Tencent's Anti-Scalping Solution for Scenic Spots' Ticket Reservation

TapTechNews August 22nd news, in response to the problem of difficult reservation and ticket grabbing on the popular scenic spots' official WeChat accounts as reported by netizens, Tencent today announced the Anti-Scalping Risk Control Solution.

It is introduced that ordinary people need to input verification codes, input ID cards, select dates, and submit orders when grabbing tickets, which takes at least 3-4 seconds at the fastest. Primary scalpers use automated scripts (malicious bots) to grab tickets and complete these actions within 0.0001 seconds. And advanced paid scalpers have stocked up a large number of mobile phones and accounts, and each device runs batch ticket-grabbing software and automated tools, which can instantly snatch a large number of tickets.

To this end, Tencent Security has deployed anti-scalping technology for the ticketing systems of many scenic areas and museums (specific scenic areas not announced), and intercepts scalpers with three lines of defense:

The first line of defense: Online interception of bots

Tencent Web Application Firewall (WAF) is located between the Web application and the external network, which can detect and block the abnormal large traffic access of automated scripts.

Through the analysis of the speed, frequency, and location of ticket grabbing, Tencent WAF can intercept most malicious bots. For example, if the IP addresses of those grabbing tickets for Beijing are concentrated in India and Singapore, it is mostly because scalpers have purchased off-site cloud resources for ticket grabbing.

The second line of defense: Screening out suspicious devices

Each device has its own digital characteristics. If the IP concentration and device concentration of this device are very high, it is most likely a false device or a suspicious device. After screening out suspicious devices, combined with a variety of verification code methods, it can effectively resist scalpers while ensuring the ticket-purchasing experience of ordinary users.

The last line of defense: Luring the enemy in-depth

The third line of defense applies Tencent Tianyu full-stack risk control engine (RCE). First, let a small number of scalpers come in to buy tickets, and then mark the abnormal IP: for example, if you get the ticket in 0.5 seconds and grab dozens of tickets every week, it is most likely abnormal.

As the number of suspicious actions of this IP increases, the color of this IP will become darker and darker until it becomes a black sample in the risk control system. It will be completely intercepted.

TapTechNews learned from the official Tencent that the company's anti-scalping technology can help museums, academies, parks, scenic areas, etc. solve 90% of the malicious traffic problems. Previously, without accessing Tencent RCE, when the popular museums opened the gates to release tickets, they would be swept empty by scalpers in just a dozen seconds. Now, the ticket-grabbing time window can be extended to 20-30 minutes.