MedallionClass app is a security nightmare.

[billco]

Just tried to change my password in the personalizer

 

We apologize for the inconvenience, but this feature is currently not available.

[caribill]

3 hours ago, Condocat said:

Attached is an interesting article about "electronic pick-pocketing"

 

https://www.npr.org/sections/alltechconsidered/2017/07/04/535518514/there-are-plenty-of-rfid-blocking-products-but-do-you-need-them

 

 

 

Yes, it is interesting.

 

But it is 4 years old.

 

At that time it said "That's despite the fact that the percentage of credit cards with RFID chips in the U.S. is extremely small."

 

But now almost every new or re-issued card has an RFID chip.

 

This is not to say that these chips do or do not present a risk of having information being stolen, just that almost everyone does have them these days.

[Jemnibabe]

2 hours ago, billco said:

Just tried to change my password in the personalizer

 

We apologize for the inconvenience, but this feature is currently not available.

That has been my problem.  Trying to help hubby get into his account but he set his account up so long ago, he does not have a clue of his password and there seems to be no way to change it or get a new one.  Consequently, he can't even try to get info on the Medallion.  I have always filled in his info on the Personalizer so now, more problems.

[retired boomers]

If you accept this App, you have already lost your phone!

The app on your phone allows the "Third Party" App company. (Global Experience Innovators Inc., NOT Princess or Carnival) to access everything on your phone.  

I have cruised over 500 days and never had to give access to my phone, my contacts, my email, my financial information and any other information from my phone.  There is no reason for this app except to collect information that can be sold to a "Fourth Party".  

 

Read the fine print.   

[dog]

41 minutes ago, retired boomers said:

If you accept this App, you have already lost your phone!

The app on your phone allows the "Third Party" App company. (Global Experience Innovators Inc., NOT Princess or Carnival) to access everything on your phone.  

I have cruised over 500 days and never had to give access to my phone, my contacts, my email, my financial information and any other information from my phone.  There is no reason for this app except to collect information that can be sold to a "Fourth Party".  

 

Read the fine print.   

This certainly worries me. 
just stopped making any purchases using my iPhone until I find

out more on security 

[pms4104]

44 minutes ago, retired boomers said:

If you accept this App, you have already lost your phone!

The app on your phone allows the "Third Party" App company. (Global Experience Innovators Inc., NOT Princess or Carnival) to access everything on your phone.  

I have cruised over 500 days and never had to give access to my phone, my contacts, my email, my financial information and any other information from my phone.  There is no reason for this app except to collect information that can be sold to a "Fourth Party".  

 

Read the fine print.   

With so much craziness surrounding the MC app, I dowloaded it for one reason:  to clear all data from the app (there from a Fall 2019 sailing), then I deleted the app from my phone.

 

Then I logged into thr Princess website, replaced our passport info with bogus stuff, saved that.

 

I have no existing Princess bookings, and can easily repopulate these fields once I do have bookings.

 

 

[c-boy]

1 hour ago, retired boomers said:

If you accept this App, you have already lost your phone!

The app on your phone allows the "Third Party" App company. (Global Experience Innovators Inc., NOT Princess or Carnival) to access everything on your phone.  

I have cruised over 500 days and never had to give access to my phone, my contacts, my email, my financial information and any other information from my phone.  There is no reason for this app except to collect information that can be sold to a "Fourth Party".  

 

Read the fine print.   

G E I inc, is a subsidiary of Carnival corp.

[Steelers0854]

6 hours ago, Condocat said:

My phone was in my back pocket of my jeans and it was scanned!   It occurred while not in use.  That is the scary part.

 

Learned my lesson...my wallet is now has RFID blocking so this will not happen again.  I also have a handbag I use when I travel that is also RFID blocking.   Basically, it's foil that blocks the radio waves. 

again I’m sorry but this isn’t possible. It is possible that your credit card, which likely does have an RFID chip in it, was scanned while in a pocket or even a purse.
 

But what you described of your iPhone being scanned is not possible and I feel it’s important that people have the right information. 
 

edited to add: people should know that using a system like Apple Pay is the most secure way to use credit/debit cards at this time. 

Edited June 12, 2021 by Steelers0854

[Steelers36]

1 hour ago, retired boomers said:

If you accept this App, you have already lost your phone!

The app on your phone allows the "Third Party" App company. (Global Experience Innovators Inc., NOT Princess or Carnival) to access everything on your phone.  

I have cruised over 500 days and never had to give access to my phone, my contacts, my email, my financial information and any other information from my phone.  There is no reason for this app except to collect information that can be sold to a "Fourth Party".  

 

Read the fine print.   

Where is this "fine print"?  The MC App does not have access to everything on my phone.  IDK what settings you have.  My Samsung S10 has a couple of other settings that can also help with secure data for this app.  I doubt it has access to all of the things you mention on your phone.

 

[Condocat]

1 hour ago, Steelers0854 said:

again I’m sorry but this isn’t possible. It is possible that your credit card, which likely does have an RFID chip in it, was scanned while in a pocket or even a purse.
 

But what you described of your iPhone being scanned is not possible and I feel it’s important that people have the right information. 
 

edited to add: people should know that using a system like Apple Pay is the most secure way to use credit/debit cards at this time. 

Edited 1 hour ago by Steelers0854

I'm sorry too...and will not get into a bantering match with you about what I know what occurred to me. 

 

This experience with Apple Pay was approx. 5 years ago while traveling internationally.  Perhaps their security wasn't as tight back then.  Bottom line, my data was scanned and it was a mess to clean up!  Needless to say, I do not trust devices that hold my sensitive information especially financial in nature.

[retired boomers]

keep scrolling in the "App Store preview".  It is not really fine print.  Under App Privacy, " Data Linked to you.

The following data may be collected and linked to your identity.

Purchases, Financial Info, Contact Info, User Content, identifiers, Usage Data."
 

 That was enough for me. 

I am done here, good luck to all.

[Thrak]

2 hours ago, Steelers0854 said:

edited to add: people should know that using a system like Apple Pay is the most secure way to use credit/debit cards at this time. 

 

I use Samsung Pay which is similar and also generates a unique token. In addition, my credit card (Capital One) allows me to have "virtual numbers" for vendors. For instance I have a number that I use for Princess and only for Princess. It is linked to my credit card but is not the same number, has a different expiration date, and a different security code. I have a number for Amazon. I have a number for Papa Murphy's pizza. I simply don't use my "real" credit card number anywhere online.

 

I used to use real numbers. I had a Discover I used to use all the time. Twice it was snagged from online places. Both times I got email and text notices immediately from Discover asking if it was me. They cancelled both purchases and sent me a new card. While they took care of the issues flawlessly I prefer the way I do things now. The only time anybody ever gets my "real" number is if I stick the card into a reader and, almost everywhere, I can just use Samsung Pay. My Samsung phone works with NFC readers but also has a magnetic coil in it and can (almost always) be used on a credit card reader with a magnetic stripe reader so I'm not limited to card readers that have NFC capabilities.

[Thrak]

For those who are wondering about permissions for this app. This is what I see in the "Permissions" section on the app download page.

 

MedallionClass

Global Experience Innovators

 

Showing permissions for all versions of this app

 

Location

• approximate location (network-based)
• precise location (GPS and network-based)

Phone

• read phone status and identity

Photos/Media/Files

• read the contents of your USB storage
• modify or delete the contents of your USB storage

Storage

• read the contents of your USB storage
• modify or delete the contents of your USB storage

Camera

• take pictures and videos

Wi-Fi connection information

• view Wi-Fi connections

Device ID & call information

• read phone status and identity

 

Other

• receive data from Internet
• view network connections
• full network access
• run at startup
• control vibration
• prevent device from sleeping

[memoak]

If this app is a security risk then so are all the rest of the apps I pay bills with.  The difference is they are easy to use and this one doesn’t work worth a dime

[Coffeeluvr05]

Who leaves their phone unlocked anywhere?  I immediately lock my iphone before I ever set it down anywhere.  The FBI hasn't even been able to "hack" into a criminal's iphone so I'm not too worried about a cruise passenger getting into it...IF I were to actually misplace it or leave it behind somewhere.  In all the years I've had a smart phone I haven't lost one yet.

[caribill]

4 hours ago, c-boy said:

G E I inc, is a subsidiary of Carnival corp.

Global Experience Innovators, Inc. has 1 total employees across all of its locations and generates $30,339 in sales (USD)

 

https://www.manta.com/c/mhq195y/global-experience-innovators-inc

 

 

[Mary loves to travel]

On 6/11/2021 at 8:27 AM, c-boy said:

hold on there Nerkbuck, I'm not going to ask the government to do something I can do for myself.  When my credit card was used for unauthorized purchase's I was notified immediately.  The only ones to loose out on the action, were Foot Locker and Kohls. I had a new card by 5 pm the next day. 

Well….. the reason you’re not liable for those charges are laws passed by our federal government holding the credit card companies liable for unauthorized charges.   After that law the credit card companies quickly implemented processes to detect unauthorized charges.   
 

reasoning was that individuals can’t practically set up such software ourselves.  

Edited June 12, 2021 by Mary loves to travel

[Steelers0854]

3 hours ago, Condocat said:

I'm sorry too...and will not get into a bantering match with you about what I know what occurred to me. 

 

This experience with Apple Pay was approx. 5 years ago while traveling internationally.  Perhaps their security wasn't as tight back then.  Bottom line, my data was scanned and it was a mess to clean up!  Needless to say, I do not trust devices that hold my sensitive information especially financial in nature.

 

This post unfortunately highlights the problem of not knowing how the system works.  The security architecture and transaction process has not changed since launch and by saying that your credit card number was stolen from your iPhone being “scanned in your pocket” is just incorrect and will lead people away from using something that is highly secure.  I encourage people to do their own research, and as always don’t believe everything you read.

[dearinger]

On 6/10/2021 at 12:51 PM, Condocat said:

I agree.  Used Apple Pay once and had my credit card information unknowingly scanned off my phone at the airport!    Might be worth placing the phone in a foil pouch to protect it from that type of activity.

 

I find this very this is very unnerving.....  

that absolutely did not happen, it wasn’t “scanned” off of your phone as it is physically impossible. Perhaps it was scanned off of your RFID credit card from your wallet? I can promise you that it was not skimmed from your phone. The secure enclave isn’t engaged until after Touch/FaceID is engaged. This has been the same since day one of the launch of ApplePay. No bank would have approved this or would it have gained PCI compliance if skimming were that easy.  

Edited June 13, 2021 by dearinger

[trvlwrld]

Yes-data can be scanned in your pocket...it happened to my husband and the exact time was verified by our CC company, as well as the location

[trvlwrld]

the phone had apps that were open (thought they were closed)

[janice2348]

On 6/11/2021 at 7:48 AM, Ride-The-Waves said:

Simple solution: Don't use the app.  Corporate apps are designed to do only one thing: get your information for sales and marketing.  Anytime you use an app you give up privacy.  

Yup

[c-boy]

9 minutes ago, janice2348 said:

Yup

and there's the option to fill out  don't sell my  personal information form. 

 

[brisalta]

On 6/12/2021 at 2:53 PM, caribill said:

Global Experience Innovators, Inc. has 1 total employees across all of its locations and generates $30,339 in sales (USD)

 

https://www.manta.com/c/mhq195y/global-experience-innovators-inc

 

 

 

Probably just a shell to direct liability issues away from the main corporate body.

[c-boy]

google the address bris