Beating Scalpers & Bots on tiket.com Concert Ticket Purchases
Motivated UI/UX Designer with 3 years in user-centric design at s.p Digital, passionate about art and technology, and active in the Indonesian design community.
Akbar Wijaya — Product Designer Solo portfolio project. Not affiliated with tiket.com or its internal team.
Background
After EXO's & BTS's concert tickets went on sale, Twitter/X and Instagram flooded with complaints from fans (EXO-L & ARMY). Tickets sold out in minutes, not because fans were too slow, but because professional scalpers and automated bots got there first. Those tickets then resurfaced on unofficial platforms at up to 3× the original price.
One question kept coming up:
Why does this keep happening, and where exactly is the gap?
Finding the Problem
Research came from two angles, combing through fan complaints on social media, and auditing the existing purchase flow inside the tiket.com app. Three gaps emerged that scalpers had been exploiting all along.
Account registration is too easy. All it takes is an active email or phone number, so scalpers can spin up hundreds of clone accounts to stack the odds in their favor during a ticket war.
The per-account purchase limit becomes a weapon. It was designed so one user could buy tickets for friends or family in a single transaction, a good intention. But combined with the first gap, it backfires: clone accounts that survive the war can immediately sweep few tickets at once.
E-tickets are static PDFs. The QR Code never changes, so a single PDF file can be copied and sold to multiple buyers illegally, a scam that only surfaces when fans are already standing at the venue gate.
Designing the Solution
The starting question was simple: how do you make a scalper's business model stop working?
It came down to two things, tie every ticket to one verified identity (1 National ID = 1 Ticket), and make tickets non-transferable after purchase (Dynamic QR). Those two moves close the main gaps.
But follow-up questions couldn't be ignored: What about kids who don't have a national ID yet? What about fans with poor devices or unstable connections who need a friend to buy on their behalf?
And a technical one: if everyone has to queue and checkout individually under a strict identity system, server load explodes the moment thousands of people hit the site simultaneously.
All three questions led to the same answer, tiket Squad, a verified group buying feature that handles inclusivity and keeps server load normal at the same time. The transaction pattern stays familiar (one account buys multiple tickets), but this time every ticket is locked to a verified identity with no exploitable gaps.
How the Solution Works
1 National ID = 1 Ticket & tiket Squad
Before the sale opens, the user acting as Captain creates a tiket Squad tied to a specific event ID. Squad capacity follows the maximum ticket limit for that concert. The Captain sends invites, and each member must actively press "Agree & Join", the system doesn't allow the Captain to input anyone else's data unilaterally. Every member's national ID is verified in the background before the war begins.
During the war, the Captain enters the virtual queue. Once through, the ticket quantity is automatically locked to the Squad size, no +/− buttons to fiddle with. The Captain picks a category in one tap, and the system opens a fully pre-filled checkout page with no forms to complete. No manual input, no risk of typos under pressure. The Captain just hits pay.
If a selected category has fewer seats available than the Squad size (say VVIP only has 2 slots but the Squad has 4), the system automatically splits the Squad into sub-groups with derived IDs, all under a single payment by the Captain.
For child attendees (ages 5–13 who must be accompanied), a parent links the child's identity through the family ID card. The verified child profile can then be added to a Squad slot, and if the parent leaves the Squad, the child's slot leaves with them.
A few guardrails prevent abuse: Squads can only be created after an event's landing page goes live, each national ID can only be registered in one Squad per event, and Captains cannot forcibly remove members, only members themselves can choose to leave.
Dynamic QR Code
No more static PDF e-tickets. The QR Code only lives inside the My Ticket menu in the app, activates 4 hours before the concert, and refreshes every 15–30 seconds using encryption based on a ticket ID + timestamp combination, designed to run offline so it stays valid even when the venue network is overwhelmed by the crowd.
On event day, venue entry becomes:
Main Gate → Scan QR → Get wristband → Enter venue
The wristband goes on immediately after a successful scan, replacing the old PDF ticket exchange system that used to happen either the day before or on the day itself. One QR, one wristband. Staff also see the ticket holder's name on screen as a lightweight verification reference, no physical ID check needed.
Preview Hi-Fi
Create Squad
The key change on this screen happens at the event landing page level. While the ticket sale is still counting down, a Create Squad button appears, giving the Captain a head start to set everything up before the war begins. From here, they can invite friends, family, or children one by one, and enter a membership code if the event requires it.
The Create Squad flow itself is built entirely on existing components. The bottom sheet used here is the same one already found in the category details screen, keeping the interaction familiar to returning users and potentially simpler to implement on the engineering side as well.
Join Squad
For invited members, the entry point is the same, the Create Squad button on the event landing page. But if the user has already been invited, instead of landing on the creation form, an information popup appears notifying them of the pending invitation. From there, if they choose to accept, a bottom sheet opens for them to fill in their member slot, for themselves, and for any children if applicable. Once done, they simply tap Agree & Join.
Checkout & My Ticket
Once the Captain makes it through the queue, the checkout page appears with everything already filled in, ticket quantity locked to the Squad size, member data auto-populated, no forms, no manual input. Just like the existing flow, there's nothing left to fill out. The Captain picks a category and hits pay. All the heavy lifting was done back at the Squad setup stage.
After purchase, the PDF ticket is gone. In its place, My Ticket displays a live rotating QR code that activates 4 hours before showtime and refreshes every 30 seconds, making screenshots and duplicates useless. It runs offline too, so a packed venue with poor signal isn't a problem. At the gate, one scan issues one wristband, and the ticket holder's name appears on the staff screen as a quick visual check.
Goals
Make the volume-dependent scalper business model unworkable, tickets are identity-bound and can't be mass-resold.
Zero duplicate e-ticket fraud via Dynamic QR.
Faster checkout by shifting data input to the preparation phase, long before the war starts.
An inclusive system, fans with limited devices or poor connectivity can still be covered through a Squad.
Testing: Checkout Speed Comparison
Both flows use autofill — so what's actually being measured is whether a Captain buying on behalf of a full Squad takes the same time as the existing flow where one user buys multiple tickets at once. If the Squad flow matches or beats the existing time, that's the goal: proving the identity verification layer doesn't slow things down at checkout.
10 participants were split into two groups. The first group bought tickets only for themselves, so no ID National data entry was needed. The second group bought for friends or relatives — with ID National data on hand, copied and pasted in. Across both groups, the existing flow averaged 3–4 minutes.
The Squad flow averaged 2–3 minutes — about a minute faster — since there was no data input at all during checkout. No split scenario was tested, as the transaction structure remained the same.
| Condition | Average Duration | Notes |
|---|---|---|
| Existing (1 user, multiple tickets) | 3–4 minutes | Some participants bought solo; others copy-pasted NIK data for relatives |
| Squad (Captain buys for group) | 2–3 minutes | No data input at checkout; no split scenario tested |
The Squad checkout came in faster across the board — confirming that moving data entry to the setup phase doesn't just eliminate friction during the war, it actively saves time.
