High-profile events in recent years have seen tickets sell out within seconds, leaving most fans empty-handed. How does this happen? Because scalpers deploy automated bots to purchase tickets in bulk, then resell them at extreme markups. Taylor Swift’s Eras Tour, for example, highlighted how automated buyers lock out real fans, leading to a very public outcry over limited ticket availability and inflated resale prices. In one case, fans paid more than 70 times the face value for tickets on secondary markets. This is a clear illustration of how unchecked scalping harms consumers and damages artists’ reputations.
Regulators are beginning to respond. In August 2025, the U.S. Federal Trade Commission (FTC) filed a complaint under the Better Online Ticket Sales (BOTS) Act against a major ticket reseller accused of bypassing purchase limits and hoarding hundreds of thousands of tickets.
According to the FTC’s allegations, the Maryland-based group— Key Investment Group— deployed thousands of fake accounts, proxy servers, and virtual credit cards to evade Ticketmaster’s safeguards. In just over a year, they allegedly acquired nearly 380,000 tickets, spending $57 million and reselling them for about $64 million.
The BOTS Act was passed in 2016 after widespread consumer frustration with automated scalping, but enforcement has been inconsistent. Prior to this case, the FTC had pursued only a handful of actions. Meanwhile, scalpers have continued to refine their methods, exploiting gaps in ticketing platforms’ defenses.
Both regulators and consumers are demanding change. So, what can ticket vendors learn from these developments? In the sections below, we’ll examine how scalpers operate, why single-layer security controls fail, and how multi-signal, layered identity threat detection can restore fair access to tickets.
How scalpers circumvent security controls
As the Maryland case shows, professional scalpers run complex, coordinated operations. Their tactics evolve to defeat standard security measures. Based on the recent FTC complaint and industry experiences, here are common methods scalpers use:
Sham accounts and fake identities: Creating or buying large numbers of accounts and leveraging fake IDs to do so,allows scalpers to sidestep per-person ticket limits.
Proxy networks and IP spoofing: Proxies and VPNs conceal location and prevent detection by velocity checks.
SIM swapping and SIM farms: Banks of SIM cards or VoIP lines supply hundreds of phone numbers for one-time passcodes (OTP) and verification challenges.
Mass credit card use: Virtual or stolen accounts distribute purchases across thousands of payment sources.
Automated software (“bots”): Bots execute purchases in milliseconds, selecting seats, solving captchas, and processing payments at a large scale no human can match. This gives scalpers a huge advantage in first-come, first-serve sales scenarios.
These methods are often combined. For instance, automation software might drive 500 fake accounts simultaneously, each behind a unique proxy, prepaid phone number, and virtual card.
This layered attack approach is designed to exploit any weak point. If defenses focus on blocking one tactic (e.g., IP velocity), scalpers pivot to another (e.g., more proxies). The result is the same: fans are shut out while brokers seize the inventory.
Even platforms that have invested heavily in anti-bot technologies continue to struggle against these sophisticated schemes.
Why single-layer defenses fall short
Given the multi-pronged nature of scalping, traditional single-layer defenses rarely succeed. Ticketing platforms often rely on measures such as IP monitoring, purchase caps, OTP verification, and basic user validation. These can block unsophisticated fraud, but advanced scalpers know how to bypass each one.
For example, according to the FTC, Ticketmaster required unique accounts, unique credit cards, unique IP addresses, and SMS verification. Yet the scalpers systematically defeated each control:
- Thousands of fake or stolen accounts made “unique” IDs meaningless.
- Virtual cards provided endless unique payment methods.
- Proxies rotated IP addresses at scale.
- SIM farms absorbed floods of OTPs.
This cat-and-mouse game shows why relying on one or two static checks is inadequate. Once scalpers identify the control, they adapt. An isolated rule such as “block after five tickets from one IP” is obsolete when attackers spread purchases across hundreds of clean IPs.
The bottom line: single-factor defenses create blind spots. Without additional layers, once the factor is compromised, cybercriminals pass through unhindered.
The case for multi-signal, layered defenses
No single indicator is foolproof. But correlating multiple signals —device, network, identity, and behavior —can expose scalpers’ patterns that isolated checks miss.
For example, an account may appear legitimate: it possesses a unique email, clean history, normal IP. Yet, if the phone number is a recently activated VoIP line and the IP shows proxy traits, those combined anomalies form a strong fraud threat signal.
A layered approach also detects broader patterns across accounts. A single IP accessing one account might be fine. The same IP logging into 50 accounts in rapid succession points to a scalping operation. Only by correlating signals across sessions can such patterns be uncovered.
In short, layered defenses make it exponentially harder for scalpers to spoof all signals at once without mistakes.
How ID Dataweb stops scalpers in real time
ID Dataweb secures ticketing for multiple high-demand sports franchises, strengthening their operations with real-time identity detection and fraud mitigation. ID Dataweb orchestrates diverse threat signals to combat ticket scalping effectively, drawing on data from telecom carriers, device intelligence, credit bureaus, fraud consortiums, and government records to verify each user’s authenticity.
These inputs feed into a dynamic decision engine that applies customizable policies. For example:
- If device risk is high and the email is newly created and the purchase amount exceeds $X, then the digital transaction shall require a government ID verification.
- If the phone number is a known VoIP and purchase velocity is abnormal; the digital transaction shall be blocked.
Because these rules evaluate multiple threat signals in concert, scalpers can’t simply exploit one weakness. And as tactics evolve, the platform can adapt by incorporating new data sources and refining policies.
By moving from static, single-factor checks to a multi-signal, layered defense, ticketing platforms can level the playing field, ensuring fairer access for real fans while making life much harder for scalpers.
Conclusion
Scalpers have outpaced traditional ticketing defenses by stacking fake accounts, proxies, bots, SIM farms, and virtual cards into coordinated schemes. Single-layer protections like IP monitoring or OTP verification are no longer sufficient, as each can be systematically bypassed. The only effective path forward is a multi-signal, layered fraud defense that analyzes identity, device, network, and behavioral data in concert. By correlating these signals in real time, platforms can expose hidden patterns, adapt to evolving tactics, and ensure that tickets go to real fans rather than automated scalping operations.
