The internet can be an awfully dangerous place, at least as far as personal information and fraud are concerned. Consumers need not have a long memory to think of the last time a massive data breach was exploited and the potential for fraud skyrocketed – often, that “day’s since last incident” clock never goes into double digits. Looking across the ticketing landscape, most sites are marked as secure, save one big one – Ticketmaster.com.
As the primary ticketing provider for a huge proportion of events, particularly here in the United States, Ticketmaster would be a pretty juicy target for folks looking to exploit any cracks in their system to reap the treasure trove of data on the worldwide event-going public. And, as you can see above, Ticketmaster.com is not built on a secure system.
Currently, this doesn’t register as a major red flag with Google, at least in terms of how Chrome displays things for users. Websites using a secure protocol (you’ll recognize them as starting with an https://) are given a green “secure” indication on the browser:
Just about every operator within ticketing meets this standard. Ticket Club (pictured), AXS, SeatGeek, StubHub and its parent eBay – all carry the “secure” notation and https:// url. It is unclear why Ticketmaster wouldn’t simply do so for its home page.
Before we’re accused of inciting a consumer panic for no reason, it should be noted that Ticketmaster’s website does use secure protocols once one enters any page where payment or contact information is entered. That is why it does not yet carry the dreaded “not secure” notation that Google began slapping on such websites earlier this year.
That said, it is only a matter of time before all websites using http:// rather than https:// will be marked as non-secure by Google. They say so themselves:
In following releases, we will continue to extend HTTP warnings, for example, by labelling HTTP pages as “not secure” in Incognito mode, where users may have higher expectations of privacy. Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.
We will publish updates to this plan as we approach future releases, but don’t wait to get started moving to HTTPS. HTTPS is easier and cheaper than ever before, and enables both the best performance the web offers and powerful new features that are too sensitive for HTTP.
In an increasingly dangerous online world, it seems like implementing core security protocols across the board would be a wise move. Most of the ticketing world has already done so. It’s only the monolithic entity in charge of almost all events that has yet to take that plunge. Hopefully, for both their sake and their customers’, they’ll do so before someone finds out a new way to exploit any security flaws that may exist and turn them into the next Yahoo, Target, or Equifax.