Disney Information Station Logo

Go Back   The DIS Discussion Forums - DISboards.com > Disney Trip Planning Forums > Disney Rumors and News
Find Hotel Specials & DIScounts
 
facebooktwitterpinterestgoogle plusyoutubeDIS UpdatesDIS email updates
Register Chat FAQ Tickers Search Today's Posts Mark Forums Read





Reply
 
Thread Tools Rate Thread Display Modes
Old 01-24-2013, 10:32 PM   #46
yitbos96bb
DIS Veteran
 
yitbos96bb's Avatar
 
Join Date: Nov 2005
Posts: 2,608

Quote:
Originally Posted by M5ward View Post
Agree! I don't think I will attach a credit card to the room key anymore. There was a chip scanner group working at a mall in Philly not too long ago. I carry all my cards (RFID and other) in a (supposedly) protective card case. It also helps protect magnetic strips...or so I like to think. We usually always use cash or gift cards anyway.
I wouldn't trust those cases all that much. I've seen some interesting demos at some hacker cons...
__________________
yitbos96bb is offline   Reply With Quote
Old 01-25-2013, 07:00 PM   #47
sachilles
Mouseketeer
 
Join Date: Jan 2013
Location: Waitsfield VT
Posts: 127

PCI compliance is sidestepped, as its not a direct credit card transaction. It's merely a "room charge". Credit card transaction doesn't occur until you check out/check in. If you can't access credit card info from the pos, it likely isn't a PCI issue.
sachilles is offline   Reply With Quote
|
The DIS
Register to remove

Join Date: 1997
Location: Orlando, FL
Posts: 1,000,000
Old 01-25-2013, 07:05 PM   #48
doconeill


Fastpass Jedi Master
 
doconeill's Avatar
 
Join Date: Feb 2007
Location: Massachusetts
Posts: 16,569

If it can result in fraudulent charges that the customer may dispute with the credit card company, it could still be a PCI issue. But it's the credit card companies themselves that allow no-verification transactions up to a certain amount, which varies from vendor to vendor.
__________________
Doc - WDW Untangled - New: Fastpass+ - Rider Switch - MagicBands - ADR Calculator - WDW MYW Ticket Price Calculator
"WDW is the reason more of us should have paid more attention in Math class." - Me
Commissioner, Official DIS Unplugged Fantasy Football League - MK Conf - EC Conf - HS Conf -2013 Champion oc_tony!
4th Annual New England DISMeet for GiveKidsTheWorld - Oct 3-5, 2014 - Plymouth, MA

doconeill is offline   Reply With Quote
Old 01-25-2013, 07:54 PM   #49
kia5711
Earning My Ears
 
kia5711's Avatar
 
Join Date: Jan 2013
Location: Canada
Posts: 20

So we don't HAVE to link a credit card to it correct? We're still able to pay for purchases with cash/debit/credit card at the store/restaurant?

We're planning our first trip and this is just adding to my list of stress
kia5711 is offline   Reply With Quote
Old 01-25-2013, 09:34 PM   #50
lockedoutlogic
DIS Veteran
 
lockedoutlogic's Avatar
 
Join Date: Apr 2007
Location: Joisey
Posts: 3,317

Quote:
Originally Posted by kia5711 View Post
So we don't HAVE to link a credit card to it correct? We're still able to pay for purchases with cash/debit/credit card at the store/restaurant?

We're planning our first trip and this is just adding to my list of stress
absolutely...no problem

disney just encourages/embraces the room charge concept...supposedly for your "convenience" and "guest demand"...

they also use those reasons for every single decision...good or bad.

but anyone with a functioning ganglion knows that its for their benefit...i'll give you the two most obvious reasons:

1. Terminal Charges: the retailer (traditionally...american banks now seem to think they have the right to pass it on to us - even if we are deducting form our own money) pays a charge each time it processes a transaction through the network - the visa/mastercard and amex being the most widely used...
By using the room charge system - they "pool" your charges, then run it en masse...saving money on the aggregate

2. because a card with mickey mouse on it is not subconcsiously linked to YOUR money. people spend more on the roomie charges - big shocker. If you have to continually flash a visa logo...eventually the reality that you're getting big fat, interest bearing bills in 30 days sets in...and you ease back.
A cute mickey card - you don't...


now it will be a cute mickey wristband...for lots of tshirt, hats, stationary and iphone cases that will look quite silly back in wisconsin at the end of the week.
__________________
Went there.....
Worked there....(Resort Operations)
Wed there....(EPCOT 2004)
Bought there....(SSR 2006)

Last Trip: Too Long Ago
Next Trip: Can i borrow some money to go?
Gift Shop Quality: When did we get to WalMart?
Food Quality: Only the finest free range roast chicken breast and loch dart salmon in the Kingdom


"May the Space Being bless the Free Market"
lockedoutlogic is offline   Reply With Quote
Old 01-26-2013, 05:55 AM   #51
sachilles
Mouseketeer
 
Join Date: Jan 2013
Location: Waitsfield VT
Posts: 127

Quote:
Originally Posted by doconeill View Post
If it can result in fraudulent charges that the customer may dispute with the credit card company, it could still be a PCI issue. But it's the credit card companies themselves that allow no-verification transactions up to a certain amount, which varies from vendor to vendor.
It's not a PCI issue. Card holder data is sidestepped in the whole process. The non-verification transaction is to the room charge, not directly to the credit card. That is the the beauty of it. As mentioned above, your charges are pooled on your lodging folio. You then sign off on the whole charge at your front desk, likely on your reg card when you check in.

PCI compliance merely regulates card security. You may be thinking of the merchants credit card agreement which dictates the rules of credit acceptance. An RFID bracelet is no different than a kttw card, it's merely different media.
If a Cm could pull your un-truncated credit card number from the system, then you'd have a PCI issue.
sachilles is offline   Reply With Quote
Old 01-26-2013, 10:35 AM   #52
sachilles
Mouseketeer
 
Join Date: Jan 2013
Location: Waitsfield VT
Posts: 127

Quote:
Originally Posted by yitbos96bb View Post
I wouldn't trust those cases all that much. I've seen some interesting demos at some hacker cons...
Its false security. Anyone resourceful enough to build a skimmer is resourceful enough to acquire the info before it even becomes attached to your account/folio. There is no doubt a box full of the rfid bracelets waiting to be issued at any of the resort front desk areas. The bracelet likely has the code printed on the bracelet. An unscrupulous CM could just as easily hand that info over to a crook for a few bucks while no one is looking.
Ultimately there isn't a going to be a lucrative market for items that are going to be stolen. I doubt there is a band of gypsies that is acquiring cases of cheeseburgers from Pecos bill's using stolen rfid tags, then selling them on the black market.
Retail items may have some limited resale. Since these tags will be for lodging guests, I'm guessing a large majority of items will be sent back to their room and are not taken from the store by the buyer. Shipping to your resort accommodations provides a validation step.
So ultimately the big worry is worrying about gate admission and other experiences that the bracelet would gain you access to, and that will likely have other validation. I belt you'll find the bracelets will have some visual fraud detection features so gate workers have a better chance to see false ones.
You also find that you probably won't be able to load a gift card using the bracelet along with any other value transfers.
So I'm not saying it can't be done, but the risk versus the reward for it seems like it will be less of an issue than one might think. Crooks will take the path of least resistance that gives the largest gain. There are likely better opportunities to defraud folks in such a broad concentration of tourists, with less folks watching than a place like Disney.
sachilles is offline   Reply With Quote
Old 01-26-2013, 11:47 AM   #53
doconeill


Fastpass Jedi Master
 
doconeill's Avatar
 
Join Date: Feb 2007
Location: Massachusetts
Posts: 16,569

Quote:
Originally Posted by sachilles View Post
Its false security. Anyone resourceful enough to build a skimmer is resourceful enough to acquire the info before it even becomes attached to your account/folio. There is no doubt a box full of the rfid bracelets waiting to be issued at any of the resort front desk areas. The bracelet likely has the code printed on the bracelet. An unscrupulous CM could just as easily hand that info over to a crook for a few bucks while no one is looking.
Several problems with this.

1) Attempting to use an RFID code that has not been activated will raise red flags

2) Attempting to use an RFID code that does not have charging privileges will raise red flags

3) The majority of the RFID codes will have a limited lifetime, and if obtained in advance the lifetime won't be known

4) Other information about the purchaser might be available at the POS terminal.

Much better to hang out at a retail location, pick someone that just made a purchase that fits the requirements, and skim.

An "unscrupulous" CM could probably just as easily associate an additional RFID code to the account. Or for that matter, they already have your CC and personal information, which is TONS more valuable to a thief.

It IS possible to cover the device in a material that would greatly reduce the range at which it can be read. Not perfectly though.
__________________
Doc - WDW Untangled - New: Fastpass+ - Rider Switch - MagicBands - ADR Calculator - WDW MYW Ticket Price Calculator
"WDW is the reason more of us should have paid more attention in Math class." - Me
Commissioner, Official DIS Unplugged Fantasy Football League - MK Conf - EC Conf - HS Conf -2013 Champion oc_tony!
4th Annual New England DISMeet for GiveKidsTheWorld - Oct 3-5, 2014 - Plymouth, MA

doconeill is offline   Reply With Quote
Old 01-26-2013, 12:17 PM   #54
sachilles
Mouseketeer
 
Join Date: Jan 2013
Location: Waitsfield VT
Posts: 127

Quote:
Originally Posted by doconeill View Post
Several problems with this.

1) Attempting to use an RFID code that has not been activated will raise red flags

2) Attempting to use an RFID code that does not have charging privileges will raise red flags

3) The majority of the RFID codes will have a limited lifetime, and if obtained in advance the lifetime won't be known

4) Other information about the purchaser might be available at the POS terminal.

Much better to hang out at a retail location, pick someone that just made a purchase that fits the requirements, and skim.

An "unscrupulous" CM could probably just as easily associate an additional RFID code to the account. Or for that matter, they already have your CC and personal information, which is TONS more valuable to a thief.

It IS possible to cover the device in a material that would greatly reduce the range at which it can be read. Not perfectly though.
1-3 are all valid points but aren't what I was suggesting a crook would do.
Example would be for the crook to ask for the rfid's of a few guests checking in on that day. Adding another rfid tag to an account that was then used for fraud would track back to who assigned it to the account getting them in hot water.
Pci compliance will mean that very few people will have your full credit card info other than those that actually touch the card. Of course that is a risk any place you use your credit card. Ultimately that has nothing to do with the RFID technology. PCI compliance for a merchant the size of disney must be tested by external sources on a regular basis to make sure certain folks have access to non-encrypted credit card info as well as resisting outside threats.
My point is simply that there are low-tech ways to compromise the rfid technology, and one need not HAVE to skim the rfid's to compromise your account. Loss from folks gaming the rfid system will be no greater than the current KTTW key system. It is just different media.
In order to game the rfid system, you need to skim the rfid. Re-create the rfid, package it for use, then buy stuff in a way that can't be tracked and do it in the span of time someone is at the resort. As you pointed out, using one of somebody that isn't checked in or have active charging privileges will generate a red flag. What is going to be worth stealing that warrants that cost/risk?
I do not see where any identity theft issue can come from getting a guests RFID tag, do you?
sachilles is offline   Reply With Quote
Old 01-26-2013, 01:26 PM   #55
lockedoutlogic
DIS Veteran
 
lockedoutlogic's Avatar
 
Join Date: Apr 2007
Location: Joisey
Posts: 3,317

I just have to say...i love this thread.

real things...technology, security, operations, and potential problems...

yes...there are problems all over WDW...and discussion isn't to just harp on them...somewhere deep down we all hope they are addressed & solved.

So much better than "How magical is Wishes?" and "Tell me about POR"

those have been covered 3.6 million times


ok...carry on
__________________
Went there.....
Worked there....(Resort Operations)
Wed there....(EPCOT 2004)
Bought there....(SSR 2006)

Last Trip: Too Long Ago
Next Trip: Can i borrow some money to go?
Gift Shop Quality: When did we get to WalMart?
Food Quality: Only the finest free range roast chicken breast and loch dart salmon in the Kingdom


"May the Space Being bless the Free Market"
lockedoutlogic is offline   Reply With Quote
Old 01-27-2013, 10:09 AM   #56
*NikkiBell*
The WDW Merchandise Walking Bible
 
*NikkiBell*'s Avatar
 
Join Date: Jun 2005
Location: New Jersey
Posts: 12,145
DISboards Moderator

The more and more I think about this, the less likely I want to attach a card to the band. I usually use a debit card and Disney GCs when I go down, but the convenience of the band was luring. I guess I'll find out soon when I head down in a few weeks.
__________________
Nikki
DIS Unplugged Forum Moderator & Blogger

disboards.com/blog.wdwinfo.com
Follow Me on Twitter






2011 - GC, Swan 2010 - AKLV
2009 - AKLV, DxDP/OKW, DDP 2008 - SSR, PFTS, MNSSHP/AKLV, 1st DVC Trip, DxDP 2007 - PC, MNSSHP 2006-7 - POFQ, Premium DP 2006 - PC 2005 - POFQ, Premium DP 2004 - PC, Silver Plan 1998 - ASMu 1997-94 - Off-Site
*NikkiBell* is offline   Reply With Quote
Old 01-27-2013, 10:18 AM   #57
doconeill


Fastpass Jedi Master
 
doconeill's Avatar
 
Join Date: Feb 2007
Location: Massachusetts
Posts: 16,569

Quote:
Originally Posted by *NikkiBell* View Post
The more and more I think about this, the less likely I want to attach a card to the band. I usually use a debit card and Disney GCs when I go down, but the convenience of the band was luring. I guess I'll find out soon when I head down in a few weeks.
Hmm...that brings up another thought. But the way these threads have gone lately, a disclaimer:

I HAVE NO INFORMATION THAT THIS IS THE CASE, OR THAT DISNEY HAS EVEN THOUGHT OF THIS

Now that that is out of the way...

What about a "loadable" feature on the bands? Rather than using a gift card, you could have the ability to load $20 or whatever onto the band to use much like a gift card.

Speaking of which, what I'd REALLY like is some sort of gift card-like feature for my kids, where I can do something like put $20 on the card but have a "leeway" for a bit more, so that they don't have a problem when they are a couple dollars short...but I'd want to be able to "unload" the remainder.

Or, for that matter, (RFID/PIN code issues aside) give them a room charge privilege with a similar limit.
__________________
Doc - WDW Untangled - New: Fastpass+ - Rider Switch - MagicBands - ADR Calculator - WDW MYW Ticket Price Calculator
"WDW is the reason more of us should have paid more attention in Math class." - Me
Commissioner, Official DIS Unplugged Fantasy Football League - MK Conf - EC Conf - HS Conf -2013 Champion oc_tony!
4th Annual New England DISMeet for GiveKidsTheWorld - Oct 3-5, 2014 - Plymouth, MA

doconeill is offline   Reply With Quote
Old 01-27-2013, 11:16 AM   #58
sachilles
Mouseketeer
 
Join Date: Jan 2013
Location: Waitsfield VT
Posts: 127

Depends a little on their lost property laws. The tech is there. Some states will not allow you to "re-load" a gift card, only issue a new ones (banking regulation hurdle, but most states are coming around on this issue). Honestly, that would be a feature I'd be worried the most about skimmers. If the state does not allow re-loading, you'd either have to issue a new bracelet, or you could conceivably add a removable "charm" for the bracelet with gift card functionality(using mag stripe tech or rfid). Allowing children to be able to freely charge to a room can be an adventure for the parents and the CM helping them decipher. If they allow a credit card backing, and you choose a debit card, you really are asking for some pain if you allow your child to charge to it. Of course that is a parenting issue, rather than a tech issue.
sachilles is offline   Reply With Quote
Old 01-27-2013, 11:24 AM   #59
doconeill


Fastpass Jedi Master
 
doconeill's Avatar
 
Join Date: Feb 2007
Location: Massachusetts
Posts: 16,569

Quote:
Originally Posted by sachilles View Post
Depends a little on their lost property laws. The tech is there. Some states will not allow you to "re-load" a gift card, only issue a new ones (banking regulation hurdle, but most states are coming around on this issue). Honestly, that would be a feature I'd be worried the most about skimmers. If the state does not allow re-loading, you'd either have to issue a new bracelet, or you could conceivably add a removable "charm" for the bracelet with gift card functionality(using mag stripe tech or rfid). Allowing children to be able to freely charge to a room can be an adventure for the parents and the CM helping them decipher. If they allow a credit card backing, and you choose a debit card, you really are asking for some pain if you allow your child to charge to it. Of course that is a parenting issue, rather than a tech issue.
My point is if I can place independent limits on the child charges (like my $20+overage idea), then it shouldn't be an adventure. Especially if they give me the itemized list by name.
__________________
Doc - WDW Untangled - New: Fastpass+ - Rider Switch - MagicBands - ADR Calculator - WDW MYW Ticket Price Calculator
"WDW is the reason more of us should have paid more attention in Math class." - Me
Commissioner, Official DIS Unplugged Fantasy Football League - MK Conf - EC Conf - HS Conf -2013 Champion oc_tony!
4th Annual New England DISMeet for GiveKidsTheWorld - Oct 3-5, 2014 - Plymouth, MA

doconeill is offline   Reply With Quote
Old 01-27-2013, 11:34 AM   #60
lockedoutlogic
DIS Veteran
 
lockedoutlogic's Avatar
 
Join Date: Apr 2007
Location: Joisey
Posts: 3,317

Quote:
Originally Posted by *NikkiBell*
The more and more I think about this, the less likely I want to attach a card to the band. I usually use a debit card and Disney GCs when I go down, but the convenience of the band was luring. I guess I'll find out soon when I head down in a few weeks.
I would suggest that you never use a debit card at WDW...there are too many false charges and mistakes there on any given day to not make it worthwhile...
__________________
Went there.....
Worked there....(Resort Operations)
Wed there....(EPCOT 2004)
Bought there....(SSR 2006)

Last Trip: Too Long Ago
Next Trip: Can i borrow some money to go?
Gift Shop Quality: When did we get to WalMart?
Food Quality: Only the finest free range roast chicken breast and loch dart salmon in the Kingdom


"May the Space Being bless the Free Market"
lockedoutlogic is offline   Reply With Quote
Reply



Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

facebooktwitterpinterestgoogle plusyoutubeDIS Updates
GET OUR DIS UPDATES DELIVERED BY EMAIL



All times are GMT -5. The time now is 11:16 AM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.

Copyright © 1997-2014, Werner Technologies, LLC. All Rights Reserved.

You Rated this Thread: