to as the BOTS Act, to prohibit the use of software or other systems to circumvent security measures and access control systems in an effort to obtain tickets.
This gave businesses the ability to report bad bot activity to the Federal Trade Commission, and also gave the FTC the authority to enforce it.
Despite Live Nation’s struggle to contain bots during the Ticketmaster presale of Taylor Swift tickets, the company did not report the incident to the FTC.
“The FTC has failed in some of its enforcement duties, but that is because Live Nation Ticketmaster has failed to do the reporting that’s required to enable enforcement,” Sen. Richard Blumenthal, D-CT, said during the hearing. “And I think that really betrays the contention that you have been active against [bots].”
In addition to reporting to the FTC, organizations have other lines of defense against malicious activity. Businesses can implement technical solutions like bot management solutions and track transaction and customer behavior profiling to protect customers, according to analysts.
Businesses can use bot management solutions to analyze web or API traffic. These tools use a number of indicators and classifications to determine whether the actor is a human buyer or a malicious bot. The tools perform a range of functions to respond to the bot by either blocking them, sending fake data, delaying them or redirecting them to traps, Sandy Carielli, principal analyst at Forrester, said.
“This is a class of tools that has sprung up over the last several years, and they’ve matured significantly in the last few years,” Carielli said. “They are commonly used by a lot of e-commerce companies and other types of firms in order to prevent automated attacks, such as what we saw here.”
While adoption across industries is not yet fully established, these technologies are fairly standard for most e-commerce, travel, hospitality, financial services and media businesses, according to Carielli.
Berchtold said Live Nation invests millions of dollars in anti-bot technology every year and has created systems like Verified Fan to curb scalpers.
For companies at risk of scalpers, simply investing is not enough, Carielli said.
“If you are an organization that deploys your bot management solution as a sort of set it and forget it and you don’t do any of the fine-tuning, maintenance or [address] the latest attack patterns, you are more vulnerable as the bots evolve,” Carielli said. “This is an area where you need to stay up to date — you need to continue to work with your vendors and providers to understand the latest attack techniques and adapt your solution.”