BTilke

This was sent to me in an email. While it seems possible, there are so many Internet rumors flying around that are just junk...has anyone else seen this? Any merit to the story? Real? Crap created by someone with a grudge against DoubleTree? Food for thought, anyway. What IS stored on those keycards? (FYI, I am forwarding this info to DoubleTree to see what they say)

------------
Southern California law enforcement professionals assigned to detect new threats to personal security issues recently discovered what type of information is embedded in the credit card type hotel room keys used through-out the industry.

Although room keys differ from hotel to hotel, a key obtained from the "DoubleTree" chain that was being used for a regional Identity Theft Presentation was found to contain the following information:

a) Customers (your) name
b) Customers partial home address
c) Hotel room number
d) Check in date and check out date
e) Customers (your) credit card number and expiration date
When you turn them in to the front desk, your personal information is there on hand, for any employee to access by simply scanning the card in the hotel scanner. An employee can take a hand full of cards home and using a scanning device, access the information onto a laptop computer and go shopping at your expense.
Simply put, hotels do not erase these cards until an employee issues the card to the next hotel guest. It is usually kept in a drawer at the front desk with YOUR INFORMATION ON IT
The bottom line is, keep the cards or destroy them. NEVER leave them behind and NEVER turn them in to the front desk when you check out of a room. They will not charge you for the card.
Information courtesy of: Sergeant K. Jorge,
Detective Sergeant,
Pasadena Police Department

obxgirl

Urban legend. rb_traveller posted this url to someone who asked the question quite recently:

http://urbanlegends.about.com/librar...l_keycards.htm

I don't know what is stored on cc's. If you dig up that info, please share!

BTilke

Thanks. Interesting info on the urban legend web site ref. above. However, it does sound like there still exists the possibility of "abuse" with these keycards since the type of info kept on them can vary from hotel to hotel. Think I'll keep mine with me at all times and then destroy them just to be on the safe side.

Gretchen

Another vote for urban legend but it was real enough to fool some folks in an state attorney general's office. And if you follow the logic, the clerk at the desk already has all that info at his beck and call without the room key.

OliveOyl

There is no information on them at all (not even a room number) other than a code to unlock a door--the entire thing is urban legend. As Gretchen says, all that information, A through E on the list, is in your folio at the front desk.

Meesthare

This thing is now circulating in Canada, supposedly by the same "chief of Police" author except that he is now chief of police somewhere in Ontario. To echo what others have said - there is absolutely no information coded on the room key except whatever is needed to open the door.

Keith

Please tell the person that forwarded that to you that they are wrong and ask them to tell everyone they forwarded it to.

Keith

SeattleSonic8

No one has been able to say WHY a hotel would add credit information to a room key!? That statement is so silly that you know it's urban legend.

OliveOyl

I had an amusing thought. Now, other than the joy someone gets out of frightening people, who would start an urban legend such as this and why? How about--the company that manufactures all those little plastic cards and sells them to the hotels! They are re-used, but If every guest throws them away instead of returning them, just think how many more cards they can sell!

BTilke, you do realize the sentence that says information stored varies from hotel to hotel is just part of the legend, right? No information is stored. Nothing, niente, nada, rien, nichts. Your key is safe with me (insert evil laugh here ).

rb_travelerxATyahoo

I used to work in hotels, I'm now in information services. I've not worked in other than "metal key" hotels, as it's been awhile ... but here's what I've observed:

The card-key systems are generally stand-alone systems, independent of the hotel property management sytem. When the clerk gives you keys, they seem to key in no more than the room # and the expiration date/time for that key. They certainly don't spend enough time keying in 12+ digit credit card numbers, etc.

As a technical worker, I suspect that each card-key is encoded simply with a unique serial number, let's say "AB1234" and the clerk is not "encoding" the card, but rather reading the card, so that the hotel's locking system now knows that card # "AB1234" will operate the door of Room 341 until noontime tomorrow. Is this approximately what happens, OliveOyl?

MikeTravels

I actually have a small level of expertise in this area. My field is a bit more high-tech, revolving around smart cards used by the Government to store lots of stuff for their employees and military service members. I have had some dealings with Saflok, one of the big players in the hotel lock business. I also have a card reader on my desk and a collection of key cards I keep as momentos of my travels. I've scanned all of them and looked at the data and I've talked to Saflok about how their systems work.

As many people have already pointed out, many hotels use stand-alone key encoders that are only told about the dates and the room number. These systems seem to write cards that have two numbers. One appears to identify the serial number of the key itself and the other is some kind of encoded number that tells the door that it is valid for that room and that date. No remotely personal identifying information could be written to these keys.

There are systems that interface directly with the reservation systems themselves and these could transmit personal data. I know that some hotels allow you to swipe your card key for room charges. These keys would therefore require some kind of folio number or room number to be on there so that the room charge could be posted correctly. I have one of those keys in my possession that has my first and last name and three different numbers on it.

I don't believe anyone would store credit card numbers, because there is no way it would help them. Most hotel systems even limit who can see the full credit card number.

rbtraveller's guess is wrong. The machines are writing the mag strip. The locks read them. Most hotel locks have no connection to anything else, they just have a jack that lets one download their memory. The super cool new ones use bluetooth to talk to a nearby laptop. They keep track of accesses to the room to help with theft reports. They are just programmed to respond to certain codes on certain days.

Some of the most fancy systems actually print your name on the surface of the key in English. See http://www.saflok.com/news/index.htm for a story on a system like that they installed at the Breakers in Palm Beach.

Also, anytime you want to find the 411 on an urban legend, snopes.com is the place you want to go. On this one, the URL is http://www.snopes.com/crime/warnings/hotelkey.asp

I love OO's theory that it is the card companies spreading this rumor. They do seem to be making a nice little profit in the fancier places with the custom printed blanks. I have several really beautiful ones.

rb_travelerxATyahoo

Thanks for the update, MikeTravels! I've tried to get some info on this, as I always try to think of creative ways technology can be used in hospitality. I really enjoyed my hotel days, but didn't make the kind of $ I do now. The fact that you used the expression "folio" shows you've a little more than casual knowledge of lodging too! Clerks in hotels today don't even know what an NCR4200 or 250 posting machine is!

MikeTravels

I was discussing this topic with my staff and one of them found a card that had his partial address on track 2. It seems like an odd thing -- most of the cards I have only have data on track 1. We'll probably be reading all our cards for a few months -- I'll post if anyone finds anything scary, but I really, really doubt they will.

Some hotels apparently have remote key encoders, so that people with a little shoulder strap unit can scan your credit card, write you a room key and get you out the door when the front desk is backed up. Some of the Vegas hotels could really use this technology -- I've never seen it in use.

I really don't know much about hotels, except as a frequent guest. I've found that if you talk the talk it helps you to charm your way into upgrades sometimes. I like to mention my sister the front desk manager and act sympathetic to thier plight dealing with the public. Even when I don't get a better room, I get a more friendly reaction than I might otherwise. The same is true with airlines, I think. So really, I just know a little, but I'm great at BS. I do know something about old NCR crap from a former life working with POS gear, but that is a whole 'nother story.

BTilke

Well, I'm going to stay paranoid, OO can evil laugh all she wants. I got badly burned at a major European hotel earlier this year. Somehow...no one ever gave me a straight answer...someone or some computer at the hotel kept trying to pile up charges on my credit card, to the tune of about $2500. My CC company's fraud department got suspicious and canceled the card. I was in transit when the card was canceled and it was a palaver getting it replaced en route.
My level of trust in corporate protestations of data protection is not particularly high (think of the recent Jet Blue snafu). So I will err on the side of safety, even if some people think it's silly.

rb_travelerxATyahoo

BTilke - I'd be more suspicious that someone actually got your credit card info from the card itself, than from a room card-key. I recall reading of a scheme a few years back where Palm Pilots, equiped with mag-stripe readers, were being used by some employees to quickly "steal" the info from cards presented for legitimate reasons ... and I don't think that was a hoax. It could have been a crooked hotel employee, yes.

OliveOyl

BTilke, my evil laugh wasn't at you, I was just being silly, insinuating that I'd take your key and mess with it, (silly) evil laugh as I did it, but didn't mean to slight you or your concerns. (Picture devil rubbing his hands together in glee, a glint in his eye). Emoticons or no, it's sometimes hard to pass on the intent when writing here. I'm sorry~~

Actually we have had our credit card # stolen at a hotel front desk as well. This was before the days of key cards, but our info was (stupidly) taken by a front desk clerk. Like you, our credit card company became suspicious regarding the nature of the charges and called. And no...he didn't get away with it!

As to the locks, our hotel uses Saflok. We also have the remote use encoders Mike mentioned, but they are used only during an extremely heavy group check in to expedite the process so no one has to wait long.

I asked about what was being written to the key and my husband isn't even sure but believes a code is assigned, because when that key is inserted in that lock the first time after it has been assigned, it is read by the lock which immediately changes the code from the last guest (whose key has expired so it can't be used anyway).

Then he told me something interesting, something which most likely is an answer to a complaint I've seen here more than once. I thought the key expired immediately upon check out, but it does not. A clock starts ticking, but the key is good for a set amount of time (way less than a day) after checkout. Problems can and do arise when said guest, still in the hotel, meetings or whatever, goes back to his room which has now been cleaned, and he uses the bathrooom one last time before departure. Next guest in the room finds an unflushed toilet, a hand towel askew! It can and does happen.

You all know the locks can be read to determine which keys have accessed it should there ever be a problem with a missing item from a room. Something is inserted into the lock, information is dowloaded into a portable device and from that can be printed out, determining every key, guest, master, housekeeping that has accessed that lock in a certain period of time. Amazing stuff, to me anyway, thinking back on the days of big brass keys...with numbers on them no less!