nCipher Security Blog

Mobile ticketing- convenient and loved by consumers but with ease of use, comes risk

John Grimm | Vice President of Strategy and Business Development More About This Author >

The Rugby World Cup this week has grabbed the attention of fraudsters, who have potentially left thousands of avid rugby fans disappointed through their unofficial websites. Event organisers cannot shy away from consumer expectation for ‘in the pocket’ convenience of mobile ticket delivery and this event has been no different. But unfortunately, major ticketed events are fast becoming lucrative hunting grounds for would-be criminals and as e-tickets become increasingly commonplace, so does the risk of fraud. Without proper protections being applied behind the scenes, these digital passes are much easier to copy and fake than traditional printed tickets so how can we mitigate this risk, and ensure that tickets are valid and with their rightful holder?

Mobile is not simply a convenient channel for consumers; businesses stand to take advantage of the speed and associated cost savings that e-ticketing can bring.

A standout example of an industry that has made significant investment in secure e-ticketing is the airline industry – electronic boarding passes have quickly become ubiquitous, with speed, convenience and cost-savings leading to rapid adoption by carrier and swift acceptance by travelers. Clearly, in today’s heightened security environment, protecting these passes from alteration or manipulation is key.

The integrity and authenticity of an electronic boarding pass is validated by checking the digital signature of the barcode they use. A digitally signed barcode protects against forgery and enables validation upon check-in. Carriers use private signing keys to sign barcodes and issue associated public certificates from a public key infrastructure (PKI) for their validation. The degree to which carriers can trust their PKI depends on the protection afforded to the root and issuing CA private signing keys. The private signing keys underpin the security of the entire system – it is essential that they are properly safeguarded and managed.

It is not just the events and transport industries that handle vast numbers of tickets, and are looking to e-tickets to save time and money. The commercial cinema industry is now exploring the use of mobile ticketing, to help them remain connected with their customers in a digital age. This industry doesn’t need to look too far afield to find pioneering innovation in the security realm. The home cinema industry is one step ahead in the introduction of digital signing technology. PRIMA Cinema recently became the first company in the history of cinema to be granted rights to distribute first run movies directly to viewers in their home. PRIMA Cinema was able to do this by ensuring its content is limited to authorised users through a security system that relies on encryption, digital watermarking and digital signatures which are applied within the confines of purpose built high security hardware.

The news of e-tickets becoming a target for criminals may be hitting the headlines, but e-ticketing has become an essential technology for the majority of consumers. Industries including sports, entertainment, transportation, and more will now need to realise that this ticketing method is no longer considered a luxury but an expectation.