Tuesday, December 11, 2012

Touch-to-pay RFID - time for tinfoil wallets?

I'm mostly indifferent to the coming RFID gate admission process. Instead of inserting a card, we now wave a card at the gate. Since there's still a fingerprint biometric check, the process shouldn't really save any time (indeed, the lack of turnstiles might mean in fact that more abuse will occur). 

Several resort hotels and one theme park (Epcot) will this week start testing not only admission RFID readers, but also "touch to pay" readers. I'm fine with that in concept, but the operational details give me pause. If the total is under $50, there is no signature necessary. That's the same policy they have for credit cards... but take note that credit cards cannot be read at a distance while still in my wallet. RFID cards can. A super-powerful RFID scanner can read your card two feet away, and that worries me quite a bit.

Even if Disney gets up to no shenanigans, a hacker or bad guy certainly will.

So I'm considering, in all seriousness, that I might want to encase my RFID objects in my wallet in aluminum foil. Yes, I'm aware of the jokes about space aliens and mind probes, and I wish I didn't sound quite so looney.

I know they sell RFID-resistant wallets, but you could just wrap your whole wallet. Or wrap the individual RFID objects, such as cards, which is what I will probably do myself.

The potential for abuse is just too great. What will happen once a major news network gets ahold of the first story of abuse?

Kevin Yee is the author of numerous independent Disney books, including the popular Walt Disney World Earbook series and Walt Disney World Hidden History.