November 8th, 2013

Disney Upgrades Their IT

Prepare for Three Letter Acronyms (TLA); I’ve got a bunch of them.

NFC = Near Field Communication
RFID = Radio Frequency Identification
POS = Point of Sale
EMV = EuroPay, MasterCard and Visa

My Seattle readers are probably familiar with ORCA (One Regional Card for All), an RFID transit card. You don’t need to swipe it or insert it into anything to use it; you just need it to get Close Enough to the reader (so if you keep your ORCA in your back pocket, wiggling your butt at the reader should get you through). In the Boston area, the Charlie Card works the same way. This is “near field communication”.

A variety of people who do payments technology have been talking up NFC payment systems for a while. The general idea is that we’re all carrying around smart phones and wouldn’t it be nice if that’s _all_ we had to carry around. The phone could be our ID and our payment system and maybe even open doors for us. Lots of keycards, in hotels and jobsites, have been RFID based for a really long time now. If you’ve ever held your wallet up to a door to get in, without taking the card out, you’ve used an NFC system, probably RFID based. The idea behind a cellphone based system is you could embed extremely hack-resistent hardware in the phone as part of the security on the payment (“secure element”). However, this has not taken off, and alternative cellphone based payment systems that do not require a “secure element” are probably at least as widely used currently (Apple’s Passport system and similar systems that generate QR codes).

In Europe, chip-and-pin cards which must be left within a point of sale system to complete a transaction have been common for around ten years; support for chip and pin (EMV) is required in the US Sometime Soon. Retailers which do not support chip and pin (mostly the PIN part), and which have fraud associated with cards that would have required the PIN will take on greater liability. As a result, virtually all new POS systems purchased and deployed in recent years have included some support for EMV. They have also included some support for NFC.

Cash, and some “stored value” vouchers and cards, have inherent value: if you lose them, the value is lost. But almost everything else is just a token representing an account with a balance, and as long as you retain the number, you can usually recover the value in that account (altho the number may be changed to limit the ability of a thief or finder to extract value from that account).

Disney’s major IT upgrade has been reported in several different ways. The Disney Fan Base thinks of it as a new FastPass system. The RFID wristband and associated account is used to pre-reserve up to three rides per day in a single park (some additional constraints may also be present, such as only 1 premium ride reservation in a day). Currently, this is in addition to the existing FastPass system. The same wristband is used to enter the park, along with a biometric for adults (typically the right index fingerprint). It is also used as a room key for those staying on property, and can be used to charge food, drink, souvenirs and so forth to the room (there’s a limit, and you can set a PIN for charging. There may also be support for per-user PINs if there are multiple people in a room, and you may be able to adjust the spending limit on a per user basis, if you want to let your teenager roam around without spending all of your money). The band can also be attached to the Disney Dining Plan. Because rooms (whether reserved through DVC or for cash) are pre-paid, and because the DDP is pre-paid, the account associated with the wristband is mostly a system for accessing something which has already been paid for. The only exception is the room charging facility, and in order to use this you must have previously supplied payment information. The wristband is also used to access your Disney Magical Express voucher to travel by motorcoach to and from WDW and MCO.

The “guts” of the wristband are essentially the same as the ORCA (accounts suggest _exactly_ the same chipset, the NXP MIFARE DESFIRE EV1). It has good encryption. Even if you cloned one, it’s not obvious what good that would do you. Disney will clone it _for_ you so you have a spare in case you lose one. For most purposes, you need a PIN. In any event, Disney would probably notice if you are wandering around accessing RFIDs -- much less if you start deploying a whole bunch of different ones yourself. There are cameras everywhere. Disney owns several levels of local law enforcement and they run the jail. Seriously. Don’t worry about this; there’s no personal data stored on it, only tokens. If someone figures out a way to spend your stuff, just complain and Disney will fix it.

There is a website and a mobile app to help you manage your account. With it, you can link and unlink Annual Passes, Park Tickets, ADRs, other people’s accounts, reserve and change Fast Passes, and create a schedule of things you would like to remember to do. It also supplies helpful information such as park opening and closing times, scheduled events, line wait times and so forth.

My experience was that in general, the wrist band not only speeded me through lines; the wide deployment of the bands (still only to people staying on property, AFAIK) has sped up lines in general. Where once the long part of the line was before paying at counter service, now the long part occurs after payment while waiting for food. I expect to see increased automation behind the counter (maybe things like what McDonald’s has done with drink automation) to help speed behind-the-counter up now that the bottleneck has moved. It is also much easier to buy merchandise impulsively. I used to take a look at the payment line and talk my daughter into waiting to buy things until later; now I just buy her whatever the hell she wants. That has got to add up for Disney.

I also spent a lot less time managing paper and physical tokens like PhotoPass cards. The all you can eat ride photo cards are still physical cards, as are the cards at Belle’s Story Telling Adventure, but that may change. The photographers throughout the park, including the Princess Meet and Greet photographers all have RFID scanners so you no longer need to maintain a PhotoPass for those. Because this attaches to your customer account, you kind of can’t lose the information, which is a huge Win.

The biggest problems we encountered involved managing FastPass+ for people who had not set up their own accounts. I created subaccounts, and transferring a subaccount for my niece to her father turned out to … not be possible. And significantly difficult to debug. The lesson here is straightforward: make sure you have set up your Disney Experience account (you probably already have one if you have ever set up a Theme Parks website account) ahead of time and bug other adult members of your party to do the same. Make sure kids are attached to the person who will be touring with them, or link the adults who might be involved to each other with full permission to manage each others accounts.

Transit systems with RFID/NFC systems are not that uncommon (Charlie Card, ORCA, etc.), and generally they are operating on the same chipset as the Magic Bands. NXP has a history of improving their chips while maintaining a substantial amount of backwards compatibility, so Disney has chosen proven technology with a view to using it for a long while (I expect them to get about a decade out of this system). I was not that impressed by NFC payment systems prior to this trip. It’s kind of nice to not have to dig a card out of my wallet, but I still have to carry the wallet. With the wristband, I could go down to the pool and get back into the room (well, I did lose one band in the pool, but we got it back). More importantly, I didn’t have to dig out a card or even a wallet to pay for anything -- it made getting popcorn and a bottle of water surprisingly painless, and getting on DME positively friction free. I spent absolutely no cash whatsoever, and used a credit card only three times (sitdown meals for 12, twice, and one date night for my husband and me at Citrico’s). I am now a huge fan, and desperately want a programmable SmartWatch that I can use to clone whatever NFC payment system I get from anywhere else. I want to pay for everything with something on my wrist, altho managing all those PINs is going to truly suck. I guess that’s what LastPass is for. My husband thinks the wristband form factor was the result of Disney trying to reduce payment token loss by the heedless and/or exhausted (kids, mostly, but after you’ve seen the third iPhone dropped on a ride, honestly, everyone). I want to know if they considered implanting the damn thing.

We really enjoy going to WDW, because once you get off the plane, everything runs pretty smooth: you don’t have to rent a car, you don’t need booster seats or car seats for the kids, you don’t have to drive to and from anywhere, and you just need one thing to access everything you have paid for. The wristband and associated mobile app have been an enormous improvement even over the existing service; it is starting to feel like an “all-inclusive”, while retaining the wide range of experience and flexibility characteristic of Disney.

Disney has spent their money wisely, layering this wonderful system on top of their legacy customer databases (and it’s real clear it is a layer on top of existing systems, which can lead to delays in accessing some features). They have made it a lot easier for their employees to provide customer service, and they’ve made it easier for customers to figure things out on their own. Reviews of this system which focus exclusively on the ride reservation aspect are wildly misleading about where this system helps Disney by helping their customers have a better experience.

Where NFC payment systems might go from here

Prior to experiencing WDW's Magic Band system, I was not a fan of NFC payment systems. I now find myself bizarrely evangelical. Whether you get into a Disney park on a band or with a card, you are using NFC/RFID. While the room charge feature is obviously only available to people staying on property, this isn't anything obvious stopping Disney from asking anyone entering the park to supply payment information, as a way of letting everyone charge things to their band. This would essentially reproduce the online payment model (stored default payment method, whether on PayPal or Amazon or whatever) in the Real World. As a side benefit, it would allow Disney to deploy EMV systems ONLY at the gate, rather then at every single kiosk in the park. If they took this idea to its logical conclusion, they could even remove cash completely from the park; you could "load" your account (not your band -- the band is just a token to access what is in your account) with folding green stuff if you wanted to, but only at specified locations, rather than, again, every single kiosk in the park. Folding green stuff and coins have significant costs and risks; eliminating them would be a big deal. If Disney could roll up _everyone's_ scattered charges throughout the day to one bigger charge at the end of the day (a la the iTunes model, where if you buy several things over the course of a day, it bundles them up in increments of around $10), it could save on interchange fees.

It's less clear how NFC could be deployed more generally. Obviously, any institution (hospital, university, large corporation) which serves enough people consistently will be motivated, over time, to deploy this kind of system. And it's not hard to imagine chains like Starbucks, Dunkin Donuts or McDonalds which already offer reloadable store cards and associated mobile apps going down a similar path. The ability to offer non-cash payments without the massive fees associated with small charges is compelling for large chains.

These kinds of systems have the potential to push the world even further in the direction of chain standardization. The single-shop and small chain is going to be a tougher nut to crack.

And while it's easy to wear the Disney band on vacation, I don't want to have a whole bunch of bands. If NFC payment takes off, it's either going to be cards in a wallet (since we all do that anyway), or we'll need a device flexible enough to represent all the different NFC standards.

Cue paranoia about people stealing your data or stalking you -- then think about how amazing it would be to never have to worry about misplacing your kid on vacation again. Not to mention how fabulous it would be to lose your payment media, be able to turn it off within five seconds, and activate a new payment form a few minutes after that.

ETA: A humorous opinion piece on NFC and SmartWatches:

http://www.techradar.com/us/news/world-of-tech/your-laziness-will-force-nfc-onto-apple-watch-1143721