• Controversial Topics
    Several months ago, I added a private sub-forum to allow members to discuss these topics without fear of infractions or banning. It's opt-in, opt-out. Corey Click Here

MagicBands Can Be Read By NFC Enabled Phones

I have to assume that if the credit card companies trust RFID/NFC then it's 'secure enough' for most things.

If a hacker is able to crack the encryption on that then are they really going to travel to a disney hotel, stake it out all day(s), and hope that you have some goods inside worth stealing? Or are they going to duplicate a bunch of credit cards and start shopping at best buys everywhere for free?

I'm thinking they're not wasting their time with hotel rooms. They'll be going after the easy fruit.
 
When we visited WDW in August 2012, we had our KTW cards and did not ever use a PIN when we charged. When we went Aug 2013, we had KTW cards and had to use a pin for everything from a bottle of water to our *ahem* large purchase at World of Disney. I hope they keep the PIN, it's a measure of security.
 
aimeeinohio said:
When we visited WDW in August 2012, we had our KTW cards and did not ever use a PIN when we charged. When we went Aug 2013, we had KTW cards and had to use a pin for everything from a bottle of water to our *ahem* large purchase at World of Disney. I hope they keep the PIN, it's a measure of security.
Click to expand...

The PIN was added specifically to increase security with the RFID devices.

With the swipe-only cards, someone would have to have the physical card and swipe it to get the ID, then program another card with identical ID.

With RFID, they only need to get "near enough" with an RFID skimmer to get the ID, without physical access, so there is inherently more of a security concern. Adding the PIN adds a second factor to the authentication of the user (which wouldn't hurt with swipe cards anyways).
 
mikek said:
If a hacker is able to crack the encryption on that then are they really going to travel to a disney hotel, stake it out all day(s), and hope that you have some goods inside worth stealing? Or are they going to duplicate a bunch of credit cards and start shopping at best buys everywhere for free?

I'm thinking they're not wasting their time with hotel rooms. They'll be going after the easy fruit.
Click to expand...

That may be. But you can bet that there are thieves out there that will think of ways to break into the system and rip people off that we haven't even begun to imagine.

Personally, I am concerned about the implications.
 


carelo said:
That may be. But you can bet that there are thieves out there that will think of ways to break into the system and rip people off that we haven't even begun to imagine.

Personally, I am concerned about the implications.
Click to expand...

RFID has nothing to do with it. If they were able to "break into the system", they wouldn't have any need for the RFID. That information has always been in the database for many years.
 
carelo said:
That may be. But you can bet that there are thieves out there that will think of ways to break into the system and rip people off that we haven't even begun to imagine.

Personally, I am concerned about the implications.
Click to expand...

I'm sure there's someone looking into it. the crooks are crazy now a days.

I literally think I've had my business visa hacked 5-6 times in the same number of years. It's crazy.

the numbers of people getting their identities stolen is crazy.

My point is I dont think this opens Disney up to any more significant problems than anyplace else. From what i understand all the credit cards in europe already have RFID. Passports all have RFID. Some american cards have RFID. Cellphones are getting RFID "wallets". The technology is here to stay.

And besides all the banking things other resorts http://www.ripleysnewsroom.com/rfid-technology-makes-staying-at-great-wolf-lodge-easy-convenient/ have had this technology for years now and i haven't heard any horror stories (not that they haven't happened but i'm tyring to say it's not open season insecure.

And not to belittle it, but crime already happens at disney. And aside from your personal stuff that's irreplaceable (which probably we shouldn't be leacing in our hotel rooms unsecured) Disney seems to take care of it. After a day of enjoying ourselves and shopping at the studios some lowlife stole our stroller with the bags underneath when we were in the bugs life playground for a few minutes after lunch. We got disney security and they took our info and THEN handed us off to a merchandise manager who asked us all about what was in our stroller and then took us around to 'shop' for free and replace everything that was stolen. It's like getting your credit card stolen- it's a major hassle but the cost is absorbed by the business.

If disney has to make right after a rash of hotel rooms getting broken into or they let your credit card get hacked and are fixing that then their bottom line gets hit and they'll bend over backwards to fix it.
 
mikek said:
My point is I dont think this opens Disney up to any more significant problems than anyplace else. From what i understand all the credit cards in europe already have RFID. Passports all have RFID. Some american cards have RFID. Cellphones are getting RFID "wallets". The technology is here to stay.
Click to expand...

Not to mention that the payment card industry (i.e. AMEX, Visa, MasterCard, etc.) are forcing merchants to start accepting new electronic cards - with a "contactless" (read: RFID or NFC) option.
 


mikek said:
just saw this article today-

really nothing but a bunch of opinions but at least some people think that payments without cards and just NFC would be a better more secure future:

http://www.zdnet.com/is-the-future-...-card-at-all-7000021838/?s_cid=e539&ttag=e539


point being - nfc isn't a giant security hole compared to plastic and magnetic stripes (well at least not YET...)
Click to expand...

It's not NFC itself that makes the credit card system "secure", but EMV - which can use NFC (or direct-contact chips), but layers various security features on top of it.

What I thought was funny is that with the credit card companies forcing the ability to handle EMV within a few years, I expected any new cards I get to automatically be EMV-enabled.

Imagine my surprise when I got a replacement for my expiring Amex card - which had previously already had an ExpressPay chip (a precursor of sorts to EMV) - and it not only didn't have EMV, but it didn't even have ExpressPay!

The lack of ExpressPay was an error on their part (apparently if you don't use the ExpressPay within 12 months, they won't issue a card with it when it expires, but I had used it), but I asked about EMV, and he said that they did have EMV cards, but they aren't yet issuing them by default. He did offer to send me the EMV card, but they are NOT compatible with ExpressPay, and I don't know any vendors that can handle EMV yet, so I didn't see any value at that point.

So although the credit card companies are forcing the vendors to accept EMV, they don't seem to be in a rush themselves to get consumers to use them...
 
and now that ISIS lost there major credit card company ISIS my never get out of beta in austin and salt lake. They just need to make google wallet work and all would be good.
 
doconeill said:
It's not NFC itself that makes the credit card system "secure", but EMV - which can use NFC (or direct-contact chips), but layers various security features on top of it.

What I thought was funny is that with the credit card companies forcing the ability to handle EMV within a few years, I expected any new cards I get to automatically be EMV-enabled.

Imagine my surprise when I got a replacement for my expiring Amex card - which had previously already had an ExpressPay chip (a precursor of sorts to EMV) - and it not only didn't have EMV, but it didn't even have ExpressPay!

The lack of ExpressPay was an error on their part (apparently if you don't use the ExpressPay within 12 months, they won't issue a card with it when it expires, but I had used it), but I asked about EMV, and he said that they did have EMV cards, but they aren't yet issuing them by default. He did offer to send me the EMV card, but they are NOT compatible with ExpressPay, and I don't know any vendors that can handle EMV yet, so I didn't see any value at that point.

So although the credit card companies are forcing the vendors to accept EMV, they don't seem to be in a rush themselves to get consumers to use them...
Click to expand...


it is funny how AMEX seems to be going "backwards" to the old days.
 
mikek said:
what happened to ISIS- i missed that?
Click to expand...

ISIS is a mobile wallet app that can work with an NFC phone to do ExpressPay-type payments, but also had some enhanced features. It required an enhanced SIM chip.

Not sure if the coming EMV might have been an issue, but I'm not aware of them stopping...
 
doconeill said:
ISIS is a mobile wallet app that can work with an NFC phone to do ExpressPay-type payments, but also had some enhanced features. It required an enhanced SIM chip.

Not sure if the coming EMV might have been an issue, but I'm not aware of them stopping...
Click to expand...

thanks- i acutally know ISIS, i have it on my phone. Although I'm in NJ there are some places around that i can play with it.

I'm not at all impressed. Take my phone out of my pocket. Run the app. Enter my pin. Wait for slowish app to load. Pick a payment card (with their bad UI). then press button for 'turn on nfc'. then tap. By this point i could have paid with a tap credit card 5 times over.

reading some more looks like capital one bailed on ISIS. So now it only works with amex and chase.

I do use it for my coke rewards. It has a way that you can use your coke loyalty card to buy soda at an NFC machine. I've had my coke rewards for years but never really bothered 'cause it was a hassle and there was no easy way to redeem. Not i can text the codes to my account (like before) but now i know i can find the appropriate soda machine to cash out with my phone and ISIS when i want to.

I wish ISIS and google wallet would just merge already and be done with it.

Then i read there's some other company who is going to allow you to pay with barcodes or somesuch. Had a pile or retailers in that one, Kohls, dunkin donuts, and others.

Anyway, would be cool if disney made nice with ISIS (or whoever actually wins in the end) to allow you to slap your pass on your phone, or give you rewards, or anything cool like that.
 
You must log in or register to reply here.

Share this page


GET A DISNEY VACATION QUOTE

Dreams Unlimited Travel is committed to providing you with the very best vacation planning experience possible. Our Vacation Planners are experts and will share their honest advice to help you have a magical vacation.

Let us help you with your next Disney Vacation!


New DISboards Threads

#1hoosierfan
The 150th Running of the Kentucky Derby
Replies
1
Views
89
DodgerGirl
D
erinch
Hotel advice please!
Replies
4
Views
161
Pluto468
Pluto468
insureman
Lookout Cay information panel
Replies
0
Views
106
insureman
insureman
B
Questions for Northerners by Southerners or vice-versa in the USA?
Replies
0
Views
101
Buzz Rules
B
M
List of rides open/closed for early entry?
Replies
1
Views
127
Kerr84
K
joseph821
Lucky Fortune Cookery Menu Question - Beef Birria Ramen
Replies
4
Views
212
LilyJC
LilyJC
NEWS & UPDATES



Latest posts







facebook twitter
Top