Social media was blazing with customers claiming their cards were declined during the Lollapalooza ticket sale event. According to the Chicago Tribune, a Chase representative said the error was the result of a “systems issue.”
“Due to a systems issue, some customers were unable to purchase Lollapalooza concert tickets today,” a Chase spokeswoman said. “We have since fixed the issue and apologize for the inconvenience. Customers should contact us if they have questions or concerns.”
So, what happened? Why did ticket sales fail at Lollapalooza? Was Chase’s fraud detection system wound too tight? Or were they too slow to react to the demand?
Lollapalooza takes place in our backyard so we took notice here at Payline. In fact, many of our team members are regulars and will attend Lollapalooza 2015, despite experiencing the same issue. We also happen to know a “thing or two” when it comes to credit card payments (it’s our bag, baby!). This means we have a pretty good idea of what happened and how they could have avoided this issue. All Austin Powers references aside, we’ll try to keep it as simple as possible.
Issue Number One
In short, Chase Bank’s fraud prevention combined with older payment processing backend systems were the likely causes. All of the customers that tried to use Chase Bank card information were declined due to a glitch in their fraud prevention “system”. After hitting submit, most users would get text fraud alert (likely due to high dollar value of tickets), and even if they replied “YES” it declined the card. Then the card continued to stay declined for a period of time. This was the system issue they were referring to and actually happens quite often. It was the urgency necessary to purchase that made this such a big deal.
Issue Number Two
The other issue is likely a combination of the customers and the payment processing system that Lollapaloza was using. Many users entered card information early with the intent to buy the instant tickets went on sale, however, this delay in clicking “buy” signals fraud to some credit card processors, which is why the cards were flagged for fraud and then still declined even if the user texted back “YES”.
How Lollapalooza Can Fix These Issues
A likely fix for Lollapaloza (and any other high volume ticket sales) may be to use a modern security process known as tokenization. It is a process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a “token”, that has no extrinsic or exploitable meaning or value. In simpler terms, this process replaces the credit card information with a “token” alpha-numerical identifier for each customer. This token is useless if stolen by online fraudsters but when the token hits the payment processor’s secure servers, it identifies the customer information stored in a secure “vault” to process the payment. It is possible to set this all up to happen before a sale takes place, simply by having the users create an account on the Lollapaloza website and then as long as they were logged in, a simple click is all that is needed to transfer all the payment details and complete the sale.
It is hard to say if this would have prevented all of the failed fraud prevention text approvals, especially if it was linked to an issue with Chase internally. It is our opinion though that the likelihood of declined cards, and any actual fraud taking place, would be greatly reduced with a modern payment processing system in place.
For those that managed to get tickets, we will see you there! For those that missed out, let’s hope these issues are resolved when they begin selling one-day passes Wednesday morning at 10 a.m. CST.