• Welcome to the WDWMAGIC.COM Forums!
    Please take a look around, and feel free to sign up and join the community.You can use your Twitter or Facebook account to sign up, or register directly.

Linking credit card to magic band

John park hopper

Well-Known Member
Original Poster
We were at AK yesterday and the wife linked her credit card to the magic band so she would not have to carry the credit card. Seems while we were at AK there was a computer glitch and the credit card was removed from the MB, could not buy lunch --nothing. She called guest services and was told use your credit card. Duh! that's why we linked the credit card so she didn't have to carry it. The wife was told she would have a limit of 50 dollars on the MB while in the park but would have to go back to POFQ to get it relinked. Long story short 50 limit never happened. Learned--- all ways carry cash or a credit card in your pocket. She was told when relinking at POFQ they have been having problems--- so glad they told us
 

donsullivan

Premium Member
Advertisement
Sounds like your specific issue was another thing but it is important to understand that you are not linking the credit card to the Magicband. You are putting a card down against the room reservation to cover personal charges while you are staying at the resort. The MagicBand is simply a tool to access those charging privileges.

Computer glitches can happen anywhere and it's never a good idea to head to the parks without any other form of payment or identification.
 
Last edited:

thomas998

Well-Known Member
We were at AK yesterday and the wife linked her credit card to the magic band so she would not have to carry the credit card. Seems while we were at AK there was a computer glitch and the credit card was removed from the MB, could not buy lunch --nothing. She called guest services and was told use your credit card. Duh! that's why we linked the credit card so she didn't have to carry it. The wife was told she would have a limit of 50 dollars on the MB while in the park but would have to go back to POFQ to get it relinked. Long story short 50 limit never happened. Learned--- all ways carry cash or a credit card in your pocket. She was told when relinking at POFQ they have been having problems--- so glad they told us
I don't think I would be linking them in the first place do to the possibility of someone cloning my magicband and figuring out my pin. Though the bigger risk would just be from a hacker following a guest when they left their room, cloning their magic band and then going back to the guest's room and robbing them blind.
 

donsullivan

Premium Member
I don't think I would be linking them in the first place do to the possibility of someone cloning my magicband and figuring out my pin. Though the bigger risk would just be from a hacker following a guest when they left their room, cloning their magic band and then going back to the guest's room and robbing them blind.
There is absolutely no reason to get overly paranoid about MagicBands and room access at all. It's the same technology used in millions of hotel rooms across the nation/world safely every day. The room access portion of this is not unique to Disney at all, the MagicBand is just a different way to access it, the technology is the same as countless hotels and cruise ships. I stayed at a Marriott last fall where I had the option to use my mobile phone vs the plastic keycard which is a variation of the same technology.

There is no need to spread fear about it.
 

John park hopper

Well-Known Member
Original Poster
While in the park my wife does not carry a purse and prefers not to have a credit card in her pocket. I don't take my wallet either thus linking the credit card to the MB made sense to us in the future I will keep a card in my pocket just incase of computer glitches. Just wanted to let people know don't rely on MB take a backup for purchases in the event.
 

John park hopper

Well-Known Member
Original Poster
Most people carry their phones to Disney so you can also have your credit cards linked to your phone for payment via Apple Pay or Google pay (which Disney World accepts) so you still don't need to carry your credit cards with you.
Good to know but I still use a flip phone --wife says I'm still in the dark ages, still write checks
 
Last edited:

donsullivan

Premium Member
Most people carry their phones to Disney so you can also have your credit cards linked to your phone for payment via Apple Pay or Google pay (which Disney World accepts) so you still don't need to carry your credit cards with you.
Since I'm local and not normally staying at a resort, ApplePay is my preferred payment method throughout the parks. To my knowledge though, they are still not able to accept ApplePay (or similar) at most table service restaurants. There are also some restaurants in the parks and Disney Springs not operated by Disney that do not accept ApplePay, so you need to be prepared for that.
 
Last edited:

awoogala

Well-Known Member
oh, that stinks! so sorry that happened. I go bagless, and almost always use the band, but tend to carry my tiw card, annual pass, and driver's license, one c.c. (just in case!) , and my health insurance card . I'm paranoid to get injured with no id or insurance card on me, and I've always worried the m.b. would go down after a meal.
 

Chi84

Well-Known Member
I'm wondering if this was caused by the new credit card authorization hold policy. There are several threads about this on other boards, and we had problems charging with our MBs the first week of May. We keep a credit card attached to my husband’s MDE at all times to use online check In and make dining reservations. The first time we tried to charge with the band at SSR it was denied and we had to go to the front desk to add our credit card again. On day 5 when our credit card was charged and another hold took effect, our method of payment was again knocked off of our account and we had to go to the front desk to add it a second time. The CMs said this is a glitch that has been happening frequently over the last two months - since the time the new policy went into effect. Don't have time to go into it, but some think the holds are triggering fraud alerts to the banks.
 

scorp16

Well-Known Member
I load up a couple k on some gift cards (that I can transfer money in and out of, plus block the second they're missing)...and I'm good.

Me, the wife, the kids - and a couple of gift cards, my AP card, a hotel room card...and I'm good.
 

thomas998

Well-Known Member
There is absolutely no reason to get overly paranoid about MagicBands and room access at all. It's the same technology used in millions of hotel rooms across the nation/world safely every day. The room access portion of this is not unique to Disney at all, the MagicBand is just a different way to access it, the technology is the same as countless hotels and cruise ships. I stayed at a Marriott last fall where I had the option to use my mobile phone vs the plastic keycard which is a variation of the same technology.

There is no need to spread fear about it.
Not the same technology at all. A key card that you swipe or insert into a door is not something a hack could clone simply be walking up close to you. A magic band doesn't need to be inserted into anything you simply need the hacking tools and someone to walk close to the target... All a team would need to do is have two guys stay in a Disney resort and in the morning one of them watches some people leaving the rooms to get on a bus, make a not of the rooms they left and then get on the bus with them... pass by each one for a couple of seconds to get the magicband RIF number and use their cell phone to send the info back to their partner... Now go watch to make sure they really enter the park as expected and at that point let the partner know they are in and then he could easily go rob all the rooms they watched. This is much easier than it would be to do on a cruise ship since a person a ship might return at anytime to their room, a person that has entered a Disney park is more than likely going to be out of the room for a long time.

Now the pins are bit different, it would require a person to clone the RIF number then go try to buy something cheap and guess the pin... if it doesn't work just pay with cash and move one. Give that people often used simply pins like a single number repeated 4 times... 1111 is used by a little more than 6% of people picking 4 digit pins so simply cloning 20 different phones and buying 20 soft drinks would give you pretty high probability of having one of the people with a 1111 pin, and once you get one you could then go buy some expensive things.... In fact if you wanted to maximize your return as a thief you would go follow people that got off a monorail from the resort since the monorail resorts have higher charge limits on their magicbands... There have been articles in cyber security sites that have gone through lots of issues with the magic bands with some hacker doing proof of concept runs to show that it is possible. You can also easily find charts that will give you the top pins used, the top 20 of which cover more than 25% of the pins used. Many people are simply too predictable, 2580 is another popular pin since its just the numbers straight down the keypad...

As for spreading fear, talking about potential problems with a system isn't spreading fear as much as it is letting people know not to do things that could bite them... like picking a pin number that is easy to guess.
 

NormC

Premium Member
I wouldn’t worry about cloning. It is an awful lot of effort and with no PIN you would get nowhere. It is the passive contact RFID used for payment so the person cloning it would have to get pretty close to your band if not touching it. In this aspect it is no different than the RFID plastic ticket "Key to the kingdom" card we all used before Magic Bands.
The battery powered transmitter would be easier to clone but it is not used for payments or door locks or admission. You would have to intercept its broadcast when it is activated by a Disney beacon.
 
Last edited:

donsullivan

Premium Member
Not the same technology at all. A key card that you swipe or insert into a door is not something a hack could clone simply be walking up close to you. A magic band doesn't need to be inserted into anything you simply need the hacking tools and someone to walk close to the target... All a team would need to do is have two guys stay in a Disney resort and in the morning one of them watches some people leaving the rooms to get on a bus, make a not of the rooms they left and then get on the bus with them... pass by each one for a couple of seconds to get the magicband RIF number and use their cell phone to send the info back to their partner... Now go watch to make sure they really enter the park as expected and at that point let the partner know they are in and then he could easily go rob all the rooms they watched. This is much easier than it would be to do on a cruise ship since a person a ship might return at anytime to their room, a person that has entered a Disney park is more than likely going to be out of the room for a long time.

Now the pins are bit different, it would require a person to clone the RIF number then go try to buy something cheap and guess the pin... if it doesn't work just pay with cash and move one. Give that people often used simply pins like a single number repeated 4 times... 1111 is used by a little more than 6% of people picking 4 digit pins so simply cloning 20 different phones and buying 20 soft drinks would give you pretty high probability of having one of the people with a 1111 pin, and once you get one you could then go buy some expensive things.... In fact if you wanted to maximize your return as a thief you would go follow people that got off a monorail from the resort since the monorail resorts have higher charge limits on their magicbands... There have been articles in cyber security sites that have gone through lots of issues with the magic bands with some hacker doing proof of concept runs to show that it is possible. You can also easily find charts that will give you the top pins used, the top 20 of which cover more than 25% of the pins used. Many people are simply too predictable, 2580 is another popular pin since its just the numbers straight down the keypad...

As for spreading fear, talking about potential problems with a system isn't spreading fear as much as it is letting people know not to do things that could bite them... like picking a pin number that is easy to guess.
I'm sorry, but that is the very definition of paranoid when you invest that much energy into a string of hypothetical scenarios that would take a dozen people to pull it all off to steal the RFID tag ID and pin for my MagicBand. I for one will absolutely admit that I am not even remotely close to important enough for anyone to bother with that sort of effort. And when combined with Disney security (not speaking of bag screening here) there is simply nothing that I personally worry about. If I ever have a concern in a hotel (Disney or otherwise), valuables like laptop go into a safe and I go out and enjoy my day.

While you are entitled to feel that way, I don't waste my time trying to think up scenarios of how someone could steal from me. I take reasonable precautions and spend the time enjoying my life instead.

And as for the RFID hotel room access, it is used in millions of hotel rooms all over the world now. Many have used the slide the mag stripe for ages but countless are upgrading to RFID and/or BlueTooth now where you just touch the pad just like at Disney. This is proven technology used throughout the lodging industry
 

flynnibus

Well-Known Member
Not the same technology at all. A key card that you swipe or insert into a door is not something a hack could clone simply be walking up close to you.
Most chains have moved to rfid cards... Disney is not unique here. Several even let you use your phone as the nfc device with an app.
 

thomas998

Well-Known Member
I'm sorry, but that is the very definition of paranoid when you invest that much energy into a string of hypothetical scenarios that would take a dozen people to pull it all off to steal the RFID tag ID and pin for my MagicBand. I for one will absolutely admit that I am not even remotely close to important enough for anyone to bother with that sort of effort. And when combined with Disney security (not speaking of bag screening here) there is simply nothing that I personally worry about. If I ever have a concern in a hotel (Disney or otherwise), valuables like laptop go into a safe and I go out and enjoy my day.

While you are entitled to feel that way, I don't waste my time trying to think up scenarios of how someone could steal from me. I take reasonable precautions and spend the time enjoying my life instead.

And as for the RFID hotel room access, it is used in millions of hotel rooms all over the world now. Many have used the slide the mag stripe for ages but countless are upgrading to RFID and/or BlueTooth now where you just touch the pad just like at Disney. This is proven technology used throughout the lodging industry
You might want to pull out the dictionary, simply stating how something could be done isn't close to being paranoid. If I refused to use a magic band because I was afraid someone was going to hack it, then what could be considered paranoid. I simply take note if the people around me and how they are behaving, if someone started getting too close to me or tried to move a handbag near my magicband then I would certainly wonder why as would most people.... Only difference is that I would have a likely nefarious reason in mind while other might just think it was strange.

And no one is claiming places don't use RFID, it pops up all over the place but that doesn't instantly mean that it is safe from criminals. People have wifi routers in most homes but that doesn't mean someone can't hack them. In fact the more people rely on RFID chips the more likely hackers will start attacking them....it's the same reason Mac at one time had few viruses, they were such a small percent of the computers the didn't warrant a hackers time... but things change and number increase the hackers will take interest.
 

flynnibus

Well-Known Member
You might want to pull out the dictionary, simply stating how something could be done isn't close to being paranoid. If I refused to use a magic band because I was afraid someone was going to hack it, then what could be considered paranoid. I simply take note if the people around me and how they are behaving, if someone started getting too close to me or tried to move a handbag near my magicband then I would certainly wonder why as would most people.... Only difference is that I would have a likely nefarious reason in mind while other might just think it was strange.

And no one is claiming places don't use RFID, it pops up all over the place but that doesn't instantly mean that it is safe from criminals. People have wifi routers in most homes but that doesn't mean someone can't hack them. In fact the more people rely on RFID chips the more likely hackers will start attacking them....it's the same reason Mac at one time had few viruses, they were such a small percent of the computers the didn't warrant a hackers time... but things change and number increase the hackers will take interest.
Dude... That's why all monetary transactions with magic bands require two factor authentication... your band plus your PIN.
 
Top Bottom