Was Ticket Fraud to Blame for Chaos at Champions League Final?

What should have been a triumphant finale to the European football season descended into chaos as police fired tear gas and pepper spray at supporters in advance of the Champions League Final (CLF) in Paris (28 May). What role did ticket fraud play in creating the chaotic scenes that were televised around the world as the kick off was delayed by more than half an hour?

The match between Liverpool and Real Madrid was originally scheduled to be held in St Petersburg, Russia, but it was moved by Europe’s governing body, UEFA, to the Stade de France — situated just north of Paris – following Russia’s invasion of Ukraine.

In the build up to the start of the game, various cordons and filters attempted to control the 80,000 fans trying to get into the stadium but, for a variety of reasons, bottlenecks of supporters soon started to appear around the gates and turnstiles, triggering a robust reaction from security staff.

Many contributing factors have been suggested as the reasons for the breakdown in control, which narrowly missed escalating into a major public safety event. However, French authorities blamed the chaos on ‘industrial levels of ticket fraud’.

‘There was massive fraud at an industrial level… 70% of the tickets were fake tickets coming into the Stade de France,’ French Interior Minister Gérald Darmanin said.

‘15% of fake tickets were also found after the first filtering... more than 2,600 tickets were confirmed by UEFA as non-validated tickets even though they’d gone through the first filtering. A massive presence of these fake tickets was, of course, the issue why there were delays.’

As someone who has worked on printing tickets for major sporting events, and as a supporter who has had to go through the rigorous procedures of providing large amounts of personally identifiable information (PII) to establish my identity prior to purchasing legitimate tickets, I found these assertions hard to accept – particularly when the minister was only able to provide anecdotal rather than physical evidence.

The reasons behind securing tickets against fraud have always been commercial, but following two tragic disasters connected with Liverpool Football Club in the 1980s (Heysel in 1985 and Hillsborough 1989), personalising tickets was one of the actions taken to improve public safety at football matches. The rationale for personalisation was that if you have a stadium with 80,000 capacity and you can uniquely link each ticket to one of those seats, then you will avoid recurrence of the scenes of crushing and stampedes of the 1980s.

Using anti-counterfeit features to authenticate the tickets (rather than validate ownership) was another step taken to tighten up the control of ticketing at large sporting events. Such features included optically variable image devices, which had already proved effective in deterring counterfeits of credit cards and cheques.

In the subsequent 30 or so years, there has been a massive improvement in the control, issuing and validation of venue tickets, but most recently we have been witnessing the relegation of authentication features to a secondary measure behind the scanning of a barcode to establish the uniqueness of the ticket, but with little emphasis on matching the PII in coded form to the asserted identity of the ticket holder.

Best practice example

An example of good balance between optical authentication and digital verification was seen in UEFA Euro 2020-21 championship admission tickets.

Nanotech’s LiveOptik™ technology was used for admission tickets and, using the brand guidelines, the nano-optic security feature ‘animated’ the UEFA Euro logo. The design focused on a bridge motif, selected to represent the unity between the 13 host cities for the tournament. At the primary viewing window, the bridge, trophy, and fans on both sides ‘appeared’ and On-Off effects were activated by tilting the ticket either left or right.

Euro 2020 ticket (© UEFA and Nanotech Security Corp).

The design and execution were both eye-catching and ‘intuitive’ – meaning that police or stewards would be able to inspect tickets with a high degree of confidence without much training and without recourse to inspection equipment.

There is an emerging school of thought that the code, be it barcode, QR code, serialisation or blockchain, is the essence of modern document security. The argument runs that visual deterrence is pointless in a ‘post-functional’ era of physical documents, and that reading the code will bring greater levels of confidence in the trueness of the document, its value, and its beneficial owner than any amount of secure printing or features.

I have some sympathy for that argument and the argument only gets stronger as the number of readers and items linked by distributed ledger technology increases. But we’re not there yet!

I must be honest and admit that I haven’t been able to get hold of a ticket (genuine or otherwise) from the CLF game, but from viewing examples from resell sites it seems that the 2D code on the front was the most prevalent visual feature.

In theory, it should have been possible for police and stewards to check the details of the PII held on the ticket’s code against the passport or ID card of the fan before they entered the turnstile area of the Stade de France. But anyone who has queued in crowds of thousands outside an international sporting event, with the clock clicking down before kick-off, knows how impractical that theory is.

A quick manual check of the look and feel of the physical ticket – as a bartender might react to the presentation of a €50 note in a bar – would have been a great first filter, causing minimum confrontation and delay.

UEFA has launched its own probe into the reasons behind the public order failures at the CLF, which is scheduled to present its conclusions in September. Hopefully, they will be able to present some solid physical evidence into just how these ‘industrial scale’ frauds were perpetrated – or, as I suspect, substantially revise their figures downward.