Whose briliant idea is it to put RFID bracelets on hundreds of thousands of 'visitors', linked to credit card info...  This can only get worse...  

http://news.discovery.com/tech/disney-world-track-fantasy-130108.html#mkcpgn=rssnws1

WANT!

But then again, I'm a HUGE Disneyworld nerd.

FTA: "My Disney Experience that will enable users of MyMagic+ to select three FastPasses for rides" - that's huge for anyone going there.

In short, this would definitely suck me in and give up my CC info / shopping preferences / etc. Shame on me, but a big enough carrot and people will do anything (including me, it seems). 

I agree with Haybusa, how hard will it be to clone and rewrite on something else. wear one of those running id holders like the one here.

Not like you have to leave the park. If done right, a Crym could charge lots of crap to someone, and it'll be harder to dispute with the company. small enough charges don't have to show id. And think if that Crym was someone working at the park, in that micky costume. Ask little Billy how long they're there for, making small talk, and suddenly know how long he has to use that family's account

I think that this shows that Disney is out of touch slightly. they only think of this from the privacy side. didn't see anything talking about the fraud side.

Agreed that, if done right, they'll hopefully at least minimize their exposure.  For instance, a user in line for a ride with a 'quick pass' from their bracelet VERY likely isn't in a store half-way across the park, at the same moment.  Still, with the sheer number of the bracelets that could potentially be in use, daily, it's a guarantee that someone WILL exploit things, somehow.  

Perhaps a required passphrase if in the stores, etc, to go with the bracelets, so that, at least then, there's MUCH less chance of excess abuse / spending.  At least that way, they'd really need to both 'drive by' scan the rfid AND shoulder surf, to get the passphrase.

We don't know how they will implement this system. It would be nice to get more details on their implementation.

Suppose they do something like this:
1) Only adults can have credit card info on their bracelets
2) 2 factor authentication: You need the bacelet and a 5 digit pins (for example)
3) There is a fraud detection mechanism in place
4) Once your holiday at Disney is over, the bracelet doesn't work anymore (so you couldn't buy anything with it at Disney Marketplace for example)
5) You can only allow a max of $500 per day (to limit the damages)
6) You are still protected by the credit card company insurance

We also have to keep in mind that the bracelet will only have an ID with it. So a potential thief couldn't use this information outside Disney's walls.

I believe that all these combined wouldn't be too bad. And don't forget, there are still pick pockets that can easily still your wallet while you wait in line...

What do you guys think?

All the relevant information will indeed be in the system, not on the RFID. Yes, you can replicate the RFID signal, but unless it interacts with Disney's computers, the RFID info will be useless. It does look like they stamp a first name on the actual bracelet, but no last name.

There is also a pin required for purchases over $50, and if you don't want the RFID associated with a CC, you don't have to have them include it (similar with the room keys for those staying in a Disney resort). In fact, you don't have to have any information on it - in which case you just use it for fastpass+.