New RFID technology in the parks?

[NoChesterHester]

Does anyone here work in Park Ops and have a real perspective on what level of theft actually occurs at the parks? I would think that due to the cost of admission, and the ease at which they can track annual passholders the predators looking for a quick score make other places other than inside the gates a much more attractive scenario for crooks.

 

[erasure fan1]

Okay, this has been discussed (and discussed, and discussed, and discussed, and discussed) too. Do you truly believe that someone has nothing better to do in their day than to steal RFID alphanumeric codes (as difficult as that would be), program tons of bracelets with them in the hopes of getting one with the correct privileges, then use them? I can see it now "Yes, please charge this wonderful meal to our account." *Shows them his recoded bracelet* "That one doesn't have charging privileges on it or the Disney Dining Plan? Oops.... try this one then." *hands her another one from his duffle bag*

:ROFLOL:

No I dont, hence my post.

 

[G00fyDad]

No I dont, hence my post.

My apologies. I must have misread your post somehow. I am very sorry.

 

[erasure fan1]

My apologies. I must have misread your post somehow. I am very sorry.

No worries, I just didnt like being part of the "big brothers watching" crowd. :lol:

 

[TropicalFig8]

This is where the money for new dark rides goes.

 

[flavious27]

Already been discussed that there is no direct credit card information on the KTTW card and likely will be none on the wrist band. The only benefit that anyone with a reader would get would be to get their meals and Disney junk free for the day, if they were then able to install your info on another band.

True, there wouldn't be any credit card info on the band, but someone could still use it to make purchases until you get to guest relations and they can deactivate it. With people concerned about privacy over rfid anyway, they could access your pictures if you added the photopass to it.

I don't know many people that keep their kttw card freely hanging on their persons, these wristbands are the same as that. Also, think of the headache for guests and cms if they come off during a ride. Small foreign objects can breakdown a ride, disney would increase that risk with tens of thousands of these bands in each park, every day.

Okay, this has been discussed (and discussed, and discussed, and discussed, and discussed) too. Do you truly believe that someone has nothing better to do in their day than to steal RFID alphanumeric codes (as difficult as that would be), program tons of bracelets with them in the hopes of getting one with the correct privileges, then use them? I can see it now "Yes, please charge this wonderful meal to our account." *Shows them his recoded bracelet* "That one doesn't have charging privileges on it or the Disney Dining Plan? Oops.... try this one then." *hands her another one from his duffle bag*

:ROFLOL:

You really don't know how bad credit card theft is then. People that would take the codes are not charging meals on them, they would be buying merch to sell. And for someone to find out if the band has a credit card hooked up to it, they can just try to purchase a soda. This is what they do with stolen card numbers, they buy small to make sure it works and then buy larger and larger until it stops working.

It would be easy for anyone to not raise red flags either. "Oh my band isn't working, well I am checking out today, how dumb of me. Let me just use my card." That card being used is one that has been stolen.

 

[erasure fan1]

It would be easy for anyone to not raise red flags either. "Oh my band isn't working, well I am checking out today, how dumb of me. Let me just use my card." That card being used is one that has been stolen.

True, you can fool a CM very easy but the system (if Disney has thought this through) would be a little harder. Each wristband is individually identified by the system, so if its used in basically 2 places at once (ie fastpass for splash then purchase in downtown Disney within a few minutes) then the system would flag it. Also if someone tried to enter a park but there was never an exit from a park the system should catch that too. And whos to say you dont have to enter a pin type number when you charge just like a debit card. Of course Disney could have none of these systems in place but I highly doubt that.

 

[flavious27]

True, you can fool a CM very easy but the system (if Disney has thought this through) would be a little harder. Each wristband is individually identified by the system, so if its used in basically 2 places at once (ie fastpass for splash then purchase in downtown Disney within a few minutes) then the system would flag it. Also if someone tried to enter a park but there was never an exit from a park the system should catch that too. And whos to say you dont have to enter a pin type number when you charge just like a debit card. Of course Disney could have none of these systems in place but I highly doubt that.

Well we can only guess on what disney will and will not do and hope for them to do it right.

I do see a problem with the system disabling purchases without check ins and outs of the gates. If you have groups that enter or exit through backstage, they will have problems. When me and my wife had a tour of dvc, they let us back into epcot behind the WS. If you have 150 or 250 of these errors everyday, guest relations is going to be gunning for the person that designed that function into the system. Along with that, guests are going to be unhappy that the system disabled their bands.

Disney could have the bands activate by pin, but it will add another layer of complexity and create problems with guests relations.

 

[G00fyDad]

True, there wouldn't be any credit card info on the band, but someone could still use it to make purchases until you get to guest relations and they can deactivate it.

If they went through the trouble of programming bracelet after bracelet (that they bought WITH the Disney stitching and designs btw) until they got one with charging privileges and a person in a complete stupor to not notice a person standing next to them touching their bracelet with a transmitter/receiver device. Then yeah.... it could happen. They can scan all the bracelets they want. It will only give them the alphanumeric code of the bracelet. They need Disney's database to compare it to so they can "clone" it for charging. If they scan mine all they will get is.....nothing. Oh, maybe my photo-pass photos access. Big deal. If they want to buy pics of me then fine. :ROFLOL:

I don't know many people that keep their kttw card freely hanging on their persons, these wristbands are the same as that. Also, think of the headache for guests and cms if they come off during a ride. Small foreign objects can breakdown a ride, disney would increase that risk with tens of thousands of these bands in each park, every day.

Honestly, that is my only concern about these. How much of a hassle is Disney going to have with these things coming off people's wrists?

You really don't know how bad credit card theft is then.

Yes, I do actually. It's somewhere around 10% these days. (I'm a Criminal Justice major )

People that would take the codes are not charging meals on them, they would be buying merch to sell. And for someone to find out if the band has a credit card hooked up to it, they can just try to purchase a soda. This is what they do with stolen card numbers, they buy small to make sure it works and then buy larger and larger until it stops working.

So they are going to stand next to you, touch your wrist for several seconds, keep everyone (including YOU) from noticing this, walk somewhere private, encode that data on a bracelet that they got from Disney, walk to a shop and try to buy a Coke? Really? And when that process doesn't work, they are going to do it all over again? Really? :shrug:

Wow. That's a lot of work for very little payoff. And I am pretty sure Disney will not allow this system to be abused like this. They cannot afford for this to happen. They will put measures in place to prevent any of this (even as unlikely as it is to happen) theft from happening. Disney did not get to be a $4.3 billion a year business by doing dumb things like that.

 

[Kamikaze]

Yes, I do actually. It's somewhere around 10% these days. (I'm a Criminal Justice major )

Then you should also know that any good card nowadays has 0% fraud liability. Meaning - if someone steals your card, yeah, its an inconvenience, but you aren't responsible for anything they do.

 

[AEfx]

True, there wouldn't be any credit card info on the band, but someone could still use it to make purchases until you get to guest relations and they can deactivate it. With people concerned about privacy over rfid anyway, they could access your pictures if you added the photopass to it.

I don't know many people that keep their kttw card freely hanging on their persons, these wristbands are the same as that. Also, think of the headache for guests and cms if they come off during a ride. Small foreign objects can breakdown a ride, disney would increase that risk with tens of thousands of these bands in each park, every day.

The wristbands are not going to be made out of tissue paper, LOL.

Disney uses very secure wrist-bands, it's quite an effort to remove them without using scissors unless you spend several minutes trying to stretch it over your hand to remove it in tact. They are not going to fall out on a ride.

Now, a KTTW card - which you slip in and out of your pocket all day, or wallet, or lanyard, or wherever you chose to store it - is a HECK of a lot easier to lose or forget than a wrist band you have to actively work to remove.

If anything, I'd say a wrist band is far more secure as you are not removing it from places on your person all day, and you will instantly know if it's missing or not because a) it's on your visible self all day, b) you have to actively work to remove it, and c) if someone wants to steal it from you they would have to sneak up, cut it off without you, your family, or another guest not noticing, or stand there for several minutes trying to work it off your wrist. As opposed to, Dad slips the card back into his pocket - and while watching Suzy and Johnny enjoy their new balloon he either misses the pocket and doesn't notice it fall to the ground, or forgets his card at the register, has a hole in his pocket, etc.


That said, I wouldn't wear them and I think the whole RFID thing is stupid, but not for the "OMG you might lose it!" reasons, as I do think they are far more secure. I do not use them as a charge card - why put a middle man between me and my credit card company. If there are any unauthorized charges directly on a credit card, you are only responsible for up to $50 by federal law, and most card companies waive that as a courtesy anyway. By putting a 3rd party (Disney) in the middle, it's a lot harder to fight fraudulent charges as they would have to get involved as well, as the ones charging you all at once for smaller transactions you have accrued.

 

[flavious27]

Yes, I do actually. It's somewhere around 10% these days. (I'm a Criminal Justice major )



So they are going to stand next to you, touch your wrist for several seconds, keep everyone (including YOU) from noticing this, walk somewhere private, encode that data on a bracelet that they got from Disney, walk to a shop and try to buy a Coke? Really? And when that process doesn't work, they are going to do it all over again? Really? :shrug:

Wow. That's a lot of work for very little payoff. And I am pretty sure Disney will not allow this system to be abused like this. They cannot afford for this to happen. They will put measures in place to prevent any of this (even as unlikely as it is to happen) theft from happening. Disney did not get to be a $4.3 billion a year business by doing dumb things like that.

It seems like alot of work, but it is going to be the same amount of work for when they get someone's credit or debit card number. Also are you going to notice if you accidentally rub against someone as they let a bunch of people past by them while in a 90 minute wait for space mountain?

 

[AEfx]

So they are going to stand next to you, touch your wrist for several seconds, keep everyone (including YOU) from noticing this, walk somewhere private, encode that data on a bracelet that they got from Disney, walk to a shop and try to buy a Coke? Really? And when that process doesn't work, they are going to do it all over again? Really? :shrug:

Not to mention the fact that I have severe doubts Disney would implement a system like this without some sort of encoding/encryption - it's likely all bracelets will have some form of digital serial number that is hard coded and wouldn't be able to be "rewritten" to another bracelet or a "blank" bracelet, should someone break in and steal a box.

It's likely that any system would verify both the digital serial number on a bracelet as well as the information on the bracelet about the client as well.

Really, people trying to point out all these tech issues is more paranoia than anything else. Yes, yes, I know ID theft, blah blah, everyone scared witless - and it's good to keep an eye on such things - but when people don't understand the underlying technology (like the fact your actual card number is not on the band in any way, shape, or form) it's difficult.

It's just like people who are terrified of shopping online - your credit card info is FAR FAR more likely to be stolen by the cashier at a restaurant (where they actually disappear with your card) or by a clerk in a store when you physically use it than someone hacking your connection to Amazon. And, in those cases, you have someone who is GOING to use that number and has intent to, unlike a lot of "hacking" scandals which are just to make a point and not for actual use. Of course, large companies themselves do get hacked, which become media spectacles - but, for example, as far as I know to this date there has yet to be a single fraudulent use of the credit cards stolen in the Sony/Playstation debacle, yet everyone quotes it as "see!!! see what can happen!"

There is a balance between total ignorance that credit cards get stolen, and complete paranoia. The media has led many otherwise thinking folk to the 'paranoia' spectrum. And while the "comeback" to that is, "Well, I'm going to be safe than sorry!" there is a line between, just like the line between educating your children about how to cross the street properly and how to respond to strangers vs. wrapping them in bubble wrap and leashing them to you until they turn 18.

 

[flavious27]

The wristbands are not going to be made out of tissue paper, LOL.

Disney uses very secure wrist-bands, it's quite an effort to remove them without using scissors unless you spend several minutes trying to stretch it over your hand to remove it in tact. They are not going to fall out on a ride.

Now, a KTTW card - which you slip in and out of your pocket all day, or wallet, or lanyard, or wherever you chose to store it - is a HECK of a lot easier to lose or forget than a wrist band you have to actively work to remove.

If anything, I'd say a wrist band is far more secure as you are not removing it from places on your person all day, and you will instantly know if it's missing or not because a) it's on your visible self all day, b) you have to actively work to remove it, and c) if someone wants to steal it from you they would have to sneak up, cut it off without you, your family, or another guest not noticing, or stand there for several minutes trying to work it off your wrist. As opposed to, Dad slips the card back into his pocket - and while watching Suzy and Johnny enjoy their new balloon he either misses the pocket and doesn't notice it fall to the ground, or forgets his card at the register, has a hole in his pocket, etc.


That said, I wouldn't wear them and I think the whole RFID thing is stupid, but not for the "OMG you might lose it!" reasons, as I do think they are far more secure. I do not use them as a charge card - why put a middle man between me and my credit card company. If there are any unauthorized charges directly on a credit card, you are only responsible for up to $50 by federal law, and most card companies waive that as a courtesy anyway. By putting a 3rd party (Disney) in the middle, it's a lot harder to fight fraudulent charges as they would have to get involved as well, as the ones charging you all at once for smaller transactions you have accrued.

TP? With Florida's climate? They will just fall apart before you even leave check-in. Disney isn't going to use regular wristbands, they would need to replace every one in the morning because guests will not sleep and shower (I hope not) with them. The ones that were shown look to use a magnet in the back to keep the bracelet closed. I doubt it would take some effort to sling one off of your wrist, I bet drunk guests will make that game.

I can see great potential in disney using rfid to overlay more magic onto us while on property. Having a photpass account setup and ready to go at check-in would be nice. Using a profile setup to make the kids feel more special when a characters says their name will be one of those new disney moments. But I don't like the wristbands for the reasons I said earlier and also that wristbands look cheap. Disney will do what they can to make them look and be expensive, but like a pack, at the end of the day it is still a huge wristband you have on.

If they tried instead for say a two tier system I wouldn't object. You get like a live strong bracelet for just your profile and photopass. Then your kttw card has a rfid for everything, housed in a shielding sleeve.

 

[G00fyDad]

Then you should also know that any good card nowadays has 0% fraud liability. Meaning - if someone steals your card, yeah, its an inconvenience, but you aren't responsible for anything they do.

I'm sorry. Maybe I've been up far too long. I'm not seeing your point. :shrug:

 

[Kamikaze]

I'm sorry. Maybe I've been up far too long. I'm not seeing your point. :shrug:

My point was ... everyone is so worried about CC theft. Honestly, yeah it would suck to have to cancel the card on vacation, but besides that, who really gives a crap? Its not like the thief actually is going to buy things that you will have to pay for.

 

[G00fyDad]

It seems like alot of work, but it is going to be the same amount of work for when they get someone's credit or debit card number. Also are you going to notice if you accidentally rub against someone as they let a bunch of people past by them while in a 90 minute wait for space mountain?

I'm going to notice some moron standing next to me with a black box touching my arm. Don't know about you but I'm alert. My medication works.

 

[G00fyDad]

My point was ... everyone is so worried about CC theft. Honestly, yeah it would suck to have to cancel the card on vacation, but besides that, who really gives a crap? Its not like the thief actually is going to buy things that you will have to pay for.

True. And if it did happen then I'd deal with it. To be honest, I think a mountain is being made out of a molehill here. If someone doesn't trust this system, then all they have to do is "opt out". Or for that matter, it will most likely be an "opt in" option to even get the bracelet. Some people here are acting like Disney is going to force them to take a bracelet. They will do no such thing. They will still have the KttW cards and I hear that people can get them custom made to match their foil hats.

 

[G00fyDad]

Disney uses very secure wrist-bands, it's quite an effort to remove them without using scissors unless you spend several minutes trying to stretch it over your hand to remove it in tact. They are not going to fall out on a ride.

They're not that kind of wristband. I've actually looked up the research on these before I posted. Here is a picture of them. It's not the ones you see for MNSSHP. Although that info could just as easily be attached to the bracelets here too.

 

[dreamfinder]

What would they get? Nothing. You still have to show ID when using your KttW card when making purchases right? I always have.

Really?

I've never been asked for ID when using my KttW card.

Ditto. Don't think I have ever been asked, even when buying a few hundred bucks worth at once.

I will say that Disney had best have the locked down from hacking...RFID is EXTREMELY easy to hack.

Exactly what will hacking my RFID bracelet get a hacker that has nothing better to do with his time than to spend his day walking around the WDW resort with a laptop hacking RFIDs? It is tied to your room and name. Not your credit card info or personal ID or anything else personal. It will have no different info on it than the current KttW card. And if you do not have charging privileges then they will only get my resort ID number and my name. No big deal. If I did have charging privileges then those charges can be disputed and the likelyhood that a hacker will give a *** about hacking your Disney RFID bracelet is pretty low. You'd be more likely to get pick-pocketed or struck with lightening.

Okay, this has been discussed (and discussed, and discussed, and discussed, and discussed) too. Do you truly believe that someone has nothing better to do in their day than to steal RFID alphanumeric codes (as difficult as that would be), program tons of bracelets with them in the hopes of getting one with the correct privileges, then use them? I can see it now "Yes, please charge this wonderful meal to our account." *Shows them his recoded bracelet* "That one doesn't have charging privileges on it or the Disney Dining Plan? Oops.... try this one then." *hands her another one from his duffle bag*

:ROFLOL:

True, you can fool a CM very easy but the system (if Disney has thought this through) would be a little harder. Each wristband is individually identified by the system, so if its used in basically 2 places at once (ie fastpass for splash then purchase in downtown Disney within a few minutes) then the system would flag it. Also if someone tried to enter a park but there was never an exit from a park the system should catch that too. And whos to say you dont have to enter a pin type number when you charge just like a debit card. Of course Disney could have none of these systems in place but I highly doubt that.

If they went through the trouble of programming bracelet after bracelet (that they bought WITH the Disney stitching and designs btw) until they got one with charging privileges and a person in a complete stupor to not notice a person standing next to them touching their bracelet with a transmitter/receiver device. Then yeah.... it could happen. They can scan all the bracelets they want. It will only give them the alphanumeric code of the bracelet. They need Disney's database to compare it to so they can "clone" it for charging. If they scan mine all they will get is.....nothing. Oh, maybe my photo-pass photos access. Big deal. If they want to buy pics of me then fine. :ROFLOL:

So they are going to stand next to you, touch your wrist for several seconds, keep everyone (including YOU) from noticing this, walk somewhere private, encode that data on a bracelet that they got from Disney, walk to a shop and try to buy a Coke? Really? And when that process doesn't work, they are going to do it all over again? Really? :shrug:

Wow. That's a lot of work for very little payoff. And I am pretty sure Disney will not allow this system to be abused like this. They cannot afford for this to happen. They will put measures in place to prevent any of this (even as unlikely as it is to happen) theft from happening. Disney did not get to be a $4.3 billion a year business by doing dumb things like that.

I'm going to notice some moron standing next to me with a black box touching my arm. Don't know about you but I'm alert. My medication works.

Really now. Wow. Hackers hack things because they can. That's all there is to it. Anytime someone creates a "hack proof" system, people will hack it. Just to do it. Remember the video game Doom? Well, there is a running joke to see if hackers can get a device to run Doom. If you can get it to do that, you can get it to do almost anything. Those giant display phones you see in some electronic stores? People have rooted those just to install stupid crud and then post the video on YouTube to show they did it.

RFID devices can be cloned in a fraction of a second. As quickly as the device can be read, one can be cloned. It's not that noticable. A proficient electronics person could hide the tech in something perfectly normal, be it a book, eletronics game device, something like that. All they need to do it walk by you and they have your info. Stick it in their bag, you would never notice. Check out this post from 2009 about what is involved - > http://cyberinsecure.com/cheap-rfid-sniffing-and-cloning-device-for-sale-by-researcher/ For $250 they can scan anything within a 30 foot radius.

Now it is possible to do some things to lock down the data a bit, but if a company can create a certain device, another can create a copy of it.

Why would someone go through the hassle of doing this? Why would people make fake pins that then retail for $.50? Or buy non transferable tickets to resell? Profit. If someone gets a valid band, they can easily buy say 5 different DVDs to resell at a flea market or on eBay. Doesn't necessarily have to be a huge item, if anything smaller items are quicker to resell.

As a PP said, typically people try stolen CC's on a very small item, just to see if its valid. Try to buy a soda see if it works. If it comes back as no charging, "Ooops, grabbed my daughters bracelet." Pay cash and know that one is garbage, or say "I have to go get money, let me go grab some from my wife" and just not come back. It may even be easier, if they add NFC style payment methods on vending machines, no humans to interact with.

Is any of this really going to happen? Beyond someone hacking the braclets, probably not. I can almost guarantee that once the AAs read your bracelet to say "Welcome Johnny!" that someone will hack them just to record Peter Pan saying "Welcome to the 5th gate of h-e-double hockey stick!" and upload it to YouTube. As much as guests forget it, WDW is part of the real world, and bad things do occasionally happen despite WDWs best efforts to prevent them.