

How not to run a ticketing website - mydigitalself

This weekend, I had the misfortune of attending Bloc Weekend, a music festival in London that was shut-down by police due to overcrowding (http://www.thecmuwebsite.com/article/bloc-weekend-shut-down-amidst-over-crowding/).<p>The ticket vendor, ironically named CrowdSurge, are wiping their hands clean of the incident:<p>"Upon release of any further information from Baselogic, in particular the refund process for which they are solely responsible, we will contact you again."<p>The really interesting bit for me is that there were obvious problems with the ticketing system with the barcodes not being scanned correctly, I saw numerous people experiencing this.<p>I had 3 tickets, each sent to me via email. The ticket contains a barcode, which was scanned at the door. Allow me to present the HTML from the ticket below, in all it's secure glory:<p>http://crowdsurge.com/et-TicketBarcodeBig.php?code=862484
http://crowdsurge.com/et-TicketBarcodeBig.php?code=862483
http://crowdsurge.com/et-TicketBarcodeBig.php?code=862482<p>Now I'm not saying that CrowdSurge are solely responsible for what happened at the event, but as you can plainly see above, it's not very difficult at all to fake a ticket. Buy one, you'll have the numeric sequence, print numerous, arrive early, you're in.<p>Obviously the barcode image URLs need to be protected by unguessable ids with some sort of brute-force velocity checking, not just a URL that you can pass any number into and get a valid barcode in return.<p>The really unfortunate thing here is that CrowdSurge are a startup trying to disrupt the industry, but surely they have to get their technology a whole lot smarter than this if they want any skin in the game.
======
forgingahead
Well, let's be fair -- while the ticketing system is obviously rubbish and
tickets can be spoofed, there are other organizational issues that were
present. The article talks about on-site staff letting in anyone with a
ticket, and that the wrong wristbands were given out, just to name a few of
the issues.

It's bloody hard to run an event. I've done it for hundreds, and it isn't
pretty. 15,000 is a lot, and if you don't have operational experience or a
great ops plan, things get very bad very quickly.

So again, while the ticketing is a problem, the other issues would still be
present had they used EventBrite or Ticketfly for their ticketing solution.

~~~
dazzawazza
Tech problems are often the favoured problem space of HN'ers but in this case
it seemed that staff training and logistics played just as much if not more of
a hand in this failure.

------
oraj
My comment on this:

[http://www.crowdsurge.com/et-
TicketBarcodeBig.php?code=wowth...](http://www.crowdsurge.com/et-
TicketBarcodeBig.php?code=wowthisisacrappysystem)

~~~
brittohalloran
[http://www.crowdsurge.com/et-
TicketBarcodeBig.php?code=icant...](http://www.crowdsurge.com/et-
TicketBarcodeBig.php?code=icantbelievetheydontevenchecktomakesureitsnotaridiculousvalue)

------
joshaidan
Isn't a barcode easy to generate anyway without the provided URL? I could just
make my own software to create the barcodes. A better system of verification
would be perhaps matching the barcode ID to the name on the ticket when it's
scanned (this data retrieved from a central database).

~~~
brohee
A barcode is just encoding a number. Creating a barcode is obviously easy,
finding a valid number is supposed to be the hard part.

------
Pheter
I was there too and don't believe that the problem was with the ticketing
system. They overestimated the maximum capacity. The Swamp 81/Numbers stage
was massively popular and had a max capacity of 700... for an event with
15,000 attendees.

------
facorreia
Well, they surely disrupted that concert.

------
waldr
Oh the irony of the event being shut down for overcrowding, when the company
is called crowdsurge

------
jahewson
For just £15 you can take them to small claims court if you're refused a
refund, I'm not sure if you should be pursuing CrowdSurge (who are clearly
inept) or the concert organiser. Either way, don't settle for less than your
money back.

------
beeepbop
You say that the barcode was scanned at the door, and still think you could
get all your friends inside using the same ticket?

And how do you know any barcode you get from that website is a valid barcode?
It's just a barcode, you can make one in Word if you have the right font..

Edit: Of course, having the ticket codes after eachother like that without any
form of security check makes it a bad ticket system, but it doesn't
necessarily lead to an overcrowded concert, just a lot of unhappy customers.

------
jgroome
A couple of friends of mine were planning on going to Bloc on the Saturday
night. They didn't even get near the venue, and I was online immediately
trying to piece together the story of what happened. Some reactions from
people on Facebook: <http://twitpic.com/a4pei0/full>

Another nail in the coffin for British festivals. Sad.

------
smackfu
The numbering is really the issue, the barcode printing via a URL is no big
deal. The barcode should be encoding a secret number, not just encoding some
sequential number in a semi-secretive way.

------
antihero
With a barcode that horribly long, wouldn't they have been better going with a
QR code for reliability?

------
stuaxo
Iterating the # gets another barcode, this is poor.

------
joshaidan
Did you report this issue to CrowdSurge?

If you tell them, then they'll probably come up with a solution, and in the
process you would be helping a startup.

