Slashdot Mirror

← Back to Stories (view on slashdot.org)

What's On Your Hotel Keycard

Posted by CmdrTaco on from the get-your-paranoia-on dept.

Lam1969 writes "From Robert Mitchell's blog on Computerworld: '... Wallace, IT director at AAA Reading-Berks in Wyomissing, Penn. has been bringing a card reader with him on business trips to see what's on the magnetic strips of his hotel room access cards. To his dismay, a surprising number have contained his name and credit card information - and in unencrypted form.' " Update: 09/20 19:10 GMT by J : Snopes, as of two months ago, says this is false.

8 of 416 comments (clear)

  1. This is why... by Shkuey · · Score: 5, Interesting

    You always keep your keycards, and you always destroy them. I've yet to have an issue with a hotel wanting it back.

  2. Really a big deal? by DeadSea · · Score: 5, Interesting
    Your credit card contains your name and credit card number on it in an unencrypted form. If your key card does as well, you should treat it like a credit card.
    1. It certainly would be nice for the hotel to tell you what they put on the card
    2. They should tell you to report your credit card as stolen if you lose your key card.
    3. They should securely erase or destroy key cards when you check out
    I generally trust the hotel staff with my credit card number, and I generally acknoledge that there is info about me on the magnetic stripes in my wallet. Is this anything to get upset about?
    1. Re:Really a big deal? by stuckinarut · · Score: 5, Interesting

      You often hear about people that have had their ATM cards wiped by the magnets used to disable the security tags in stores. Many stores have 'Don't place cards here' signs to prevent this. If the hotels had 'Please place keycards here' on a similar magnet when you sign out then that would wipe them and problem solved.

  3. Re:Illegal? by Lord+Dimwit+Flathead · · Score: 3, Interesting

    they DO erase them after you check out, don't they?

    I'd be willing to bet that most of them simply put them back on the stack behind the front desk, to be overwritten if and when they get reused. This, of course, raises another interesting question - can the information of prior users of the card be obtained with data recovery techniques? How many generations of data could one conceivably extract from a single keycard?

  4. Re:Illegal? by servicemaster · · Score: 3, Interesting

    Hotel cards aren't for your convenience, they are for the hotel's convenience. An easy way to create and distribute keys to rooms, keeping out only the most simple theives...
    Easy to distribute master cards to maids, easy for them to tell how to bill you by just the card.

    Think about it, if your computers went down, and all you had were your customers keycards... they want to be able to bill you no matter what.

    They don't care about your security/safety, it's just the convenience for the hotels.

  5. Ironic: Debunking the Debunking by Kadin2048 · · Score: 3, Interesting

    It's sort of odd, that at first there was this urban myth saying you needed to worry, and then Snopes "debunked" it, and now we have good evidence from a person who actually took a card reader and checked some cards (as opposed to Snopes, who just called Doubletree, apparently), saying that the original hoax actually was on to something, after all.

    None of this changes the Slashdot article at all, assuming that we trust the author to not be fabricating his results with the card reader completely (and I have no reason to believe that).

    I think instead we just have a case where reality imitated art a little too closely -- the art in this case being that hoax, and reality being the stuff the hotels are putting on your card.

    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  6. Think about this logically; by Thumper_SVX · · Score: 4, Interesting

    Really. Despite the fact that this has already been identified as a probable urban legend by Snopes, I ask everyone on this site to think of this like an engineer.

    Think about this. You're designing an electronic key-card system for a hotel. In order to do this you have to deal with lobby-monkeys who only occasionally swipe the card correctly through the machine when the customer's checking in. These cards are going to get shoved in pockets, scratched and generally abused.

    Now, as an engineer are you going to create a solution that (a) writes to the magnetic strip for every person who checks into the hotel, running the risk that the card runs through skewed or otherwise renders the information unusable, or (b) are you going to assign each card a unique ID number similar to a credit card number that's permanently printed on the card repeatedly across the magnetic strip.

    Talk amongst yourselves, but think about the fact that a mag-stripe WRITER costs more than a mag-stripe READER. If you control the locks from a central computer which only has to recognize that card (a) opens door (z), then how are you going to engineer that system for optimum efficiency and lowest cost?

    While I don't doubt some droid might consider it a nice idea to have all the customer's info on the card, it doesn't make an awful lot of sense from an engineering perspective now, does it?

    And yes, I've worked on hotel key card systems, and no I've never seen one that writes the cards in any way shape or form on check in.

  7. URBAN MYTH ALERT by Thurmont · · Score: 5, Interesting

    Here are sites detailing this myth...

    http://www.truthorfiction.com/rumors/k/keycards.ht m
    http://www.breakthechain.org/exclusives/keycards.h tml
    http://www.trendmicro.com/vinfo/hoaxes/hoaxDetails .asp?HName=Hotel+Key+Card+Hoax&Page=4

    I'm surprised this one passed thru Slashdot's editorial staff.

    --
    "If it's got a switch... it's my bitch!!"