Protect your RFID ski pass.

The Ski Pass Defender protects your RFID ski pass from being scanned, read or skimmed, until you want to get on the lift.

New ski passes and lift tickets contain tiny two way radios called RFID chips. RFID Readers can access your personal information and track your movements.

  • Protect your personal information
  • Prevent card readers from tracking you
  • Patented easy to use Squeeze to Read Technology
 

ESPN article on Ski Pass Defender and RFiD

The word is getting out. ESPN’s Olivia Dwyer wrote a well-balanced article about RFID and the ski industry. With nearly 700 resorts worldwide using RFID in their lift tickets and ski passes, and there is much room for innovation and security issues relating to initial and on-going rollouts of products. Look for 3rd party “resort partner” data sharing arrangements, expanded RFiD networks which go beyond the base of the lifts.

Initial skimming and cloning of an individual’s ski pass can easily be done now. Even a “Web ID” or “Socket Key” used on passes currently offers value to hackers and skimmers. A privacy policy which allows companies to freely share a users/guest data is really no “privacy policy” at all, especially when it allows their 3rd party affiliates to use the information as they see fit. And it is silly for a person to think that a resort will not leverage this information beyond simply mountain operations.

Finally, to the readers of the ESPN article, Ms. Kelly Ladyga’s comments at the end of the article do NOT accurately reflect the dealings between Vail Resorts and me. In true VPof Communications fashion, Ms. Ladyga tries to spin as defamation, rather than what I was told by Breckenridge’s COO – Pat Campbell, ‘Your business conflicts with our on-going RFID initiative, and you must choose to cease your business and work for us after signing a code of conduct agreement, or keep your business and not continue to work for Vail Resorts” But I guess that would not read as well, so they imply that I lied. Shame on you Vail Resorts, and shame on your Machiavellian ways in communicating with the public.

“We cannot comment on any personnel matters,” Ladyga said. “But Vail Resorts will not permit its employees from purposefully [and] publicly spreading inaccurate, false information on the company or its products or activities.”

NOTHING that I have said prior to my decision to not return to Breckenridge for my 18th season, or after have been inaccurate or false.

Enjoy the read. I believe that individuals should have the right to determine what information can be taken and collected on you, especially during your free and recreational time. Just because they frame it as a game and tell you that they have your privacy or best interests in mind, you should be rightfully aware of data collection and its risks to your personal privacy.

Your information is valuable. And even if a company has a “Privacy Policy”, what is actually private? Many people are amazed to discover that a privacy policy just details how a company WILL share your data with its affiliates.

Some enjoy the mountains for the freedom they provide

Some enjoy the mountains for the freedom they provide

Skiers and riders have discretionary income and discretionary leisure time. Those two assets are extremely valuable to marketers. However, many people I have spoken with regard to tracking and data collection seem to have little knowledge about the subject. Many people think, “Who would want to know about me?”, and “I don’t care if they know about me or not. I don’t have anything to hide.”

The fact is there are data mining companies, and departments of corporations who piece together data from a number of different sources so that they can better market to you. They also supply data to those who use it to account for your likes, dislikes, activities, and habits.

The direct marketing may be welcomed by some, but also be a nuisance to many. And it can be costly to some. It is a common practice for corporations who generate this data to “share” it with their affiliates as outlined in their privacy policies. And these affiliates can then share it or sell it to their affiliates or other companies who can aggregate the data. And the sharing continues.

Raw skier usage data to marketing knowledge

Raw skier usage data to marketing knowledge

In fact, there is little that is private about your “private” data. If one of these affiliates happens to be my medical or life insurance company, I would prefer not to have them make judgments about my skiing of black and double black diamond runs all day long. An actuary’s calculations would show that my risk for injury increases, thereby my medical or life insurance could increase. I am sure the insurance company would like to know this information to assist in setting my premiums. This is an unintended, but very real use of data mining on the mountain.
It is only a matter of time until we see RFID or GPS (phone apps) speed zones created on the mountain, there may be other unintended consequences with offering data through affiliate partners. Which company or industry many gain benefit from knowing that I like to go faster than the average skier on the mountain?

I prefer to shield my data with a Ski Pass Defender. I can use my pass as a ski pass when boarding a base lift. I don’t need to share my whereabouts or personal pass information if I choose not to. A number of handheld devices are being created to read RFID from ID cards and passes. And with more than 700 ski areas worldwide using RFID, there will be many different versions of privacy policies, affiliate relationships, and a significant potential for data breach.
Easy Squeeze to Read technology. Allows the pass to read through clothing

Easy Squeeze to Read technology. Allows the pass to read through clothing

ACTUAL PRIVACY POLICY

Here is an actual section of a major resort’s “Privacy Policy” which states how data is shared with 3rd parties.  Did you read this when you bought your pass? This is considered an “Automatic Opt-In”, and it requires you to know that you need to opt-out.

Third-Party Relationships

In order to optimize your experience on our sites, THE RESORT maintains relationships with many corporate partners and service providers throughout the world. If you have any questions about whether certain information, content or services pertain to us, or are provided by one of our partners, please contact us at XYZ.com  (commentsatvailresortsdotcom)  .

Whenever you provide registration information on certain Web pages or for certain services provided in conjunction with third party partners, we want to be clear that some data you provide is shared with partners. For instance, certain information is shared with ZZZ.com, our provider of online reservation service. You should make every effort to read the privacy policies provided by or in association with such third parties, and make an informed decision on your own whether or not to continue utilizing the services based upon the privacy policies posted on these Web pages, at your own discretion. However, we will make every effort to ensure that you have the ability to opt-out of the sharing of such data with partners.

Security

XYZ company operates secure data networks protected by industry standard firewall and password protection. XYZ corp has security measures in place to attempt to protect against the loss, misuse and alteration of your user data under our control. While we cannot guarantee that loss, misuse or alteration to data will not occur, we make every reasonable effort to prevent such unfortunate occurrences.

With regard to taking time by trying to protect your information by shielding RFID passes, Breckenridge spokeswoman Kristen Petitt says there is little point.

“We’ve been tracking people and collecting information about them anyway for years,” she said with a wry smile. “With EpicMix, we just finally let you see that information.”

My intention with this post is to let the reader know how important it is to understand you right to protect your information that is collected by companies. Information can help companies better serve you, although there is information that you do not need to share. It should be your choice to opt-in or opt-out.

Jonathan Lawson has been an expert in the field of Identity Theft Risk Management since 2005, and a ski professional since 1991.  Mr. Lawson has held dozens of education seminars for minors, adults, seniors, and corporations regarding identity theft and risk mitigation.

RFID in the ski resort industry is inevitable. Its ease of use for the guest and large potential ROI and on-going marketing data for the company make it no-brainer. The easier it is to use, the more guests will use it, the more sales will be made.

Squeezed to read, release to ride technology

Squeezed to read, release to ride technology

Aspen Ski Company announced the new “Resort Charge” feature for their ski passes. We originally caught wind of this in a Computer World December, 2009. This is when we came up for the need of Ski Pass Defender.

This post is not meant to be an indictment of AspenSnowmass, but rather information and call to action for skiers and riders using RFID enabled passes.
Taken from the Aspen Snowmass Website:

RESORT CHARGE – CASH FREE, HASSLE FREE!
NEW THIS SEASON, attach a credit card to your season pass and never carry cash on the mountain again. Use your season pass as you would your credit card at Aspen Skiing Company-operated restaurants* and Four-Mountain Sports/D&E locations. This plus hands-free gate access gives you the ultimate hassle-free experience!

The RFID enabled ski pass will mostly likely have a “Socket Key” code which is a unique ID. It is now also contained on the RF chip laminated within the pass.

Sample Ski Pass of a Socket Key "WebID"

Sample Ski Pass of a Socket Key "WebID"

This number can be cloned, and it just makes sense to shield your RFID information from would be “Skimmers”

This ID code will tell the computer system who you are, and what your privileges include. RF will continue to serve a number of purposes for the ski resorts:

1) Convenience as a RF enabled lift pass

2) Convenience to charge at authorized locations (mainly company operated)

3) Trackable around the mountain (where RF scanners are placed).

Notice that large financial firms do not want to show you about their security measures when tested by an “un-sponsored: 3rd party source:

A ski resort desires is to add convenience, generate profit, and gain adoption of the product. Don’t forget their largest partners. They would like to get a piece of your usage dollars and information as well. American Express, Aspen and Vail Resorts Official Partner, has been well documented for their customer tracking plans. Look for Insurance company partners soon. As more data gets easier to be pulled from you without your knowledge, you now have a way to protect your data accessible when using RFID with a Ski Pass Defender.

Also, passholders should be aware of security concerns with syphoning of data through mobile apps. The apps are free, and they offer function to the user. But until companies disclose what information they take (including GPS info), and who the information gets shared with (Resort Partners & Affiliate partners) we suggests to stay away from those phone apps.

Jonathan Lawson has been an expert in the field of Identity Theft Risk Management since 2005, and a ski professional since 1991.  Mr. Lawson has held dozens of education seminars for minors, adults, seniors, and corporations regarding identity theft and risk mitigation.

 Page 2 of 6 « 1  2  3  4  5 » ...  Last »