Ski Industry events and milestones Archives

Are you being Gamed with RFID?

Games are fun. I enjoy family game night at the Ski Pass Defender household and picking a few of the games which we’ve collected over the years. At the end of the night the member of the family with the most wins gets a medal presented by last week’s winner. Participation is strongly encouraged and sometimes incentivized, but not demanded. If a member of the family wants to opt-out of the games they are allowed to do so.

When a person is strong-armed into participating and given no choice they become resentful. But what if they are being manipulated into play the game? The person incentivizing must offer something of value to the gamer. Playing games can be fun and entertaining. But what if you found out that you are being manipulated, gamed? Would you feel so good about it then? Perhaps, or perhaps NOT. What if you found out that you could not opt-out? What if you found out that all your data was compiled, used, sold or traded? Regardless to whether you had access to it or not. Some people care, some don’t. Either way, I believe it should be the gamer’s choice.

This year there will be more than 1000 Resorts using RFID enabled ski passes to access their lifts. The vast majority are basic systems of lift entry that keep user information anonymous. Some include RFID payment systems, which are not anonymous. There is a growing trend of Harvesting and aggregating (non-anonymous) data. Some areas such as the Vail Resorts have incentive and tracking programs such as EpicMix in which you can win digital “pins” as you reach certain achievements. For some people that enhances the ski and ride experience, for many others it makes no difference, and the vast majority don’t even know about it. Yet, whether you know about it or not ALL skiers and riders are being tracked and cataloged around the mountain. And most areas using RFID have some time type of data storage systems for their “gamers”. When getting your pass with your name and info attached to it, check to see which “Resort Partners” will also gain assess to your information. Pay special attention to resorts with affiliations with Insurance companies and Financial Services companies. Your information WILL be aggregated and compiled into a digital dossier. This is no longer just science fiction.

We at Ski Pass Defender saw this trend starting more than 5 years ago. We wanted to enable the skiers and riders to be able to control how much information and access to their payment information accessible via the unsecured technology that is RFID. Simply sliding your pass into the Ski Pass Defender allows you to open your pass for reading or block it so that others cannot access it. It is simple, lightweight, and effective. You can still participate in incentive programs as you wish. Yet have security from skimming, scamming, and scanning of your information.

So as you watch the above videos the trends are toward more Gaming of the people. Once educated, then make informed decisions and maintain control of your personal information.

ESPN article on Ski Pass Defender and RFiD

The word is getting out. ESPN’s Olivia Dwyer wrote a well-balanced article about RFID and the ski industry. With nearly 700 resorts worldwide using RFID in their lift tickets and ski passes, and there is much room for innovation and security issues relating to initial and on-going rollouts of products. Look for 3rd party “resort partner” data sharing arrangements, expanded RFiD networks which go beyond the base of the lifts.

Initial skimming and cloning of an individual’s ski pass can easily be done now. Even a “Web ID” or “Socket Key” used on passes currently offers value to hackers and skimmers. A privacy policy which allows companies to freely share a users/guest data is really no “privacy policy” at all, especially when it allows their 3rd party affiliates to use the information as they see fit. And it is silly for a person to think that a resort will not leverage this information beyond simply mountain operations.

Finally, to the readers of the ESPN article, Ms. Kelly Ladyga’s comments at the end of the article do NOT accurately reflect the dealings between Vail Resorts and me. In true VPof Communications fashion, Ms. Ladyga tries to spin as defamation, rather than what I was told by Breckenridge’s COO – Pat Campbell, ‘Your business conflicts with our on-going RFID initiative, and you must choose to cease your business and work for us after signing a code of conduct agreement, or keep your business and not continue to work for Vail Resorts” But I guess that would not read as well, so they imply that I lied. Shame on you Vail Resorts, and shame on your Machiavellian ways in communicating with the public.

“We cannot comment on any personnel matters,” Ladyga said. “But Vail Resorts will not permit its employees from purposefully [and] publicly spreading inaccurate, false information on the company or its products or activities.”

NOTHING that I have said prior to my decision to not return to Breckenridge for my 18th season, or after have been inaccurate or false.

Enjoy the read. I believe that individuals should have the right to determine what information can be taken and collected on you, especially during your free and recreational time. Just because they frame it as a game and tell you that they have your privacy or best interests in mind, you should be rightfully aware of data collection and its risks to your personal privacy.

RFID in the ski resort industry is inevitable. Its ease of use for the guest and large potential ROI and on-going marketing data for the company make it no-brainer. The easier it is to use, the more guests will use it, the more sales will be made.

Squeezed to read, release to ride technology

Squeezed to read, release to ride technology

Aspen Ski Company announced the new “Resort Charge” feature for their ski passes. We originally caught wind of this in a Computer World December, 2009. This is when we came up for the need of Ski Pass Defender.

This post is not meant to be an indictment of AspenSnowmass, but rather information and call to action for skiers and riders using RFID enabled passes.
Taken from the Aspen Snowmass Website:

RESORT CHARGE – CASH FREE, HASSLE FREE!
NEW THIS SEASON, attach a credit card to your season pass and never carry cash on the mountain again. Use your season pass as you would your credit card at Aspen Skiing Company-operated restaurants* and Four-Mountain Sports/D&E locations. This plus hands-free gate access gives you the ultimate hassle-free experience!

The RFID enabled ski pass will mostly likely have a “Socket Key” code which is a unique ID. It is now also contained on the RF chip laminated within the pass.

Sample Ski Pass of a Socket Key "WebID"

Sample Ski Pass of a Socket Key "WebID"

This number can be cloned, and it just makes sense to shield your RFID information from would be “Skimmers”

This ID code will tell the computer system who you are, and what your privileges include. RF will continue to serve a number of purposes for the ski resorts:

1) Convenience as a RF enabled lift pass

2) Convenience to charge at authorized locations (mainly company operated)

3) Trackable around the mountain (where RF scanners are placed).

Notice that large financial firms do not want to show you about their security measures when tested by an “un-sponsored: 3rd party source:

A ski resort desires is to add convenience, generate profit, and gain adoption of the product. Don’t forget their largest partners. They would like to get a piece of your usage dollars and information as well. American Express, Aspen and Vail Resorts Official Partner, has been well documented for their customer tracking plans. Look for Insurance company partners soon. As more data gets easier to be pulled from you without your knowledge, you now have a way to protect your data accessible when using RFID with a Ski Pass Defender.

Also, passholders should be aware of security concerns with syphoning of data through mobile apps. The apps are free, and they offer function to the user. But until companies disclose what information they take (including GPS info), and who the information gets shared with (Resort Partners & Affiliate partners) we suggests to stay away from those phone apps.

Jonathan Lawson has been an expert in the field of Identity Theft Risk Management since 2005, and a ski professional since 1991.  Mr. Lawson has held dozens of education seminars for minors, adults, seniors, and corporations regarding identity theft and risk mitigation.

 Page 1 of 2  1  2 »