This paper analyzes the use of RFID wristband technology for managing adult attendees at music festivals, with a focus on privacy, security, and regulatory compliance. It describes a use case in which wristbands are linked to attendees' social media accounts and payment cards to streamline entry, purchases, and event promotion. The paper identifies the types of personal data collected, examines compliance obligations under FCC guidelines, and catalogues security threats such as sniffing, spoofing, and relay attacks. It also reviews relevant laws and OECD policy guidelines. The paper concludes with practical recommendations organized around people, processes, policies, and technologies to protect attendee data and ensure safe event operations.
Radio frequency identification (RFID) is an emerging technological method for the quick identification of users, particularly well-suited to large public events such as music festivals. It simplifies data management by capturing information from scanners and transmitting it to a computer system without requiring physical contact from the user. This paper examines the use of RFID wristbands for managing adult attendees at music festivals, where the bands would be linked to attendees' Twitter and Facebook accounts as well as their credit and debit bank cards. The following sections probe compliance issues and the relevant regulations that would affect the planned implementation.
RFID wristbands would be used to manage adult attendees at a music festival held at a hotel venue. The bands would be linked to attendees' Twitter and Facebook accounts and their bank credit and debit cards, making the purchase of food and beverages hassle-free. There are various benefits to deploying this technology at large-scale events: entry processing is accelerated, with the capability of scanning approximately 20 people per minute at the gate (Event Tribe, n.d.). The technology also provides insight into foot traffic — which sections of the venue are popular and which fail to attract attendees.
Unlike traditional ticketing methods, RFID bands offer a unique identification system linked to each attendee's social media profiles, making fraud and duplication virtually impossible. Rather than repeatedly retrieving a wallet to pay for drinks or food, attendees need only a single tap to complete a cashless transaction. There are also commercial benefits: industry revenues may increase through improved customer experience, as time spent waiting in queues is eliminated. Integration of social media activity with the attendees' check-in function further enhances the event's promotional value and marketing potential.
The data collected and stored on the RFID wristbands would include attendees' Facebook and Twitter account information and their bank credit and debit card details. Name, address, credit card authorization data, and identification information would all be stored on the bands, allowing purchases at hotel vendors to be completed with a simple scan — eliminating waiting in lines entirely. The wristbands are secured with a unique key to unlock individual user profiles. The social media linking provides an added benefit: event promotion is carried out automatically on attendees' social media pages when check-ins are registered. Because transactions made with credit and debit cards are processed within a closed computer system accessible only to event organizers, identity theft is substantially mitigated; data sharing with third parties remains optional (Kacicki, 2019).
Beyond payments and social media, the RFID bands also enable passive behavioral data collection. Wearers' movements through the venue are tracked to assess how attendees interact with the event. This data is used to optimize the attendee experience by identifying busy periods, queue times, and popular areas within the venue (ID&C, n.d.).
The Federal Communications Commission has established compliance policies for RFID use, since these devices emit radio waves that must be regulated under the classification of "intentional radiators" (Quirk & Borrello, 2005). A certification process is required for mobile purchases made through RFID, as buyers' data is linked to these devices and could potentially be exploited by cybercriminals. Certification must confirm the legality of the personal information associated with the purchasing parties and demonstrate device compliance with FCC regulations.
"FCC rules and certification requirements for RFID devices"
"Sniffing, spoofing, and other RFID attack vectors"
"Government standards and OECD guidelines for RFID use"
"People, process, policy, and technology safeguards"
RFID is undoubtedly an emerging and time-saving technology capable of handling user data for music festivals on a large scale. Security concerns must be addressed in accordance with government rules and regulations to guarantee attendees' safety. Recommended precautions span four domains: attendees should secure their wristbands with passwords; firewalls should be installed to prevent cyber breaches; hotel and event management policies should prohibit staff from sharing personal user data with any third party; and technological countermeasures — both cryptographic and non-cryptographic — should be employed to protect the overall event and its participants. With these measures in place, RFID wristband technology can deliver substantial benefits in efficiency, cashless payment, and event promotion while maintaining the privacy and security of all attendees.
You’re 44% through this paper. Sign up to read the remaining 4 sections.
Sign Up Now — Instant Access Already a member? Log inAlways verify citation format against your institution’s current style guide requirements.