Ticketing companies

Scalper detection, bot blocking & organiser account protection

When a 5,000-seat show sells out in 90 seconds, know whether real fans bought the tickets — or one device cluster with dozens of accounts and a resale channel ready.

Hawona Rodgers WisdomRobert OdhiamboRidan HawiTalk to Founders

Trusted by forward-thinking teams

3Payd logo
StartinEV logo
IBM logo
Duniafrika logo
Nailinq logo
Vabu logo
Grupchat logo
Lumeka logo
3Payd logo
StartinEV logo
IBM logo
Duniafrika logo
Nailinq logo
Vabu logo
Grupchat logo
Lumeka logo
3Payd logo
StartinEV logo
IBM logo
Duniafrika logo
Nailinq logo
Vabu logo
Grupchat logo
Lumeka logo

Overview

Ticketing platforms in Kenya operate in a high-stakes environment. Between inventory going live and selling out can be as little as 90 seconds — and that window is where fraud happens.

Two threat types define the landscape: automated scalping that drains inventory before real fans can buy, and account takeovers targeting organiser accounts that control releases, pricing, and revenue.

Keverd addresses both at the device level. The same engine that catches application fraud catches a scalper bot — one device, many fake identities, moving faster than any human can.

The problem

What ticketing fraud looks like

Scalper bots sweeping inventory

Scripts hit the platform the moment inventory goes live — dozens of accounts, cart and checkout faster than any human, often from a small device cluster behind rotating VPNs. A 5,000-seat show can sell out in 90 seconds to one or two operators with a resale channel ready.

Multi-account bulk buying

One operator registers 50 accounts from the same device before a major sale. Each buys the per-customer limit — 200 tickets that looked like independent buyers. Device history makes the pattern visible: 50 registrations from one fingerprint in 72 hours is a pre-attack signal.

Organiser account takeover

Organiser accounts control pricing, releases, discount codes, and revenue withdrawals. Takeover enables bank-detail redirects, fraudulent events, inflated releases, or refund float theft — usually from a device that has never accessed that organiser before.

Fake registration farms

Before on-sale, fraudsters bulk-register accounts — fresh email, fresh phone, clean at registration time, all from the same device cluster. Account-age checks miss it; device fingerprint does not.

How Keverd solves it

Device intelligence at every touchpoint

Registration, checkout, organiser actions, and pre-sale — Keverd captures:

  • Device fingerprint across registration, checkout, and organiser login
  • Session timing and navigation speed through the purchase flow
  • BOT, AUTOMATION, and emulator indicators at add-to-cart and checkout
  • Account count per device — registration farms before a major sale
  • Device continuity on organiser accounts — new device, sensitive action
  • Pre-sale velocity — registrations linked to clusters in the 72 hours before on-sale
1

Registration farms

Fingerprint every new account. Flag or block when one device registers more than your threshold — before the farm is ready for on-sale.

2

Checkout bot blocking

Score every purchase session. BOT and AUTOMATION flags block before tickets are reserved; HIGH tier can rate-limit or queue for review.

3

Organiser protection

Verify logins and sensitive dashboard actions — bank changes, withdrawals, event creation, ticket releases — when the device is new to that organiser account.

4

Pre-sale monitoring

Passive scan in the 72 hours before a major sale. Cluster report shows which new accounts share devices — restrict before the clock starts.

Integration

Four touchpoints — no core rebuild

A frontend script and a backend webhook at each stage. For platforms that run both fan checkout and organiser dashboards — like Vabu and Nailinq — all four touchpoints deploy from a single installation.

Account registration

Placement
Registration form page
Trigger
Account creation submission
Response
device_id, suspect_score, account_count_for_device, action_taken

Same device over your account threshold → flag or block before the account is created.

Ticket purchase flow

Placement
Event page + checkout
Trigger
Add-to-cart and checkout confirm
Response
suspect_score, risk_tier, flags[], action_taken

BOT / AUTOMATION blocked before reservation. HIGH tier rate-limited or sent to review.

Organiser login & actions

Placement
Organiser login + sensitive actions
Trigger
Login, bank change, withdrawal, event creation, ticket release
Response
device continuity flag, new_device indicator, risk_tier, action_taken

New device on an organiser account → verification before the action completes.

Pre-sale monitoring

Placement
Passive — uses registration data
Trigger
72 hours before major on-sale
Response
Pre-sale risk report with account clusters to restrict

No extra integration — built from registration touchpoint data already flowing.

Workflow

Major event sale

  1. 1

    Fan

    Opens the event page when tickets go on sale.

  2. 2

    Keverd

    Fingerprints the session on page load and at checkout. BOT or farmed device → block or challenge before cart completes.

  3. 3

    Your platform

    Only LOW-risk sessions reserve inventory. HIGH goes to review or rate limit.

  4. 4

    Post-sale

    Cluster report shows how many buyers were real fans vs. a handful of device operators.

Organiser account takeover

  1. 1

    Organiser

    Logs in or changes bank details, creates an event, or requests a withdrawal.

  2. 2

    Keverd

    Checks device continuity — is this a known device for this organiser account?

  3. 3

    Your platform

    New device on a sensitive action → step-up verification before completion.

  4. 4

    Ops

    Attack stopped before revenue is redirected or a fraudulent event goes live.

Field guide

Reading Keverd flags in ticketing

FlagWhat it meansHow to use it
BOTSession behaviour matches non-human patterns.Block at checkout on on-sale. Strong signal — pair with AUTOMATION.
AUTOMATIONPurchase flow likely driven by a script.Block before ticket reservation. Core scalper signal.
USER_AGENT_SPOOFEDDevice misrepresents browser or OS.Common on bot stacks. Review or block at registration and checkout.
TIMEZONE_IP_MISMATCHTimezone does not match IP location.Context only — residential proxies can trigger legitimately. Do not block on this flag alone.
AD_BLOCKERAd blocker detected on device.Informational for ticketing. Do not weight heavily in scalper scoring.

First 30 days

What success looks like

  • 100%of registrations and checkouts receive a device score
  • On-saleBOT / AUTOMATION sessions blocked before ticket reservation
  • Post-salecluster report — e.g. 800 buyers → 12 device operators
  • <200msmedian API response at checkout
  • Pre-salerisk report for first major event — clusters flagged before on-sale

The most impactful deliverable: the first post-sale cluster map — what looked like 800 ticket buyers was actually 12 device operators. That report changes the conversation about platform integrity permanently.

Default configuration

Tuned for ticketing platforms

Checkout blockBOT or AUTOMATION flag, or CRITICAL tierTicket not reserved — your team sets exact threshold
Account farm>5 accounts per device in 72h pre-saleRegistration flagged or blocked — tunable per event size
Organiser new deviceVerification on bank change, withdrawal, event createStep-up before action completes
AD_BLOCKERIgnored in scalper scoreNo meaningful correlation with bot buying

For your organisers

Talking points for event organisers

Platforms often need to sell Keverd's value to promoters — not just to internal ops.

Your last event

We can show how many ticket buyers were real fans vs. one or two operators with a script. Most promoters find the answer uncomfortable — and actionable.

Your revenue

Organiser account takeovers redirect ticket revenue to attackers. Keverd stops this before bank details change — not after.

Your reputation

When bots sweep inventory in 90 seconds, fans blame the promoter. Keverd gives you back control of your own sale.

The resale root cause

Resale thrives because scalpers obtain inventory at face value. Keverd disrupts the supply chain — not just the symptom.

Onboarding

5–7 working days to go live

  1. 01Share platform URLs — event pages, checkout, registration, organiser login
  2. 02Add the Keverd JavaScript snippet to page templates
  3. 03Configure webhook at registration, checkout, and organiser login
  4. 04Establish organiser device baselines — known-good devices per account
  5. 05Agree thresholds: bot block score, account farm count, checkout limits
  6. 06Test run: simulate a small sale with known bot traffic
  7. 07Activate pre-sale monitoring for the first major upcoming event
  8. 08Brief ops team using the field guide below
  9. 09Go live — Keverd monitors the first major sale and delivers a same-day cluster report

Known limitations

Interpret signals correctly

  • Keverd covers device and session behaviour at purchase — not ticket ownership or secondary resale enforcement after the fact.
  • Residential proxy networks rotate IPs per request; device fingerprinting remains effective because the device itself persists.
  • Pre-sale scans work best when events are announced more than 72 hours ahead. Flash sales have less registration data to analyse.
  • Organiser device baselines take 2–4 weeks on new platforms. New-device alerts may have higher false positives until known-good devices are learned.
  • Keverd does not catch scalpers retroactively — only sessions after integration is live.
  • After 2–3 events, persistent bad-device records mean operators blocked at one sale are already flagged at the next.