Discussion in 'Disney Rumors and News' started by Weedy, Jan 7, 2013.
I know this story has been around for awhile now, but I am still not convinced that there are enough benefits for this system that will make me like it yet. Further disclosure from Disney will help.
The important question is whether the RFID actually carries all of your information, or if it just carries an internal identifier of you that the scanning computer will need to look up in WDW's intranet in order to verify guest info or charge to the guest's account. The sane answer is the latter, but you never know.
The reason I say this is people freak out the most over the assumption that their information can be stolen from the device. If all that the device carries is an identifier, the guest's identity and financial access are relatively safe. Think of it as the barcode on your KTTW card. The computer looks up your guest file in the WDW Intranet and the computer, not your card or RFID bracelet, brings up your identity or charging priviledges. Even if a scammer were to clone it, the worst they could do would be to charge things to you within WDW, and that would be easily trackable as you could sit down with security, review your RFID use log, and security could use the pattern of uses to track down the scammer. Without access to WDW's intranet, the information on the RFID itself would be useless. Also, if the biometric scans remain in place, that would decrease the likelihood that the scammer park-hops with your borrowed identity, and make it easier to catch them if they attempt to do so.
Since that's how the KTTW cards function already, I'm going to assume WDW will handle the RFID system the same. The only added weirdness is that it will make it easier for WDW to track your physical location, but in all reality, the software to do that via surveilance cameras already is cheaper and more readily available than ever before, so I'd be surprised if WDW didn't have some level of that in place already, and other places are already tracking you whether you know it or not. Welcome to reality.
Log in or Sign up to hide this advert.
Staggs specifically said that the band will not contain any of your personal information. It's the only thing that makes sense really. Ofcourse it would help if Disney would provide a little more detail about the system.
I dont mind the idea of this too much because I feel WDW realizes if they delve too much into personal lives, they will pay the price in lost ticket purchases.
What concerns me is this, and again, I feel like they are investing a lot, so they have done their homework, but we are frequent visitors, 2-3 trips per year, since 1999. We go to the parks leisurely, meaning we mosey around, do things on a whim. So, knowing all these times may be booked up early for say SM, BTMRR, TSM, or any other E ticket ride, where does that leave our type of visitor?
Key issue with RFID is security, Common RFID systems can be read and 'cloned' with gear which would fit in the average kid's lunchbox. So simply by sitting anywhere there are lots of people a sophisticated theif could clone many RFID's and use them to make under $50 purchases for resale.
This is the exploit which was used on many transit systems which used a RFID system. Copy the RFID and you were golden you basically had 'free' transit by using the balances on other peoples RFID cards.
Now if Disney is using a secure RFID system i.e. one which incorporates a digital certificate even if the RFID was cloned it is unusable as while the RFID code is the same the certificate ID assigned to that serial # would not match.
Bottom line all a RFID is a barcode readable by radio waves.
I wish that Disney was more forthcoming about the security of their new RFID system. As with the current system mine will be living in a RF Shield bag unless I want to use it unless Disney can convince me that it's safe otherwise.
( the same bag that EZ-Pass transponders are kept in if you dont want to use it to pay a toll for some reason - taking it home if car broken down, etc)
I remember reading a story posted on the net about a girl that had her car trucked across the state. She left her EZ Pass in her glove box. When her bill arrived that month she had several class 4 tolls i.e. the toll for the whole truck.... Mine is permanently kept in its metallic Mylar bag unless i want it to be read. Makes the battery last longer. Once the battery goes you have to buy a new EZ Pass.
Anything RFID that DIsney uses will also be kept in a mylar bag. Luckily, the RFID transmitters that Disney uses (at least at this time) has to be very close to the receiver so the skimmer has to almost touch you to skim it.
All our personal information *will not* be put on a band. We will pay cash for everything first, or use our own CC.
No personal information but your disney account number will be on it. And anything that you can buy that does not require you to prove you are who you are will be fair game. I do like the convenience of the RFID but it should require some type of physical input from the owner to prove they are the owner, just like your debit card. Because in effect that is what it is, an RFID enabled debit device.
I really don't like bracelets, but I"m willing to put up with it as long as its not like the ones you can't take off until your stay is over (conflicting reports on that at the moment I know).
i have read stories where they will be pretty fancy where you can add charms (i.e. buy bracelet, buy charms, buy this, buy that...). It will be another cash maker item for Disney. I suspect they probably will be pretty cool... Not vinylmation cool.... but more like pin trading cool. I don't like the RFID idea but the whole concept is actually pretty smart. The easier you can pay for something the more you will spend (without noticing) and the more interesting the item the more likely you are to buy multiple items to go with it. Like the monorail toys, where you have to buy the contemporary, the poly, the epcot sphere, the GF, the....to have a complete set.
Every RFID purchase requires entry of a pin code. Disney toyed with a $50 minimum for these transactions but has since changed to all purchases.
I have all of the same concerns about security that have been mentioned and will wait to hear more from Disney on that topic.
My questions are:
Has anyone not thought about the issue of large plastic wrist bands in the Florida heat? I really don't need anything else to make me feel hot and sticky when I go in June.
What about the water parks? Can they get wet? Will they slip off?
What about families who stay off property? Will we not get fastpasses, or lose good times, etc?
Resort guests and passholders will be able to schedule ride times in advance. Others will have to wait until they arrive in the parks. Remains to be seen what impact this has on availability of FPs.
My sense is that if you arrive early, there will still be ample opportunity to get FPs for all attractions. But the supply may be exhausted earlier in the day due to the advance reservations.
But even that may not come to pass. Disney can tinker with the number of total FPs issued. If they want to offer 10% more, 25% more or 50% more FPs for any given attraction than they do today, they can. Only real impact will be slower-moving standby lines.
We are going in the beginning of May, so it's not a high peak time!
As of 3 days ago (when we left wdw) this wasn't the case. In fact I asked about using the pin and was told it needed a $50. minimum.
Im on the fence on this one. heres why after a friend showed me this video..
I hope that Disney Dose not store my Credit Card on this wrist band if so i just want my keys to the kingdom card . this way I still have to show my ID to charge stuff ..
Pretty sure if its on the wrist band it'll have Disney's own unique encryption, meaning it'll be your card number but its masked into Disney's system which would require the reader to have the code or for the person skimming to know it or be able to crack it (in which case they work for Disney or are really good with computers and sequencing).
The pin code mandate for all transactions went into effect on January 8.
Separate names with a comma.