Slashdot Mirror
What's On Your Hotel Keycard
Lam1969 writes "From Robert Mitchell's blog on Computerworld: '... Wallace, IT director at AAA Reading-Berks in Wyomissing, Penn. has been bringing a card reader with him on business trips to see what's on the magnetic strips of his hotel room access cards. To his dismay, a surprising number have contained his name and credit card information - and in unencrypted form.' " Update: 09/20 19:10 GMT by J : Snopes, as of two months ago, says this is false.
http://www.snopes.com/crime/warnings/hotelkey.asp Who is right?
I have to wonder if they do erase them. I mean most ppl just keep the key or toss it after they check out. And because its a simple magnetic strip the data will be resident on it unless someone physically demagnitizes it or deguasses it.
News Reporters Make Tasty Polar Bear Treats!
I've yet to have an issue with a hotel wanting it back.
That's because it's illegal (can't remember where I found this out, sorry) for the hotel to make you give it back.
Wrong. Snopes says that while it's true the information is on the card, there is no significant trend relating this to criminal activity.
I've worked in a number of hotels for the past seven years- and all of them used electronic key systems, either the card type, or an electronic microchip key.
In EVERY case, the key system is a seperate box not tied into the main computer, and only contains your room number, and length of your stay. The device is ONLY a key coder - it does not tie-in to the main network or the hotel's database in any way.
This story is spreading FUD, do we really need more of that going around?
-Julius X
remove "-whatkindofspamdoyoutakemefor-" from email to send
I have a magnetic Money clip I use. If I put a hotel keycard even in the same pocket it wipes it completely. Whereas my credit card has never been a problem. Hotel cards use a different technology that is more easily wipable than standard credit cards.
TODO create witty sig.
I have to admit, I'm a little suspicious. I've heard this story before and it was labeled false. Add to the situation that the author "declined to name specific hotels" and it only adds to my doubts. Why not name names???
Aha... here's the email I heard this from:
From the Colorado Bureau of Investigation:
"Southern California law enforcement professionals assigned to detect new threats to personal security issues, recently discovered what type of information is embedded in the credit card type hotel room keys used throughout the industry.
Although room keys differ from hotel to hotel, a key obtained from the "Double Tree" chain that was being used for a regional Identity Theft Presentation was found to contain the following the information:
a.. Customers (your) name b.. Customers partial home address c.. Hotel room number d.. Check in date and check out date e.. Customer's (your) credit card number and expiration date!
When you turn them in to the front desk your personal information is there for any employee to access by simply scanning the card in the hotel scanner. An employee can take a hand full of cards home and using a scanning device, access the information onto a laptop computer and go shopping at your expense.
Simply put, hotels do not erase the information on these cards until an employee re-issues the card to the next hotel guest. At that time, the new guest's information is electronically "overwritten" on the card and the previous guest's information is erased in the overwriting process. But until the card is rewritten for the next guest, it usually is kept in a drawer at the front desk with YOUR INFORMATION ON IT!!!!
The bottom line is: Keep the cards, take them home with you, or destroy them. NEVER leave them behind in the room or room wastebasket, and NEVER turn them in to the front desk when you check out of a room. They will not charge you for the card (it's illegal) and you'll be sure you are not leaving a lot of valuable personal information on it that could be easily lifted off with any simple scanning device card reader. For the same reason, if you arrive at the airport and discover you still have the card key in your pocket, do not toss it in an airport trash basket. Take it home and destroy it by cutting it up, especially through the electronic information strip!
Information courtesy of: Sergeant K. Jorge, Detective Sergeant, Pasadena Police Department
Having worked at a motel before, I can attest that it is NOT policy to erase the cards after use. The cards are usually given an expiration date (usually the checkout date). The expiration date only serves as data for the card reader on the door. The key will not be erased at this date...it will only be unable to open the door.
you can get one from all electronics corp for 1.50 yes one dollar and FIF-tee cents all electronics reader then use stripesnoop (.sf.net) and you can figureout how to hook them up to a gameport/whatever on their forum check their forum
This looks like a hoax accroding to snopes: http://www.snopes.com/crime/warnings/hotelkey.asp
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
Here's the link: http://www.snopes.com/crime/warnings/hotelkey.asp
I am not a crackpot.
Thanks you made me laugh with this article.
http://www.snopes.com/crime/warnings/hotelkey.asp
The key cards at hotels don't hold anything but the room number and number of nights it needs to work.
Hay since I can check out in the mornings using the television does that mean the TV holds all my CC info too?
Read up and use some common sense before posting an article. kthx bye.
Ave Molech Setting
1. Article is about a hotel that DOES this. Therefore, we're talking about it happening.
2. Snopes article has been revised a few times over the last several years. So, some of the information is older than other parts of the information.
3. "One of the difficulties in dealing with crime-related warnings is trying to distinguish between common occurrences to which the average person is likely to fall victim, and circumstances which are possible but have rarely (or never) played out in real life." from the Snopes article.
4. The Snopes article quotes a security expert who tested 6 cards at a security conference. 3 contained personal information, including one with a credit card number.
My experience at Walt Disney World is that the room key can be used in a credit card swiper and charges the card used to reserve the room. I still have this key card. If I ever get a stripe reader, I'll check.
The point of the Snopes article isn't that you will never find a CC number on a key card. The point is that they are not aware of this as an ACTUAL security threat. There's no reason that can't change in the near future, of course.
An internet myth: Snopes
First, I want to say that I've worked at a hotel (night auditor/clerk). We had a VingCard system when I was there and at no point did any personal information hit these cards. I know people who work at hotels with slightly more advanced systems, and none of them store any personal information. They just store the room and duration.
I won't say that such cards with personal information don't exist. I will say that they aren't the norm. Let's look at this from a realistic standpoint though:
This seems like much ado about nothing. It's a fairly low risk scenario when compared to all the other ways to get at this information. Who's going to sit around at these hotels and swipe cards looking for embedded information? If they did, don't you think the CC companies would eventually catch onto how it was happening, or at least that it was just a few hotels?
I'd ask how my information was being shared if they said that I could use my keycard to pay for things. If there's nothing like that, I wouldn't worry about it. Depending on the situation, I might keep the card. Normally I just turn it into the clerk, who has access to all the information on it anyway.
If you do keep your card, perhaps you should consider keeping it under your tinfoil hat.