Data Security Using RFID Bands At Music Festivals

The radio frequency identification or RFID is the new technological method for quick identification of the user, especially if used for public events like music festivals. It makes data management easier, so that information about the attendees is managed technically by capturing data from scanners and transmitting it to the computer without the user's physical contact. This paper is about managing adult attendees at music festivals whose information would be stored in RFID wrist bands linked to their Twitter, Facebook, and credit/debit bank cards. The following sections would probe into its compliance issues and the related regulations that would impact the planned implementation.
Analysis
Description of the Chosen Use Case
RFID wrist bands would be used for managing adult attendees at a music festival at a hotel where bands would be linked to their Twitter and Facebook accounts and their bank credit/debit cards so that the buying of eatables is made hassle-free. There are various benefits to using this technology at large scale events since getting the attendees' entries is made quickly, which can be scanning 20 people per minute at the gate (Event Tribe, n.a.). The technology also gives an idea of how foot traffic at the event is taking place, which sections are popular, and which ones cannot attract any attendees. Unlike the traditional ticketing method, RFID bands would have a unique identification system linked with his social media profiles, thus, making it impossible for fraud and duplication. Taking out wallets from their pockets from time to time and paying for drinks and good would be trouble, but with RFID, there would be one simple tap, and buying would be done in a cashless manner.
There are chances that industry revenues increase with improved customer experience as time reduction and standing in line are eliminated from all the processes at the event and integration of social media activities with the attendees' check-in function, enabling the event's enhanced promotion value-added marketing potential.
Description of Five or More Types of Personal/Private Information Data That Will Be Collected, Stored, Processed With the Use Case
The type of data collected and stored on the RFID wrist bands would be attendees' Facebook and Twitter accounts and bank credit/debit cards. The name, address, credit card authorization, and identification information would be stored on the RFID bands so that when a purchase is made at the hotel, the information is quickly accessed with a beep of the band on the scanner, and waiting in lines would be eradicated from the process. The wrist bands are secured with a unique key to unlock the user profiles, such as social media profiles, that have an added benefit to be linked with the wristbands since the event's promotion would be done on the user's social media pages automatically when they mention in their check-ins. The identity cannot be stolen at RFID-enabled festivals since the transactions made with credit/debit cards are integrated within the computer system only accessed by the event organizers; the data sharing is optional as the third party cannot retrieve the user's data (Kacicki, 2019).
With the use of RFID bands, the wearers' moving would be assessed and how they interact with the event. Optimizing the experience for the attendees would be critical to determine busy periods, queue times, and popular areas within the event place (ID&C, n.a.).
Compliance Issues Related to the RFID Bands Usage to Make and Track Mobile Purchases
The federal communications commission has generated some compliance policies for the use of RFID since these devices exhibit radio waves, which should be kept confidential under "intentional radiators" (Quirk & Borrello, 2005). There should be a certification process for mobile phones' purchase through RFID since the buyer's data would be linked to these devices, which might be used by cyber hackers and used for cybercrimes. The certification must comply with the legalization of personal information about the buying and purchasing party and an analysis that shows device compliance with FCC regulations.
The compliance issue should also be gauged based on different frequencies that RFID bands exhibit and how they operate. The spread spectrum technique should be assessed thoroughly so that the information is not leaked when a mobile purchase is made. According to the FCC guidelines, RFID use compliance applies solely to the manufacturers of RFID devices. Also, compliance is applied to the amendment of unlicensed devices, and if a mobile purchase is made through one of those, then legal actions have to be taken.
Analyze of Privacy and Security Issues Related To Use Case
There are several security threats with the use of RFID-enabled technology at any event since cybercrimes are on the rise with the advent of technology. Threats can be classified as sniffing, spoofing, cloning, replay, relay, and denial of service attacks (Williamson et al., 2013). Sniffing or eavesdropping is identified as unauthorized RFID tag access when the illegal reader can access the RFID user's private and confidential information. Spoofing is when secret scanning is done without the user's permission to validate it but internally copying the user's tag ID. The replay attacks are when the user's tag responds to the illegal reader's impersonation. The relay attacks are similar, but they authenticate the user's information from the valid tag. The denial of service attacks could be detected at any stage of the RFID process, especially when the attendee enters the event or tries to buy food from hotel shops and experiences removing RFID tag by probable swapping or replacement of lower-cost tags.
Identification of Relevant Laws which Could Impact the Planned Implementation
There are certain government rules and standards that need to be kept in mind before implementing RFID use at the music event. The laws are as follows:
· The RFID wrist bands should be allowed with the consent of the event users and their knowledge of sharing their data, such as social media profiles, pictures taken at the event, and credit/debit card data. The understanding should be based on the entire RFID process and not just the initiation (OECD, 2008).
· The event participants should analyze from time to time to measure any security risks and conduct a privacy impact assessment.
· The design and operation proficiency of RFID systems should be repeatedly and properly checked before implementing any possible bugs so that timely security and protection measures should be taken for the attendees' safety.
Recommendations
Some strategies should be contemplated for attendees' safety and smooth operations at the event to reduce and manage risks associated with RFID data's security and privacy. The recommendations are as follows:
· People: The users can secure their RFID bands with single password protection that hinders the illegal users from accessing the tag and the encrypted personal details inside.
· Processes: Firewalls can be installed in the RFID databases to access the user's data is made impossible. The use of encryption on RFUD signals and the definition of the range where RFID can be used should be determined precisely so that anyone illegal outside that range should not be able to access it.
· Policies: Policies play an integral part in ensuring attendees' safety, and for that, hotel management and the event organizers should be strictly prohibited from sharing any personal data of the users, including their social media profiles or bank account details, to any third party outside the event. Cyberstalkers can use a piece of social media information for blackmailing or hacking and can damage a person's life by infiltrating within his bank details and other relevant evidence.
· Technologies: Two categories of technological countermeasures can be implemented- cryptographic and non-cryptographic systems (Williamson et al., 2013). The cryptographic system is expensive but gives better safety chances when the tag functions in a locked or unlocked manner for the user's data protection. A key identification is generated, which is checked by the reader on the database; if the data corresponds, then the key unlocks allows full retrieval of the user's data. With non-cryptographic systems, rag killing is put to use, which is better for reducing security costs. The kill command is built within the tag so that when the user sends the code to make it ineffectual at the point of sale. Another security method is the utilization of tags that have read-writable memory.
· In case the wrist band is stolen or lost, the RFID function can be deactivated immediately so that unlawful use can be deterred. The linked accounts can be made invisible for any other user, and the event staff can be informed of taking further actions.
Closing Summary
RFID is undoubtedly an emerging and time-saving technology capable of handling user data for music festivals on a large scale. Security concerns have to be handled following the government rules and regulations to guarantee attendees' safety. Recommendations for this would include precautions in terms of people, processes, policies, and technologies. The attendees should secure their wristbands with passwords, firewalls should be installed for avoiding any potential cyber breach, hotel and event management policies should inhibit the staff from sharing personal user data to any third party, and technological countermeasures should be used for better protection and security of the overall event and its participants.
References
Event Tribe. (n.a.). The top 10 benefits of using RFID for events. Retrieved from https://www.eventbrite.com/blog/academy/the-top-10-benefits-of-using-rfid-for-events/
ID&C. (n.a.). How to RFID wristbands work? Retrieved from https://www.idcband.com/blog/how-do-rfid-wristbands-work/
Kacicki, T. (2019, July 15). 4 commonly overlooked facts about RFID wristbands. Intellitix. Retrieved from https://intellitix.com/hub/four-commonly-overlooked-facts-rfid
OECD. (2008). OECD policy guideline on RFID. https://www.oecd.org/sti/ieconomy/40892347.pdf
Quirk, R.E. & Borrello, S.J. (2005). RFID: Rapid deployment and regulatory challenges. Retrieved from https://www.pharmamanufacturing.com/assets/Media/MediaManager/VenableRFIDpaper.pdf?SESSID=62935cf41f5a19909f5bb3ae3a598490
Williamson, A., Tsay, L., Kateeb, I.A. & Burton, L. (2013). Solutions for RFID smart tagged card security vulnerabilities. AASRI Procedia, 4, 282-287. DOI: 10.1016/j.aasri.2013.10.042