Jump to content

MedallionClass app is a security nightmare.


 Share

Recommended Posts

Just tried to change my password in the personalizer

 

We apologize for the inconvenience, but this feature is currently not available.

Link to comment
Share on other sites

3 hours ago, Condocat said:

 

Yes, it is interesting.

 

But it is 4 years old.

 

At that time it said "That's despite the fact that the percentage of credit cards with RFID chips in the U.S. is extremely small."

 

But now almost every new or re-issued card has an RFID chip.

 

This is not to say that these chips do or do not present a risk of having information being stolen, just that almost everyone does have them these days.

  • Like 2
Link to comment
Share on other sites

2 hours ago, billco said:

Just tried to change my password in the personalizer

 

We apologize for the inconvenience, but this feature is currently not available.

That has been my problem.  Trying to help hubby get into his account but he set his account up so long ago, he does not have a clue of his password and there seems to be no way to change it or get a new one.  Consequently, he can't even try to get info on the Medallion.  I have always filled in his info on the Personalizer so now, more problems.

Link to comment
Share on other sites

If you accept this App, you have already lost your phone!

The app on your phone allows the "Third Party" App company. (Global Experience Innovators Inc., NOT Princess or Carnival) to access everything on your phone.  

I have cruised over 500 days and never had to give access to my phone, my contacts, my email, my financial information and any other information from my phone.  There is no reason for this app except to collect information that can be sold to a "Fourth Party".  

 

Read the fine print.   

  • Like 2
  • Thanks 1
  • Haha 1
Link to comment
Share on other sites

41 minutes ago, retired boomers said:

If you accept this App, you have already lost your phone!

The app on your phone allows the "Third Party" App company. (Global Experience Innovators Inc., NOT Princess or Carnival) to access everything on your phone.  

I have cruised over 500 days and never had to give access to my phone, my contacts, my email, my financial information and any other information from my phone.  There is no reason for this app except to collect information that can be sold to a "Fourth Party".  

 

Read the fine print.   

This certainly worries me. 
just stopped making any purchases using my iPhone until I find

out more on security 

Link to comment
Share on other sites

44 minutes ago, retired boomers said:

If you accept this App, you have already lost your phone!

The app on your phone allows the "Third Party" App company. (Global Experience Innovators Inc., NOT Princess or Carnival) to access everything on your phone.  

I have cruised over 500 days and never had to give access to my phone, my contacts, my email, my financial information and any other information from my phone.  There is no reason for this app except to collect information that can be sold to a "Fourth Party".  

 

Read the fine print.   

With so much craziness surrounding the MC app, I dowloaded it for one reason:  to clear all data from the app (there from a Fall 2019 sailing), then I deleted the app from my phone.

 

Then I logged into thr Princess website, replaced our passport info with bogus stuff, saved that.

 

I have no existing Princess bookings, and can easily repopulate these fields once I do have bookings.

 

 

Link to comment
Share on other sites

1 hour ago, retired boomers said:

If you accept this App, you have already lost your phone!

The app on your phone allows the "Third Party" App company. (Global Experience Innovators Inc., NOT Princess or Carnival) to access everything on your phone.  

I have cruised over 500 days and never had to give access to my phone, my contacts, my email, my financial information and any other information from my phone.  There is no reason for this app except to collect information that can be sold to a "Fourth Party".  

 

Read the fine print.   

G E I inc, is a subsidiary of Carnival corp.

  • Like 5
Link to comment
Share on other sites

Posted (edited)
6 hours ago, Condocat said:

My phone was in my back pocket of my jeans and it was scanned!   It occurred while not in use.  That is the scary part.

 

Learned my lesson...my wallet is now has RFID blocking so this will not happen again.  I also have a handbag I use when I travel that is also RFID blocking.   Basically, it's foil that blocks the radio waves. 


again I’m sorry but this isn’t possible. It is possible that your credit card, which likely does have an RFID chip in it, was scanned while in a pocket or even a purse.
 

But what you described of your iPhone being scanned is not possible and I feel it’s important that people have the right information. 
 

edited to add: people should know that using a system like Apple Pay is the most secure way to use credit/debit cards at this time. 

Edited by Steelers0854
  • Like 5
  • Thanks 1
Link to comment
Share on other sites

1 hour ago, retired boomers said:

If you accept this App, you have already lost your phone!

The app on your phone allows the "Third Party" App company. (Global Experience Innovators Inc., NOT Princess or Carnival) to access everything on your phone.  

I have cruised over 500 days and never had to give access to my phone, my contacts, my email, my financial information and any other information from my phone.  There is no reason for this app except to collect information that can be sold to a "Fourth Party".  

 

Read the fine print.   

Where is this "fine print"?  The MC App does not have access to everything on my phone.  IDK what settings you have.  My Samsung S10 has a couple of other settings that can also help with secure data for this app.  I doubt it has access to all of the things you mention on your phone.

 

  • Like 3
Link to comment
Share on other sites

1 hour ago, Steelers0854 said:

again I’m sorry but this isn’t possible. It is possible that your credit card, which likely does have an RFID chip in it, was scanned while in a pocket or even a purse.
 

But what you described of your iPhone being scanned is not possible and I feel it’s important that people have the right information. 
 

edited to add: people should know that using a system like Apple Pay is the most secure way to use credit/debit cards at this time. 

Edited 1 hour ago by Steelers0854

I'm sorry too...and will not get into a bantering match with you about what I know what occurred to me. 

 

This experience with Apple Pay was approx. 5 years ago while traveling internationally.  Perhaps their security wasn't as tight back then.  Bottom line, my data was scanned and it was a mess to clean up!  Needless to say, I do not trust devices that hold my sensitive information especially financial in nature.

  • Thanks 1
  • Haha 1
Link to comment
Share on other sites

keep scrolling in the "App Store preview".  It is not really fine print.  Under App Privacy, " Data Linked to you.

The following data may be collected and linked to your identity.

Purchases, Financial Info, Contact Info, User Content, identifiers, Usage Data."
 

 That was enough for me. 

I am done here, good luck to all.

  • Thanks 1
Link to comment
Share on other sites

2 hours ago, Steelers0854 said:

edited to add: people should know that using a system like Apple Pay is the most secure way to use credit/debit cards at this time. 

 

I use Samsung Pay which is similar and also generates a unique token. In addition, my credit card (Capital One) allows me to have "virtual numbers" for vendors. For instance I have a number that I use for Princess and only for Princess. It is linked to my credit card but is not the same number, has a different expiration date, and a different security code. I have a number for Amazon. I have a number for Papa Murphy's pizza. I simply don't use my "real" credit card number anywhere online.

 

I used to use real numbers. I had a Discover I used to use all the time. Twice it was snagged from online places. Both times I got email and text notices immediately from Discover asking if it was me. They cancelled both purchases and sent me a new card. While they took care of the issues flawlessly I prefer the way I do things now. The only time anybody ever gets my "real" number is if I stick the card into a reader and, almost everywhere, I can just use Samsung Pay. My Samsung phone works with NFC readers but also has a magnetic coil in it and can (almost always) be used on a credit card reader with a magnetic stripe reader so I'm not limited to card readers that have NFC capabilities.

  • Like 3
  • Thanks 1
Link to comment
Share on other sites

For those who are wondering about permissions for this app. This is what I see in the "Permissions" section on the app download page.

 

MedallionClass
Global Experience Innovators
 

Showing permissions for all versions of this app
 
4rkEm_eN4F8lAtqf1avrqAQ49_IjMjRduxI5szmftCXmKzSaLsNScjM5DSGQp2qtI5R_fqj8j7aJi_G3dg=s20Location
  • approximate location (network-based)
  • precise location (GPS and network-based)
QDYtvjtZon4TYi4-wkvfIqszmmJL258051XdtozjpIZVH-8zVoay1oBS9vw7lzDYYaDz48AzxmOY040lNqc=s20Phone
  • read phone status and identity
pHtIujPWxciAZcfYSwlrGGq14Z984rKLMgcm9RPATLiOlbrWy-tVlelEWgED7gpktgcD1tZizVeHiO5fkw=s20Photos/Media/Files
  • read the contents of your USB storage
  • modify or delete the contents of your USB storage
aWNKQedLTpw6u6yyMjQObmuoKu67A1czWnIcvID86oAmMT02r5mNdRn6l9ZN2t2MIyH6tNy-01v7ukeQ=s20Storage
  • read the contents of your USB storage
  • modify or delete the contents of your USB storage
xbP_oGuJ21iG29iVh0p-UIZPzi_fYj8PMYiqDd9-LvaZ_a1tRcwp0I2-arfXvgX9YtfZTTaqwcLRWPNQM_c=s20Camera
  • take pictures and videos
U-_SG8pHTsqU_IyZTGQRkVMdLaAUeq1OnKGrB06KHF1z7vkkIQK3iF0HcbfTe1RnGlh-ajnZkbphl2W3Gdk=s20Wi-Fi connection information
  • view Wi-Fi connections
l2htRLV5Mt-RZ6nroJCXy3OF_CqdntOsEetnLEjH1wC-WJWV00R5orcBWj0NMFKJVEQU6JhPYRBCKnj3_Q=s20Device ID & call information
  • read phone status and identity
 
Other
  • receive data from Internet
  • view network connections
  • full network access
  • run at startup
  • control vibration
  • prevent device from sleeping
  • Like 2
  • Thanks 2
Link to comment
Share on other sites

If this app is a security risk then so are all the rest of the apps I pay bills with.  The difference is they are easy to use and this one doesn’t work worth a dime

  • Like 1
Link to comment
Share on other sites

Who leaves their phone unlocked anywhere?  I immediately lock my iphone before I ever set it down anywhere.  The FBI hasn't even been able to "hack" into a criminal's iphone so I'm not too worried about a cruise passenger getting into it...IF I were to actually misplace it or leave it behind somewhere.  In all the years I've had a smart phone I haven't lost one yet.

  • Like 3
  • Thanks 1
Link to comment
Share on other sites

Posted (edited)
On 6/11/2021 at 8:27 AM, c-boy said:

hold on there Nerkbuck, I'm not going to ask the government to do something I can do for myself.  When my credit card was used for unauthorized purchase's I was notified immediately.  The only ones to loose out on the action, were Foot Locker and Kohls. I had a new card by 5 pm the next day. 

Well….. the reason you’re not liable for those charges are laws passed by our federal government holding the credit card companies liable for unauthorized charges.   After that law the credit card companies quickly implemented processes to detect unauthorized charges.   
 

reasoning was that individuals can’t practically set up such software ourselves.  

Edited by Mary loves to travel
  • Thanks 1
Link to comment
Share on other sites

3 hours ago, Condocat said:

I'm sorry too...and will not get into a bantering match with you about what I know what occurred to me. 

 

This experience with Apple Pay was approx. 5 years ago while traveling internationally.  Perhaps their security wasn't as tight back then.  Bottom line, my data was scanned and it was a mess to clean up!  Needless to say, I do not trust devices that hold my sensitive information especially financial in nature.

 

This post unfortunately highlights the problem of not knowing how the system works.  The security architecture and transaction process has not changed since launch and by saying that your credit card number was stolen from your iPhone being “scanned in your pocket” is just incorrect and will lead people away from using something that is highly secure.  I encourage people to do their own research, and as always don’t believe everything you read.

  • Like 4
  • Thanks 1
Link to comment
Share on other sites

Posted (edited)
On 6/10/2021 at 12:51 PM, Condocat said:

I agree.  Used Apple Pay once and had my credit card information unknowingly scanned off my phone at the airport!    Might be worth placing the phone in a foil pouch to protect it from that type of activity.

 

I find this very this is very unnerving.....  

that absolutely did not happen, it wasn’t “scanned” off of your phone as it is physically impossible. Perhaps it was scanned off of your RFID credit card from your wallet? I can promise you that it was not skimmed from your phone. The secure enclave isn’t engaged until after Touch/FaceID is engaged. This has been the same since day one of the launch of ApplePay. No bank would have approved this or would it have gained PCI compliance if skimming were that easy.  

Edited by dearinger
  • Like 4
Link to comment
Share on other sites

On 6/11/2021 at 7:48 AM, Ride-The-Waves said:

Simple solution: Don't use the app.  Corporate apps are designed to do only one thing: get your information for sales and marketing.  Anytime you use an app you give up privacy.  

Yup

  • Like 1
Link to comment
Share on other sites

9 minutes ago, janice2348 said:

Yup

and there's the option to fill out  don't sell my  personal information form. 

 

  • Like 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Forum Jump
    • Categories
      • Forum Assistance
      • ANNOUNCEMENT: PONANT Cruises & Expeditions
      • Cruise Critic Live Special Event: Q&A with American Queen Voyages
      • New Cruisers
      • Cruise Lines “A – O”
      • Cruise Lines “P – Z”
      • River Cruising
      • ROLL CALLS
      • Digital Photography & Cruise Technology
      • Special Interest Cruising
      • Cruise Discussion Topics
      • UK Cruising
      • Australia & New Zealand Cruisers
      • Canadian Cruisers
      • North American Homeports
      • Ports of Call
      • Cruise Conversations
×
×
  • Create New...