Comment by 12_throw_away
2 years ago
Huh, weird, a turns out an old, low-tech solution is much more secure than Ticketmaster's roll-your-own weird TOT-QR "security" (even considering the magic animation that that makes it "in a sense, alive")
(Not that requiring ID doesn't raise the same and also other consumer rights issues)
The thing is, unlike most of Europe, the US doesn't have a legal mandate for anyone to possess an ID card, and so in practice you got 50 states worth of driver's licenses, library cards, military or government employment IDs that can be used (or faked)... so you can't really use these for legitimately verifying anything unless you want to spend a lot of time and money to train your staff to spot fakes. Banks can do that but no one wants to do that for the goons that run security at venues for minimum wage.
Sure, but realistically no one is going to get a fake ID with a certain name on it so they can go to a concert with that person's tickets.
The problem isn't scams.
The problem is that Americans are not required to have an ID -- at all. No federal law requires it, and there is none issued by default.
(This is not the same as saying "Americans don't have to carry an ID" even though that is also true.)
2 replies →
How hard is it to get access to a database to confirm that a scanned ID is valid, and corresponds to the name written on it?
Easy if you're government (every random cop on a traffic stop must be able to do that after all) but really REALLY hard for private entities.
The exception is anything that is accepted by airports for international travel aka, for you Americans, only a passport - ICAO 9303 is very detailed on how you can access the data stored on them. The specs and a basic understanding on how to communicate with smartcards are decent enough to get you to a readout in maybe a weekend worth of work. The authentication is either via a code derived from the MRZ or a dedicated access code printed on the document.
Hopefully pretty hard.
1 reply →