CAPTCHAs are over (in ticketing)

> So what’s left?

If the profit per successful abuse event is $200, the author's suggestion of limits on credit card numbers or phone numbers won't work either. Those are only effective against scaled abuse up to something like $1 / event. Bank accounts would almost certainly be more robust, but that seems quite hard to implement outside of a handful of countries where the online auth ecosystem is built around banks.

With generic abuse background, but not knowing anything about the ticketing abuse ecosystem, is doing the sales on a first-come-first-serve basis an absolute necessity from a business perspective? There would be a lot more tools available if the problem was reframed from "decide instantly whether to sell this buyer a ticket" to "decide which 10k of these 100k intents of purchase received during the first 24h to sell the tickets to". And by more tools, I mean offline analysis and clustering, not just a lottery.

(You'd still want to combine that with strongly personalized tickets though. It'd be how you address for bots-as-a-service, not how you address buying tickets to resell.)

I could see an issue with that since most people are going to be going to events in a group, and won't want to go unless everyone gets their ticket. If I wanted to go with three people, do you lottery us as a group or individually? If I want to go with 5 people and there's a lottery, the best thing to do would be have multiple people buy 5 tickets each, multiply that by every group and you have a lot of people buying tickets who don't actully want them and people who only put one order in get shafted