Disney and RFID bracelets…..

This topic contains 11 replies, has 5 voices, and was last updated by  hayabusa 6 years, 11 months ago.

  • Author
    Posts
  • #8126
     hayabusa 
    Participant

    Whose briliant idea is it to put RFID bracelets on hundreds of thousands of ‘visitors’, linked to credit card info…  This can only get worse…  :-

    http://news.discovery.com/tech/disney-world-track-fantasy-130108.html#mkcpgn=rssnws1

  • #51423
     caissyd 
    Participant

    Even without the credit card info, I still don’t like when companies gather info on my purchases and shopping habits.

    But I guess we get monitored all the time now…

  • #51424
     Grendel 
    Participant

    WANT!

    But then again, I’m a HUGE Disneyworld nerd.

    FTA: “My Disney Experience that will enable users of MyMagic+ to select three FastPasses for rides” – that’s huge for anyone going there.

    In short, this would definitely suck me in and give up my CC info / shopping preferences / etc. Shame on me, but a big enough carrot and people will do anything (including me, it seems).  :-[

  • #51425
     hayabusa 
    Participant

    Yeah…  I can see the ‘draw’, but I also foresee HUGE issues, liability, and headache in their future…

  • #51426
     rattis 
    Participant

    I agree with Haybusa, how hard will it be to clone and rewrite on something else. wear one of those running id holders like the one here.

    Not like you have to leave the park. If done right, a Crym could charge lots of crap to someone, and it’ll be harder to dispute with the company. small enough charges don’t have to show id. And think if that Crym was someone working at the park, in that micky costume. Ask little Billy how long they’re there for, making small talk, and suddenly know how long he has to use that family’s account

    I think that this shows that Disney is out of touch slightly. they only think of this from the privacy side. didn’t see anything talking about the fraud side.

  • #51427
     ziggy_567 
    Participant

    I don’t have any further information about how Disney plans to implement this, but fraud within the parks would be very easy to detect. They’re using RFID to track visitors. Each RFID chip will be uniquely identifiable, so they would be able to detect you pulling Fast Passes at the Magic Kingdom while simultaneously shopping at Downtown Disney.

    The question is, will they implement fraud detection in the system? If the fraud becomes rampant enough that they’re losing money, they will.

  • #51428
     hayabusa 
    Participant

    Agreed that, if done right, they’ll hopefully at least minimize their exposure.  For instance, a user in line for a ride with a ‘quick pass’ from their bracelet VERY likely isn’t in a store half-way across the park, at the same moment.  Still, with the sheer number of the bracelets that could potentially be in use, daily, it’s a guarantee that someone WILL exploit things, somehow.  

    Perhaps a required passphrase if in the stores, etc, to go with the bracelets, so that, at least then, there’s MUCH less chance of excess abuse / spending.  At least that way, they’d really need to both ‘drive by’ scan the rfid AND shoulder surf, to get the passphrase.

  • #51429
     rattis 
    Participant

    I think it would depend how how they set the system up to begin with. The biggest thing I can think of, one family all using the same card. So that could mean that some are in one area, some in other buying at the same time. think Dad and son on the rides, mom and daughter shopping.

    So, how much information do they need to actually make the sale. How much do they read. And what parts could be re-written.

    If I knew more about rewriting the stuff, I’d love to get my hands on a couple just to see.

  • #51430
     caissyd 
    Participant

    We don’t know how they will implement this system. It would be nice to get more details on their implementation.

    Suppose they do something like this:
    1) Only adults can have credit card info on their bracelets
    2) 2 factor authentication: You need the bacelet and a 5 digit pins (for example)
    3) There is a fraud detection mechanism in place
    4) Once your holiday at Disney is over, the bracelet doesn’t work anymore (so you couldn’t buy anything with it at Disney Marketplace for example)
    5) You can only allow a max of $500 per day (to limit the damages)
    6) You are still protected by the credit card company insurance

    We also have to keep in mind that the bracelet will only have an ID with it. So a potential thief couldn’t use this information outside Disney’s walls.

    I believe that all these combined wouldn’t be too bad. And don’t forget, there are still pick pockets that can easily still your wallet while you wait in line…

    What do you guys think?

  • #51431
     rattis 
    Participant

    I’m still wondering if you could just over write the cc info and go from there. All your other data matches, but charging to someone else’s card.

    As for the pickpockets, those are still around. Like anything else, you have to worry about the hotel staff, card skimmers, child abductors, etc. I just think that Disney is looking at weakening their security posture by chasing something easy to use.

    Personally, and this is just my opinion, I don’t think the magic kingdom bracelets will last long.

  • #51432
     Grendel 
    Participant

    @H1t M0nk3y wrote:

    We also have to keep in mind that the bracelet will only have an ID with it. So a potential thief couldn’t use this information outside Disney’s walls.

    All the relevant information will indeed be in the system, not on the RFID. Yes, you can replicate the RFID signal, but unless it interacts with Disney’s computers, the RFID info will be useless. It does look like they stamp a first name on the actual bracelet, but no last name.

    There is also a pin required for purchases over $50, and if you don’t want the RFID associated with a CC, you don’t have to have them include it (similar with the room keys for those staying in a Disney resort). In fact, you don’t have to have any information on it – in which case you just use it for fastpass+.

  • #51433
     hayabusa 
    Participant

    That sounds much more thought out.

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?