Magic Bands Not As Secure As Advertised!

sublimesting

Well-Known Member
My wife and I were at WDW over the weekend and not once, but twice at expensive sit down restaurants, the waitstaff overrode the pin function because of spotty wifi. I repeat, the pin function was overridden! This should not happen under any circumstances! If the wifi is spotty, fix it, don't make my information less secure!

We spoke to the manager at Brown Derby about this. I told him it was the programmer's lazy way out. If a program can be written to override the pin, a program can be written to take the pin offline and make them have to match in the back to complete the transaction.

The magicbands are advertised as convenient and secure, well, this weekend they were not. Disney, fix the wifi, or find another work around, you have no right no just decide to make my information lass secure.


The big problem with this is that someone could steal a bracelet and try to use it to pay for something and then charmingly pretend their PIN doesn't work. If the SOP is to over ride these then they aren't secure at all. PIN should be required at all times.
 

Rob562

Well-Known Member
The big problem with this is that someone could steal a bracelet and try to use it to pay for something and then charmingly pretend their PIN doesn't work. If the SOP is to over ride these then they aren't secure at all. PIN should be required at all times.

Again, if it's possible to override the PIN in the system, that's Disney's choice to gamble with their own money by giving access to an in-house account. But the only instance of PIN overrides being talked about are at the Table Service restaurants.

-Rob
 

flynnibus

Premium Member
Again, if it's possible to override the PIN in the system, that's Disney's choice to gamble with their own money by giving access to an in-house account. But the only instance of PIN overrides being talked about are at the Table Service restaurants.

-Rob

Can we just keep repeating this over and over... it's Disney taking the risk, not you. It's a house account.. not your credit card. The KTTW was no better and no one freaked out then.
 

Rob562

Well-Known Member
One other point that came to me as I was replying to another thread: You can always ask the front desk to *lower* the room charge limit on your account if you want. So if you're staying at a Deluxe resort and you don't feel comfortable having $1500 available on your account, they'll lower it to say $400 when you check in.

-Rob
 

Victor Kelly

Well-Known Member
Liberty Tree Tavern had no pin due to wifi being down. I have also addressed the wifi issue in my trip report and reviews. However, no information can be garnered from you band. It has to go through the computer database then it chimes back in on the mobile reader or computer you are at with a CM. The only thing on your magic band is a number just like a gadget for paying tolls. If per chance you lose your band and it is reported with the time like a bank would do, the erroneous charges would be removed like a bank would do. A new band would be issued as replacement possibly with a charge, just not sure about that one.

Any charge may be contested with your bank and Disney. There is a process for all of this, and it mainly favors the consumer because if it goes to court and a jury is requested, the jury usually finds in favor of the consumer, then the loser (business) gets hit with court fees, and a larger payout. Cheaper in the long run to comp it and be done. And there are video cameras everywhere, they can easily see if it is you that made the purchase in a store.

To date, the only place the pin was not used was at Liberty Tree Tavern. Shops always required a pin.
 

EOD K9

Well-Known Member
To answer a previous poster's question of why not just use a card separately.....for some people it is the convenience of not carrying a wallet or cash....everything on the band. I personally just use a combo of cash and credit.
 

SnarkyMonkey

Well-Known Member
The big problem with this is that someone could steal a bracelet and try to use it to pay for something and then charmingly pretend their PIN doesn't work. If the SOP is to over ride these then they aren't secure at all. PIN should be required at all times.

This is not the same thing at all. In one case, you have a restaurant turning off the PIN feature because of problems with Wifi. In what you have described, you have someone entering an incorrect PIN, which would be a read flag after so many attempts.
 

surfsupdon

Well-Known Member
Again, if it's possible to override the PIN in the system, that's Disney's choice to gamble with their own money by giving access to an in-house account. But the only instance of PIN overrides being talked about are at the Table Service restaurants.

-Rob

In my trip report, from Nov 2014, I mentioned PIN over rides at Beach Club Marketplace in the mornings for breakfast and at Crews Cup bar. Crews Cup had poor wifi, and the Marketplace manager said they turn the pins off when lines are long to expedite Guests at the counters.

Just adding to the convo.
 

englanddg

One Little Spark...
I told him it was the programmer's lazy way out.
No. Just...no. This was a feature that was purposefully designed into the system, and, frankly, for good reason. It's a sign of GOOD design that the ability to allow operations management to override certain protocols exists.

You are just...wrong.

How do I know? I worked professionally in the restaurant industry for a Fortune 500 company at the corporate level for 11 years, so I know what is involved with restaurant and retail operations first hand AND I am now a computer programmer who has designed written several POS (Point of Sale) systems.

It's easy to blame the tech, it's easy to blame the "wifi"...but any good programmer worth their salt (or operations / systems designer) knows that systems will, sometimes, go down, and plan accordingly.

The reason you don't see reports of this happening at retail shops is that their RFID reader is hard wired, so the odds of it going down are much less than the handheld units.

And, I want to be very clear about this...at NO TIME was your personal data at any risk outside of your name if you decided to put your name on your magicband instead of an alias or nickname (an option you didn't have with the KTTW, I'll note, where they put your real name on it by default...and they also printed what dining plan you had...yeah..., if I were a criminal I'd keep an eye out for those DLX cards! FAR less secure.).
 

SnarkyMonkey

Well-Known Member
Agreed. Nobody is forcing you to charge things. Continence and security often don't overlap!

Ummm...I think you mean "convenience". Tee hee.

kimberly-clark-depend-fitted-maximum-protection-adult-disposable-incontinence-briefs-IQNPLQCGE.jpg

For when continence and security don't overlap!
 

Register on WDWMAGIC. This sidebar will go away, and you'll see fewer ads.

Back
Top Bottom