All articles

How Ticketmaster, AXS, and DICE Are Betting on Wallet Passes to Kill Ticket Fraud — And What the Shift Means for Every Event Organizer

How major ticketing platforms use wallet passes to combat fraud. What event organizers need to know about the shift to mobile credentials.

How Ticketmaster, AXS, and DICE Are Betting on Wallet Passes to Kill Ticket Fraud — And What the Shift Means for Every Event Organizer
Passmint
11 min read

You have tickets to a sold-out arena show. You arrive at the gate, pull up your ticket, and the scanner flashes red. Someone already used your barcode. A scalper sold a screenshot of your ticket to another buyer. They walked in thirty minutes before you. You are outside with a $200 charge and no way in.

This is not a rare edge case. The live events industry loses significant revenue every year to ticket fraud and unauthorized resale. Regulators and consumer protection agencies receive tens of thousands of complaints related to ticket and event scams.

The root cause is simple. Static barcodes, the same technology printed on cereal boxes, still serve as the primary proof of ownership for many high-value live event tickets.

Several of the world's largest ticketing platforms, including Ticketmaster, AXS, and DICE, are changing this. They have rolled out mobile-first, device-bound ticketing systems that go far beyond PDFs. The fix is not a better PDF. It is a dynamic, device-bound pass that can live in Apple Wallet or Google Wallet, refresh on demand, talk to a server, and become unusable the moment it is invalidated or legitimately transferred.

This article explains how these systems work at a business level, who benefits, and what the shift means if you are an event organizer without a Ticketmaster enterprise contract.

The Barcode Problem: Why Screenshots Broke Ticketing

Static barcodes were designed for a world where tickets were printed on paper and checked at a box office. They were not built for iMessage threads, Telegram groups, and online secondary listings.

The attack method is simple. One screenshot of a barcode, shared or sold, defeats traditional gate control systems that rely only on the barcode value. The scanner does not know who is holding the phone. It only reads the code.

This creates three main fraud patterns:

  • Screenshot fraud: the same barcode is scanned by two different people. The first one in gets access. The second is turned away.
  • Counterfeit listings: scalpers post screenshots on secondary markets and sell codes they have already used or plan to use.
  • Speculative selling: scalpers list tickets they do not own yet and hope to acquire them later. When they fail, the buyer is left with nothing.

The damage goes beyond lost ticket revenue. Venues take reputational hits when genuine fans are rejected at the gate. Chargeback costs rise. When fans buy through grey-market brokers, the organizer loses the direct relationship and the ability to send lineup changes, safety information, or future event offers.

Major ticketing platforms are not responding with watermarks on PDFs or encrypted email attachments. They are making the ticket more tightly bound to the device and the moment. That is where wallet passes enter.

Side-by-side comparison of a static QR code ticket on the left versus a dynamic Apple Wallet event pass on the right, illustrating the difference between legacy and modern ticketing approaches

How the Big Three Use Wallet Passes as a Security Layer

Each of the three dominant platforms has implemented mobile and wallet-based ticketing in a different way. They share a core belief. The digital ticket is not just a convenience feature. It is part of the trust infrastructure.

Ticketmaster SafeTix uses rotating barcodes that refresh every few seconds. Each barcode is generated from a server-side credential. The visible code is time-limited and derived from a cryptographic token issued by Ticketmaster servers. SafeTix tickets can be added to Apple Wallet and Google Wallet. The barcode visible on the pass is never the long-lived “real” barcode. It is a temporary representation of a credential on the server.

AXS Mobile ID binds ticket validity to an authenticated account instead of an anonymous PDF. At select venues, AXS supports NFC entry. Fans tap their phone on a reader instead of showing a barcode. A physical tap on a certified NFC reader is something a screenshot cannot replicate.

DICE has the strictest approach on transfer control. DICE issues tickets as mobile tickets only, inside the DICE app, with tight transfer restrictions. You cannot forward the ticket to someone else outside DICE. If you cannot attend, you return the ticket in the DICE app. Where enabled, the ticket is re-released at face value to a waiting list. The DICE ticketing system enforces these rules so that any ticket at the gate reflects the policy.

The common thread is clear. The digital ticket, often backed by a wallet pass or in-app credential, is the contract. Its dynamic, server-connected nature enforces that contract at the gate.

These systems also give the platforms strong control over secondary markets. Whether that is consumer protection or corporate overreach depends on your point of view. The tension is real. We return to it later.

Under the Hood (Without the Code): How Dynamic Wallet Passes Work

You do not need to read API docs to understand the mechanism.

A wallet pass is a small, structured file. On Apple, it is a .pkpass bundle. On Google, it is a structured object often represented and distributed as a signed JWT. In both cases, it lives on the device. Issuers can update it by sending push notifications that tell the wallet app to fetch new data from the issuer’s server.

Rotating barcodes work because the barcode value on the pass is not permanent. It is a token that the issuing server can invalidate and replace at any interval. When Ticketmaster SafeTix refreshes a barcode every few seconds, the underlying credential updates. Any screenshot becomes useless quickly.

Pass invalidation on transfer in a typical wallet-based flow looks like this. When a ticket is transferred through the platform, the issuer pushes an update to the original pass. The original pass is blanked out or marked void. At the same time, a new pass is issued to the recipient’s device. The old holder’s pass stops working. This is the basic pattern that lets platforms such as DICE and AXS enforce transfer policies with wallet passes, even if the technical details differ.

NFC entry is the highest security tier. Apple Wallet supports an NFC pass type where the phone taps a certified reader. There is nothing to screenshot or forward. The credential exchange happens over short-range radio between the device secure element and the reader hardware.

Diagram illustrating the lifecycle of a dynamic wallet pass from issuance through transfer invalidation to gate scanning, showing the server-connected trust model

Case Study: DICE’s Wallet-Native Approach for Independent Venues

DICE is a useful case study for mid-sized and independent organizers. Its model is not built around print-at-home tickets. It focuses on clubs, independent festivals, and arts venues. These are rooms where a 500-cap show selling out creates fraud incentives, but the organizer has little budget for enterprise security.

DICE takes a strict approach. Tickets are issued only as mobile tickets in the DICE app. There is no print-at-home option. If a fan cannot attend, they return the ticket through the DICE app. When waitlists are enabled, DICE re-releases the ticket at face value to the waiting list. Transfers outside DICE are blocked.

DICE reports that its resale model returns millions in face-value ticket revenue to fans every year. Venues using DICE report fewer gate disputes than under their older, PDF-heavy workflows.

The trade-off is clear. Fraud prevention is strong, but it comes with full platform dependency. Organizers give up control over customer data, resale economics, and much of the direct fan relationship. DICE owns the ecosystem.

If you are not using Ticketmaster, AXS, or DICE, you still face the same fraud problems. You may also want the security benefits of wallet passes without handing over the entire customer relationship.

What Trickles Down: Wallet Pass Capabilities for Independent Organizers

There is a real gap between enterprise features and what smaller organizers see. SafeTix rotating barcodes are only available through Ticketmaster platform relationships. AXS NFC entry needs certified hardware at every gate that supports tap-to-enter. A 2,000-cap venue cannot adopt these overnight.

The good news is that many wallet pass features are already available through wallet pass issuance APIs and platforms such as Passmint.

Here is what independent organizers can do today:

  • Issue native Apple Wallet and Google Wallet passes with unique barcodes per attendee. This is a major step up from shared or forwarded PDFs. Each pass is serialized and linked to a specific record in your system.
  • Push near-real-time updates to every issued pass. You can send gate time changes, venue reminders, lineup changes, and emergency notices. Every pass holder receives updates without checking email or installing an app.
  • Invalidate passes server-side on refund or cancellation. When you process a refund, the pass on the attendee device can be marked invalid through a pushed update.

The main gap is full, automatic pass invalidation on peer-to-peer transfer in the style of DICE or AXS. To do this, you must control both the issuance infrastructure and the transfer channel. If you manage your own wallet pass infrastructure with a tool such as Passmint, you can build this for your use case. It requires intentional design, not a single platform toggle.

Beyond security, the fan experience improves. Wallet passes can appear on the lock screen when the fan arrives at the venue. They update automatically. They do not require a new app download. Fans see a single, consistent experience across iOS and, with Google Wallet installed, Android.

Here is the practical takeaway. Even without rotating barcodes, moving from static PDF tickets to individually serialized wallet passes reduces many common fraud patterns and improves traceability and revocation for most independent organizers. Screenshot sharing and duplicate use at multi-entry events remain possible if barcodes are static, but a unique, trackable, revocable pass makes abuse easier to detect and respond to.

The Fan Experience Trade-Off: Convenience, Control, and Ownership

Wallet-based and app-based ticketing with transfer limits can feel restrictive to fans. If a fan cannot gift a ticket freely, resell it on their terms, or hand it to a friend at the last minute, they may question what they actually bought.

That concern is valid. You should weigh it against the convenience gains.

Fans do not need to print tickets. They do not hunt through email for a PDF. Passes appear on the lock screen when they approach the venue. Real-time updates go straight to the device. The experience is consistent across iPhone and Android (with Google Wallet installed).

Smartphone lock screen displaying a wallet pass notification with venue details, gate number, and event time, with a blurred concert venue entrance in the background

For organizers, this is a spectrum, not a binary choice. At one end is a locked-down model such as DICE. At the other is a basic wallet pass with a unique barcode that you control fully.

Where you land should depend on your event. A 500-person, sold-out club night with high resale demand may need tighter transfer controls. A community arts festival with $15 tickets probably does not.

There is also a data dimension. PDF tickets forwarded by email are invisible to you once sent. Wallet passes keep you more in the loop. You know who you issued the pass to and can usually see whether it was added or updated through your pass infrastructure. Every pass update is a chance to communicate. That is a more direct relationship than you get with a freely forwarded PDF.

A Framework for Evaluating Your Ticketing Partner’s Wallet Pass Maturity

If you are evaluating ticketing platforms or building your own stack, you can use this four-part framework for any vendor:

  1. Pass issuance: Does the platform issue native Apple Wallet and Google Wallet passes, or does it rely only on PDFs and email?
  2. Barcode dynamism: Are barcodes static, rotating time-limited tokens, or NFC-based?
  3. Transfer control: Can the platform invalidate passes or tickets server-side when a ticket is transferred or refunded?
  4. Update push: Can you push real-time content updates to all issued passes after the initial send?

In broad terms, Ticketmaster focuses on barcode dynamism through SafeTix. DICE focuses on strict transfer control. AXS focuses on NFC infrastructure. The trade-offs in organizer control and data access depend on specific contracts and implementations.

For independent organizers using wallet pass infrastructure platforms like Passmint, you can usually handle issuance and push updates. You can also build transfer controls if you own the transfer channel. Implementing rotating barcodes requires deeper server-side integration and validation logic.

A realistic action plan looks like this:

  • Start with issuance. Any event can benefit from issuing wallet passes instead of PDFs.
  • Add server-side invalidation on refunds and cancellations.
  • Then decide if your event type and fraud risk justify investing in transfer controls or deeper integrations.

You should also watch the platform roadmaps. Apple and Google are expanding wallet pass capabilities. Recent Apple PassKit updates and Google Wallet API improvements are narrowing the gap between enterprise platforms and independent issuers.

Full Circle

The fan turned away at the gate was not the victim of a sophisticated cyberattack. They were the victim of a legacy trust model based on a static image as proof of ownership in a world where sharing that image takes seconds.

Ticketmaster, AXS, and DICE did not move to more secure digital tickets because it was trendy. Whatever their motives, the common pattern is clear. A device-bound, server-managed, dynamically invalidatable ticket is more resistant to fraud than a static PDF.

Wallet pass maturity is now a real vendor evaluation criterion for any event organizer. It is not a minor feature anymore. It is an operational and security decision.

You also do not need an enterprise contract with one of the Big Three to close much of the fraud gap. The infrastructure to issue, update, and invalidate wallet passes at many scales exists today outside those walled gardens. Platforms like Passmint let you generate Apple Wallet and Google Wallet passes through an API. You keep more direct control over passes, data, and fan relationships.

Organizers who adopt this infrastructure now will reduce fraud sooner, improve fan experience, and gain more operational confidence than organizers who still email PDFs. The static barcode era is ending. Your choice is whether to lead that transition or respond to it later.

Share this article