Industry News

Experts offer top tips on mobile ticket security

Consumers have been urged to protect themselves from the risks associated with mobile ticketing, in a series of top tips put forward by sector experts.

Jonathan Donovan, chief product officer at the London-based operator behind the MTA e-ticketing project, was among those to tell the Fast Company website that consumers can benefit by choosing mobile over traditional paper tickets when they attend live events or travel by train or bus.

However, whether its mobile payments or storage and entry, the experts said consumers must limit their risk, focusing on technological and behavioural actions.

Donovan said lost or stolen phones must be reported immediately, with any ticket issuers also to be contacted as soon as possible.

“Mobile ticketing is better than traditional physical ticketing in the case of a passenger losing a ticket, or having the ticket stolen— especially if it is a commuter monthly or annual ticket worth hundreds/thousands of dollars,” Donovan told Fast Company.

James Nguyen, a product manager for mobile at Norton by Symantec, said consumers should be careful with screenshots, and certainly should not post them on social media, where they could be stolen.

Nugyen also added that smartphone malware could capture images of tickets and upload them to thieves. Mobile phone owners should be careful about the apps they download, and be wary of scanning machines that look suspicious.

“Sometimes it’s difficult, but you can be diligent about noticing additional hardware or wires come out of the scanning equipment,” he says.

Andrew Blaich, a security researcher at San Francisco mobile security company Lookout, said ticket holders should be wary of ‘shoulder surfers’ looking at their screens, perhaps on public transport. Criminals could theoretically attempt to steal a ticket or QR code by snapping a picture while it’s being displayed, said Blaich.

Blaich added that phones should be locked when not in use, and use strong passwords and two-factor authentication when possible.

Image: Karolina Grabowska