Slashdot Mirror

← Back to Stories (view on slashdot.org)

What's On Your Hotel Keycard

Posted by CmdrTaco on from the get-your-paranoia-on dept.

Lam1969 writes "From Robert Mitchell's blog on Computerworld: '... Wallace, IT director at AAA Reading-Berks in Wyomissing, Penn. has been bringing a card reader with him on business trips to see what's on the magnetic strips of his hotel room access cards. To his dismay, a surprising number have contained his name and credit card information - and in unencrypted form.' " Update: 09/20 19:10 GMT by J : Snopes, as of two months ago, says this is false.

9 of 416 comments (clear)

  1. Snopes claims this to be false by Anonymous Coward · · Score: 5, Informative

    http://www.snopes.com/crime/warnings/hotelkey.asp Who is right?

  2. I call BS... by Julius+X · · Score: 5, Informative

    I've worked in a number of hotels for the past seven years- and all of them used electronic key systems, either the card type, or an electronic microchip key.

    In EVERY case, the key system is a seperate box not tied into the main computer, and only contains your room number, and length of your stay. The device is ONLY a key coder - it does not tie-in to the main network or the hotel's database in any way.

    This story is spreading FUD, do we really need more of that going around?

    --

    -Julius X
    remove "-whatkindofspamdoyoutakemefor-" from email to send
  3. Magnetic Money Clip by Loether · · Score: 4, Informative

    I have a magnetic Money clip I use. If I put a hotel keycard even in the same pocket it wipes it completely. Whereas my credit card has never been a problem. Hotel cards use a different technology that is more easily wipable than standard credit cards.

    --
    TODO create witty sig.
  4. Urban Legend? by nonsense28sal · · Score: 4, Informative

    I have to admit, I'm a little suspicious. I've heard this story before and it was labeled false. Add to the situation that the author "declined to name specific hotels" and it only adds to my doubts. Why not name names???

  5. Re:This is why... by Bensel · · Score: 5, Informative

    Aha... here's the email I heard this from:

    From the Colorado Bureau of Investigation:

    "Southern California law enforcement professionals assigned to detect new threats to personal security issues, recently discovered what type of information is embedded in the credit card type hotel room keys used throughout the industry.

    Although room keys differ from hotel to hotel, a key obtained from the "Double Tree" chain that was being used for a regional Identity Theft Presentation was found to contain the following the information:

    a.. Customers (your) name b.. Customers partial home address c.. Hotel room number d.. Check in date and check out date e.. Customer's (your) credit card number and expiration date!

    When you turn them in to the front desk your personal information is there for any employee to access by simply scanning the card in the hotel scanner. An employee can take a hand full of cards home and using a scanning device, access the information onto a laptop computer and go shopping at your expense.

    Simply put, hotels do not erase the information on these cards until an employee re-issues the card to the next hotel guest. At that time, the new guest's information is electronically "overwritten" on the card and the previous guest's information is erased in the overwriting process. But until the card is rewritten for the next guest, it usually is kept in a drawer at the front desk with YOUR INFORMATION ON IT!!!!

    The bottom line is: Keep the cards, take them home with you, or destroy them. NEVER leave them behind in the room or room wastebasket, and NEVER turn them in to the front desk when you check out of a room. They will not charge you for the card (it's illegal) and you'll be sure you are not leaving a lot of valuable personal information on it that could be easily lifted off with any simple scanning device card reader. For the same reason, if you arrive at the airport and discover you still have the card key in your pocket, do not toss it in an airport trash basket. Take it home and destroy it by cutting it up, especially through the electronic information strip!

    Information courtesy of: Sergeant K. Jorge, Detective Sergeant, Pasadena Police Department

  6. $1.50 card reader by Anonymous Coward · · Score: 5, Informative

    you can get one from all electronics corp for 1.50 yes one dollar and FIF-tee cents all electronics reader then use stripesnoop (.sf.net) and you can figureout how to hook them up to a gameport/whatever on their forum check their forum

  7. Re:Wrong (Re:Snopes claims this to be false) by millennial · · Score: 5, Informative

    Let's keep reading, shall we? Snopes ACTUALLY says that none of the hotel chains they contacted put sensitive information on the cards. One reader who works at a hotel said that the only thing that goes on there is the room number, the number of nights in the stay, and the number of keys issued.

    --
    I am scientifically inaccurate.
  8. I remember this hoax . . . by Rob+the+Bold · · Score: 5, Informative
    It was a good one, too.

    Here's the link: http://www.snopes.com/crime/warnings/hotelkey.asp

    --
    I am not a crackpot.
  9. Re:This is why... by bedroll · · Score: 4, Informative
    Let's have a reality check here.

    First, I want to say that I've worked at a hotel (night auditor/clerk). We had a VingCard system when I was there and at no point did any personal information hit these cards. I know people who work at hotels with slightly more advanced systems, and none of them store any personal information. They just store the room and duration.

    I won't say that such cards with personal information don't exist. I will say that they aren't the norm. Let's look at this from a realistic standpoint though:

    • If your hotel doesn't allow you to use your card to charge things to your account then you probably have nothing to worry about. Why would they include any personal information if you can't use that card for anything but entry to the building and your room?
    • Even if your hotel does allow this, what benefit do they gain from having your information (more than your room) on the card? Obviously the payment system must be hooked into the registry somehow, so why wouldn't they just store the room number/unique id to make the link? Wouldn't it be MORE work for them to link it back if they use your information instead of theirs?
    • Let us say that these cards are in a lot of places, why are we worried about them when folios are normally plain text and stored in paper format somewhere on the premises? You don't know what happens to these records. Normally they just get locked in a storage closet for a while until they get thrown out.
    • I hope you don't ever buy anything online. I'd venture to guess that it's much more common for poor security practices to be used on billing databases for e-comm than it is for hotels to embed your billing info on your keycard. For that matter, if you have a CC you probably use it all over the place. The receipts are normally poorly handled and not very secure. Point being that your CC information is rarely secure, and that includes places that also get your address.

    This seems like much ado about nothing. It's a fairly low risk scenario when compared to all the other ways to get at this information. Who's going to sit around at these hotels and swipe cards looking for embedded information? If they did, don't you think the CC companies would eventually catch onto how it was happening, or at least that it was just a few hotels?

    I'd ask how my information was being shared if they said that I could use my keycard to pay for things. If there's nothing like that, I wouldn't worry about it. Depending on the situation, I might keep the card. Normally I just turn it into the clerk, who has access to all the information on it anyway.

    If you do keep your card, perhaps you should consider keeping it under your tinfoil hat.