'Touch-to-Pay' RFID devices to roll out to many locations tomorrow

awoogala

awoogala

Well-Known Member
wdwmagic said:
'Touch-to-Pay' RFID devices to roll out to many locations tomorrow
Click to expand...
this is the part of nextgen that doesn't appeal to me in the slightest. Never liked the idea of tying a credit card into my ticket/key anyway. I always can manage to pull out my credit card just fine. Where do you leave your credit cards anyway? If it's in my pocket, the 2 seconds it saves me seems silly. I would never leave it in the room.
Oh, and remembering a PIN? HA! there goes those 2 seconds, since I would have forgotten it, and have to search for where I wrote it down!
 
Lil Fort

Lil Fort

Well-Known Member
hakunamatata said:
Can anyone confirm the rumor that they are rolling out the new tinfoil Mickey ears to go with this new technology?
Click to expand...
I heard that they were going to, but then the whole project was value engineered. Now they are simply going to create interactive queues at all stores and the guests will create their own Mickey ears out of foil while they wait to check out. ;)
 
unkadug

unkadug

Follower of "Saget"The Cult
awoogala said:
I agree. but PIN, not PIN number! ;)
Click to expand...
doh.jpg
 
s8film40

s8film40

Well-Known Member
wdwmagic said:
It is a heck of a lot more secure than a magnetic stripe on a room card, so not worried about that at all.
Click to expand...
I'm not sure you understand how RFID works. Hopefully they have some sort of security measure in place especially with this creating not only the vulnerability of some making purchases with your information but also access to your hotel room.

 
Polydweller

Polydweller

Well-Known Member
s8film40 said:
I'm not sure you understand how RFID works. Hopefully they have some sort of security measure in place especially with this creating not only the vulnerability of some making purchases with your information but also access to your hotel room.

Click to expand...

That's been part of the testing. When we tried the features that were available the RFID card had to be within a small fraction of an inch of the reader to be read. Above, below, to the sides meant it wasn't read, as did 1/2 inch away (actually a bit less). It will be very hard for someone to scan it without touching you. Also, the only info on there is the RFID number which is cross-referenced to your Disney identification/account. There is no credit card info on the RFID card just like there isn't any on their current mag stripe card. So, a person trying to steal from you would have to get extremely close and then have the technology to create a new RFID card. Very unlikely since it would hardly be worth the effort because it can only be used for Disney stuff. And as stated, over $50 you have to give your pin and that works exactly like your credit/debit pins, only you know your pin.
 
s8film40

s8film40

Well-Known Member
Polydweller said:
That's been part of the testing. When we tried the features that were available the RFID card had to be within a small fraction of an inch of the reader to be read. Above, below, to the sides meant it wasn't read, as did 1/2 inch away (actually a bit less). It will be very hard for someone to scan it without touching you. Also, the only info on there is the RFID number which is cross-referenced to your Disney identification/account. There is no credit card info on the RFID card just like there isn't any on their current mag stripe card. So, a person trying to steal from you would have to get extremely close and then have the technology to create a new RFID card. Very unlikely since it would hardly be worth the effort because it can only be used for Disney stuff. And as stated, over $50 you have to give your pin and that works exactly like your credit/debit pins, only you know your pin.
Click to expand...
Like I said I would hope and expect that they have some kind of security features. I wouldn't think proximity is so much a security feature but more of an accuracy thing so it doesn't pick up the wrong card. My understanding of RFID is that the card it self is merely a transponder, range would be determined by the level of power from the reader. So someone looking to "read" someone else's card would simply adjust the power setting. Once the information is obtained it is actually relatively easy for it to be copied to another "fake" card and then used, even if only $50 at a a time it is of value to some criminals. Not to mention that card also allows access to the room.
 
G00fyDad

G00fyDad

Well-Known Member
s8film40 said:
Like I said I would hope and expect that they have some kind of security features. I wouldn't think proximity is so much a security feature but more of an accuracy thing so it doesn't pick up the wrong card. My understanding of RFID is that the card it self is merely a transponder, range would be determined by the level of power from the reader. So someone looking to "read" someone else's card would simply adjust the power setting. Once the information is obtained it is actually relatively easy for it to be copied to another "fake" card and then used, even if only $50 at a a time it is of value to some criminals. Not to mention that card also allows access to the room.
Click to expand...

If you have people following you to your room to find out where you are staying then you have more problems than a pick-pocket.
 
KeithVH

KeithVH

Well-Known Member
So we're sure proximity is required to read the unit, right?

I was just thinking of potential geospatial tracking possibilities to follow individuals and track movement through a park. That'd be cheaper than having to maintain that Keyhole in orbit . . .
 
s8film40

s8film40

Well-Known Member
G00fyDad said:
If you have people following you to your room to find out where you are staying then you have more problems than a pick-pocket.
Click to expand...
Obviously that's an extreme case but many criminals would find it worthwhile to brush up against someone in the lobby follow them to their room and then wait for them to leave and simply walk in and take all their belongings. Some people leave quite a few valuable items in their room.
 
dreamfinder

dreamfinder

Well-Known Member
Lil Fort said:
That makes me feel a bit better. I wish it would be required on all charges though.
Click to expand...

Are you aware that many physical stores (Target, Trader Joe's come to mind off the top of my head) no longer require signatures on $25 or less purchases? And think of how many times you give your credit card to someone who disappears with it for a few minutes, which is more than enough time to skim your card to make aclone. Not that most people actually check the signature on the card, never mind challenge those that don't match, but it's significantly easier to skim a card that can then be used across the world for goods that have a much larger resale value than another 50 pairs of Mickey ears.
 
ulto22

ulto22

Active Member
As a failsafe, I imagine Disney will be keeping track of where you are in relation to where the purchase was made. If I just scanned into Tower of Terror Fastpass and a purchase was made with my bracelet elsewhere, any competent company would flag that action and make a PIN input necessary to complete the transaction as it seemed suspicious.
 
flynnibus

flynnibus

Premium Member
Lil Fort said:
Is it? A would be thief can't read the magnetic stripe on a room card just by being in close proximity to it. They have to actually steal the card to use it.
Click to expand...

The difference is a mag-strip is just a passive encoding of info. You read it - you have it. Pure cloning.

The RFID braclets would have challenge/response mechanisms to prevent cloning and replay attacks. Basically - they are more than just a 'code' like a magstrip is.
 
flynnibus

flynnibus

Premium Member
awoogala said:
this is the part of nextgen that doesn't appeal to me in the slightest. Never liked the idea of tying a credit card into my ticket/key anyway. I always can manage to pull out my credit card just fine. Where do you leave your credit cards anyway? If it's in my pocket, the 2 seconds it saves me seems silly. I would never leave it in the room.
Oh, and remembering a PIN? HA! there goes those 2 seconds, since I would have forgotten it, and have to search for where I wrote it down!
Click to expand...

A mindset.. already moved beyond by systems like on Cruise Ships.. that operate on a pure cashless system.
 
flynnibus

flynnibus

Premium Member
s8film40 said:
Like I said I would hope and expect that they have some kind of security features. I wouldn't think proximity is so much a security feature but more of an accuracy thing so it doesn't pick up the wrong card. My understanding of RFID is that the card it self is merely a transponder, range would be determined by the level of power from the reader. So someone looking to "read" someone else's card would simply adjust the power setting. Once the information is obtained it is actually relatively easy for it to be copied to another "fake" card and then used, even if only $50 at a a time it is of value to some criminals. Not to mention that card also allows access to the room.
Click to expand...

When you use ID only - yes
But you can use systems that are actually challenge/response systems as well. Basically the reader sends a signal, the card manipulates it, sends it back, and the reader checks the expected response vs what it got. It's similar to how password systems work, certificates, etc. How do you verify an identity without actually sending the identity itself over the wire... You then incorporate time elements to ensure protection against replay attacks.

RFID can have both active and passive tags.
 

Register on WDWMAGIC. This sidebar will go away, and you'll see fewer ads.

Back
Top Bottom