I'm mostly indifferent to the coming RFID gate admission process. Instead of inserting a card, we now wave a card at the gate. Since there's still a fingerprint biometric check, the process shouldn't really save any time (indeed, the lack of turnstiles might mean in fact that more abuse will occur).
Several resort hotels and one theme park (Epcot) will this week start testing not only admission RFID readers, but also "touch to pay" readers. I'm fine with that in concept, but the operational details give me pause. If the total is under $50, there is no signature necessary. That's the same policy they have for credit cards... but take note that credit cards cannot be read at a distance while still in my wallet. RFID cards can. A super-powerful RFID scanner can read your card two feet away, and that worries me quite a bit.
Even if Disney gets up to no shenanigans, a hacker or bad guy certainly will.
So I'm considering, in all seriousness, that I might want to encase my RFID objects in my wallet in aluminum foil. Yes, I'm aware of the jokes about space aliens and mind probes, and I wish I didn't sound quite so looney.
I know they sell RFID-resistant wallets, but you could just wrap your whole wallet. Or wrap the individual RFID objects, such as cards, which is what I will probably do myself.
The potential for abuse is just too great. What will happen once a major news network gets ahold of the first story of abuse?
---
Kevin Yee is the author of numerous independent Disney books, including the popular Walt Disney World Earbook series and Walt Disney World Hidden History.
Disney critic Kevin Yee provides his thoughts on Walt Disney World and the myriad entertainment offerings in Orlando. He can be reached at kevin@ultimateorlando.com
6 comments:
I think the fears of RFID theft through powerful readers is overblown. I have now used RFID credit cards for years, as have many, and one never hears of this. Of course it is a risk, just like there are risks of fraud from online shopping, magnetic stripe readers affixed to ATMs, etc.
Besides, credit card companies usually take the loss from theft or fraud, they and Disney would not implement a technology which had a huge risk of fraud, it just doesn't make any sense.
I agree with Kevin's concerns. In the themes, these RFID's will literally be on just about everyone's wrist. That's a lot of temptation from would be do bad's to turn down. This could be avoided but requiring the PIN code for all purchases, not just about $50.00. If not thing, there is clearly a concern from enough of the population that Disney should do this just to comfort that population and put their concerns at rest.
What happens when it's a wristwatch?
FYI, thieves would also need to hack into and access Disney's database. Without doing so, all a thief can pull from your RFID is a coded string of 1s and 0s. Therefore, the greatest threat in the RFID era is the same as the credit card era: a thief working at a restaurant/bar who has access to your info while you can't see it.
The most important thing to do is to (a) watch your credit card balance like a hawk and (b) think twice about using debit cards tied directly to your bank. Good advice whether you have RFID tech or not!
^ Agree, but the difference is that anyone can steal the 1s and 0s now, since RFID can be read while still in my pocket.
And they don't need Disney's database; they can just spoof my 1s and 0s onto their own card and spend wildly as if they were me. Since there is no PIN code needed for purchases under $50, I imagine this will be easy to do.
My Security company has been using RFID cards for years. Disney appears to be using the Contact RFID cards for payment options and entrance. This means you actually have to touch the scanner before any activation might occur.
Post a Comment