While multifactor authentication certainly adds to the security of the system in a significant way, biometric hardware is not flawlessly reliable. Florida is a rather humid place [5] which inevitably affects the performance of sensitive electronic hardware like fingerprint readers.
To address this issue and counteract the likelihood of the system presenting users with false negatives, it would be fair to assume that the fingerprint readers themselves are configured to fail open (ie, when in doubt, allow entry). This gives malicious users the potential benefit of knowing that they merely need to intentionally cause the reader to malfunction to be granted access.
Social engineering could also potentially play a factor in the exploitation of the MagicBand system by using Disney’s own customer-service policy against itself. Suppose our malicious user is successfully stopped dead in his tracks at the gate. He has been beaten to the entry gate by his victims and has lost the calibration race; there is no hope the machine will accept his cloned band. Yet he scans it anyway, and is
denied access immediately. He knows he will not gain entry, but he continues to scan it. The employees at the gate attempt to help him, scanning his band for him, fiddling with the machine, etc, all to no avail. Yet a large line is beginning to form behind him.