Cedar Fair testing RFID wristbands for payment

I just clicked on the link to read this thread and the Feds kicked my door in.

I was going to try to help you, but I got trapped in all of this red tape.

They're on to our underground RFID ring. I'm trying to hold out, but they want me to talk.

I think I'll pin it all on Cedar Fair.

I'm only typing right now because I can't talk with this feeding tube in my mouth.

There's plenty of legal things that are stupid. And yes, not doing something because its hard is a reason not to do something. When it eats up huge amounts of time and focus (the waterpark cedar fair just sold) it becomes worthless because the effort you put in isnt worth what you get out. I'm saying the laws are numerous, complex, and varied from state to state. You litterly have to hire lawyers to make sure you are compliant. It isn't illegal if you're verifying with lawyers, but why go though that trouble for so little reward? Again, read the laws that exist and the ones that are in the process of getting approved.

Edited to add: This is getting dumb. Repeat: I worked in the legal department, we looked into RFID, I'm repeating the findings. The execs and lawyers determined the rules are overly prohibitive.

Those laws affect the transmission of personal data and information. This is nothing more than a tag with its own unique ID that gets run past a scanner. It has way more in common with the RFID anti-theft tags at your local Best Buy/WalMart/Shopping mall than it does with credit card transactions.

The credit card process won't be anything different than it is now - the central checkout location will bill all of the charges at the end of the day. Nothing gets broadcast via RFID, nothing is received via RFID.

You keep going on about "the laws" but I don't think they mean what you think they mean.

You litterly have to hire lawyers to make sure you are compliant.

Litterly? Well, yes, then I can see where the cost of garbage collection could waylay the implementation.

If you meant literally, then it's no worry. Most people hire virtual lawyers these days.

^^^What he said.

Plenty of companies have found ways to effectively use RFID to enhance their customer's convenience (and, of course, separate those customers from more of their money, since it's easier to spend more money when you don't have to hand over the actual bills from your wallet).

>>>>I mean, what Raven said. Carrie snuck in while I was typing

Raven-Phile said:
The credit card process won't be anything different than it is now - the central checkout location will bill all of the charges at the end of the day. Nothing gets broadcast via RFID.

Yes, exactly. But that standard has to be continuely verified and maintained. The department of homeland security has to verify and licence you in several states. The FTC oversees this as well. Customers will have to provide multiple forms of ID and sign extended contracts in other places. It's unbelievable, read it. You do not want to get caught up in that.

I'm honestly lost. What exactly is so insanely legislated that it's not worth it for businesses to do?

And why are we even speculating when Cedar Fair & Disney are using RFID wristbands for payment as we speak?

Customers of Gurnee's Key Lime Cove, Walt Disney World or Royal Caribbean cruise lines don't currently have to provide multiple forms of ID and sign extended contracts.

Which is something, if they're already processing credit card transactions, they are already doing. I fail to see the problem.

And I'm calling shenanigans on the "multiple forms of ID" - have you ever stayed at a hotel in which you can bill things back to your room? If you don't have a room key, you show them ID - in this case, you've shown ID to get a wrist band which is strapped to your wrist with adhesive and not coming off unless it's cut or ripped, in which case, it's unusable anyway. Short of a wristband being applied too loosely and allowed to slip off, or having your arm cut off by an identity thief, I'd say this is entirely safe.

Hell, I'd go so far to say it's probably safer than accepting credit cards at multiple locations in park - the transaction information has more chances to be intercepted if you're charging all over, but if it goes out in one, encrypted batch at night, it's a bit more difficult.

Edit: Gonch and the 'Noggin got in before me, but we're all on the same page, anyway.

Lord Gonchar said: And why are we even speculating when Cedar Fair & Disney are using RFID wristbands for payment as we speak?

I don't know. Are they litterly using them? Because I think that's when things get really serious.

RFID law is overly regulated in some of the states cedar fair operates in. I'm referring to anything that isn't prepaid. The worst states to try and do this in would be michigan and Minnesota. Missouri also in the near future. Because it is different depending where you are it can be fine in some areas, but you can't utilize the exact same program nationally depending on the rules. It's not illegal anywhere using coding, but dealing with licensing stuff would not be fun.

Carrie J. said:

I don't know. Are they litterly using them? Because I think that's when things get really serious.

That depends on what the litteral definition of litterly is, I suppose.

http://gizmodo.com/googles-definition-of-literally-is-not-the-literal-def-1143090535

913girl said:

RFID law is overly regulated in some of the states cedar fair operates in. I'm referring to anything that isn't prepaid. The worst states to try and do this in would be michigan and Minnesota. Missouri also in the near future.

That may be true, but why would Cedar Fair be trying this on a test basis and why would Ouimet be saying (per the article) that it's been a huge success and he expects it to roll out to other parks?

And even if by "other parks" he means parks not in Michigan and Minnesota - so what?

The point is, this is working for them.

Again, I'm not sure what the argument is beyond, "In some states it's a pain in the ass to do this."

Ok. Point taken. Still looks like Cedar Fair feels that it's worthy to move ahead with this one.

I still don't event think it's a pain in the ass to do this - the RFID system and the credit card charging system are 100% independent of each other, save for the RFID-enabled POS system sending a dollar amount back to the server which will batch process the transactions at the end of the night.

This is COMPLETELY different from RFID-based chips that they tried to implement in those pay-wave and/or touch-to-pay cards. Notice that technology flopped rather quickly. I'm assuming it's due to many of the reasons that were listed, because that is a direct credit card transaction, and that information was easy to obtain using an RFID scanning device.

Having an independent system is very similar to that of a restaurant paging system, but in reverse. You're given a device, that's got an ID number assigned to it. Anything you "charge" on that device is stored under than device ID in a database, and is billed to you at the end of the day. There's no difference there than if you went in and paid cash after you were done - it's a one time transaction, done at the close of business.

I don't see how that's so hard to comprehend.

RFID as a payment isn't going to be any different than NFC as a payment or, you know, iTunes accounts as a payment, or even Google Wallet. The government is not regulating this.

I'll see your legal department job and raise you an I don't think you know what you're talking about, and Cedar Fair obviously does or they wouldn't be testing this.

Those of us who work in technology and IT/security seem to have a grasp on it, too. I don't get why everyone's so afraid of technology. I think it's pretty awesome.