Language

20 Aug 2025in Business use cases

ID Verification vs. Ticket Scalping: How To Protect Fans and Organizers

Nikita Dunets

Deputy Director, Digital Identity Verification, Regula

Taylor Swift’s Eras Tour smashed all income records for a single tour last year, having grossed $2,077,618,725. However, it’s not just the artist or organizers who take great profits from events—there are also groups of people who earn by reselling tickets at much higher prices than their original value. 

Referred to as ticket scalpers, these people often use automated software to purchase tickets in bulk, making them unavailable to the general public at fair prices. The question is: is it legal? And, if it is, what can be done about it? What is being done? 

In this article, we will explore the nature of ticket scalping, where it stands from a legal point of view, and how ID verification can be a solution to this persistent practice.

Unirse

Subscribe to receive a bi-weekly blog digest from Regula

What is ticket scalping, and why is it dangerous?

In short, ticket scalping is the practice of reselling event tickets at inflated prices. Nowadays, this practice is arguably easier than ever, as coordinated online systems can acquire tickets in bulk within seconds of release. 

On top of that, the techniques have already gone past high-speed purchase bots and account farms—fraudsters use synthetic identities, as well as AI-driven tools that can solve modern CAPTCHAs. They create networks of pseudonymous accounts, assembled from stolen personal data and payments through disposable cards, while internet traffic is obscured through proxy software.

The issue has been getting more publicity over the past year, as more and more big events are being affected. Taylor Swift’s Eras Tour has arguably been the highest-profile case of late—3.5 billion bot requests crashed the Ticketmaster website for many fans worldwide, which gave scalpers enough time to run away with thousands of tickets. Almost immediately after the fact, the tickets popped up on the secondary market, with some priced as much as 70 times the original selling value.

Taylor Swift Eras Tour - anti-ticket scalping poster

In some countries, special measures have been taken to prevent people from scalping tickets during the tour.

For now, ticket scalping largely remains within a legal gray area, as many jurisdictions only regulate when it directly involves fraud, bots, or violating organizer terms.

One of the most famous examples of anti-scalping legislation is the US’s Better Online Ticket Sales Act (BOTS), which makes it illegal to use bots to bypass ticket purchase limits. However, the act of ticket scalping itself isn’t outlawed; what’s more, the law is rarely enforced in practice. Since its introduction in 2016, the only recorded federal case dates back to 2021, when three brokers purchased more than 150,000 tickets for popular events with the help of automated ticket-buying software. They were subsequently charged with $31 million in civil penalties.

Overall, the key reason scalpers succeed is the anonymity of online ticketing. When ticketing systems or event organizers don’t verify who’s behind each purchase, there is always room for illegitimate purchases. That’s why ID verification can be a solution, both at the point of sale and at the venues themselves (albeit with some caveats).

Anti-ticket scalping measures at the point of sale

ID verification before ticket purchase could potentially be the first line of defense against hoarding tickets via fake accounts. However, as of 2025, no widely used ticketing service requires a government-issued ID to create an account or buy a ticket. Exceptions can be found only in specific cases: for example, Manchester United season ticket holders are now required to pass an ID check during renewal as the club battles ticket scalping (known as “touting” in the UK). 

Practices that are much more common include having a “verified account” model for specific events, and limiting accounts to only a set number of tickets.

Ticketmaster’s policy screenshot

Ticketmaster’s rules for the event clearly state that only six tickets per app/person are allowed.

Such measures are thought to create less friction: they do give organizers some control over bulk buying without demanding government IDs from everyone. Ticketmaster, for instance, implemented the “Verified Fan” pre-sales system back in 2017, which is meant to give real fans priority access to high-demand tickets. Applied only occasionally and on the performer’s demand, the system asks for basic contact information such as email, phone number, and nothing else. If there are any tickets still available when the regular sale starts—which is quite rare—they can be bought by regular, unverified accounts. 

On top of that, Ticketmaster employs an official fan-to-fan ticket resale system, which is also meant to counter scalping to an extent. The only tickets made available via the system are verified by Ticketmaster and are sold at fair prices.

Ticketmaster’s resale policy screenshot

One day before the event, the Backstreet Boys concert has only verified resale tickets available.

However, a case for fan ID verification can still be made; if not for purchasing specific tickets, at least for account creation. An initial, one-time procedure can remove most of the repeated friction at checkout, and some platforms are indeed starting to implement it.

Interpark Global, a South Korean ticket aggregator, requires users to complete ID verification via passport scanning and selfie matching before they can reserve tickets for certain performances. Once verified, that same account can make future purchases without repeating the process.

Interpark Global fan ID verification example

The Interpark Global platform is requesting ID checks to get accounts verified for certain ticket purchases.

A verified ID record serves as a high-confidence barrier against ticket scalping. With its help, the platform can easily enforce the one-account-per-person rule, and shut down any repeated bulk buying attempts from the same person using different accounts.

Advanced ID verification solutions such as Regula Document Reader SDK (for document scanning) and Regula Face SDK (for selfie matching) can even stop elaborate identity fraud attempts like using forged documents or deepfake presentation attacks.

Another obvious advantage is that, after initial verification, transactions remain as fast as non-ID-protected sales.

At the same time, asking for an ID up front, even for a one-time procedure, can deter casual buyers. Moreover, platforms must store sensitive personal and biometric data very securely, and comply with local regulations (e.g., GDPR, CCPA).

Anti-ticket scalping measures at the venue

Venue access management is another crucial line of defense, as it makes sure that the person with a ticket is indeed the authorized ticket holder. It discourages fans from purchasing scalped tickets, and makes scalping itself less lucrative by extension—the initial buyer’s name will not match the ID presented on site. And while many organizers still use traditional methods, such as manual ID inspection by security staff, automated ID scanning and facial recognition at entry are slowly taking over. 

Last year, Major League Baseball introduced a system at some stadiums where fans can opt into facial authentication to enter. A camera at the turnstile recognizes the fan’s face and pulls up their ticket info, without needing to scan a barcode or show ID. In practice, that not only prevents unauthorized access via someone else’s ticket, but also speeds up throughput with the help of automation.

Initial deployments, like at the Great American Ball Park in Cincinnati and at various festivals, have reported faster entry and a reduction in ticket fraud incidents.

High-end security for high-level event

At the FIFA World Cup 2022 in Qatar, the organizers issued a mandatory digital fan credential, the Hayya Card, to every spectator as well as staff. It served as an entry permit to stadiums and the country as well, and it was scanned alongside the match ticket at stadium entrances. 

It was effectively a digital pass tied to the person’s preverified identity, as fans had to submit their passport details and a selfie through an online portal to obtain one. Regula Document Reader SDK and Regula Face SDK were both employed in the identity vetting process, with nearly 4 million visitors verified for the World Cup.

Aside from security, ID verification for event management provides practical convenience: it optimizes the registration and check-in process with the help of automated data capture from documents.

For example, in 2024, the Mobile World Congress (MWC) in Barcelona had the identities of more than 100,000 attendees pre-verified via their official website. With the help of Regula’s solutions, the organizers eliminated the problem of queues for ID validation at the venue and closed the doors to identity fraud.

As for compliance with personal data laws, organizers like MWC tend to limit data storage duration to only the days of the event, and use IDV vendors with a 100% on-premises infrastructure.

How Regula makes attendees and organizers fraud-safe

When tickets are bound to a verified identity at purchase, both ID document authentication and facial recognition provide assurance that only the original buyer can use them. That’s why we are seeing more and more real-world deployments of ID verification to combat ticket scalping, both online and offline. Event organizers and ticket aggregators are aiming to provide the best attendee experience while also protecting their own reputation—and they look for strong solutions to enable that.

For example, solutions like Regula Document Reader SDK and Regula Face SDK can easily integrate with existing mobile or web applications and perform robust identity verification for event management.

Regula Document Reader SDK processes images of government-issued IDs, verifies their real presence, and authenticates them, both in offline and online settings. Meanwhile, Regula Face SDK conducts instant facial recognition and prevents fraudulent presentation attacks (use of static face images, printed photos, video replays, video injections, masks) at registration.

Book Your Discovery Call

Let’s talk about making your ID verification faster, smarter, and fully integrated.

On our website, we use cookies to collect technical information. In particular, we process the IP address of your location to personalize the content of the site

Cookie Policy rules