What's On Your Hotel Keycard 416
Lam1969 writes "From Robert Mitchell's blog on Computerworld: '... Wallace, IT director at AAA Reading-Berks in Wyomissing, Penn. has been bringing a card reader with him on business trips to see what's on the magnetic strips of his hotel room access cards. To his dismay, a surprising number have contained his name and credit card information - and in unencrypted form.' " Update: 09/20 19:10 GMT by J : Snopes, as of two months ago, says this is false.
Snopes claims this to be false (Score:5, Informative)
Re:Illegal? (Score:3, Informative)
Re:This is why... (Score:2, Informative)
That's because it's illegal (can't remember where I found this out, sorry) for the hotel to make you give it back.
Wrong (Re:Snopes claims this to be false) (Score:1, Informative)
I call BS... (Score:5, Informative)
In EVERY case, the key system is a seperate box not tied into the main computer, and only contains your room number, and length of your stay. The device is ONLY a key coder - it does not tie-in to the main network or the hotel's database in any way.
This story is spreading FUD, do we really need more of that going around?
Magnetic Money Clip (Score:4, Informative)
Urban Legend? (Score:4, Informative)
Re:This is why... (Score:5, Informative)
From the Colorado Bureau of Investigation:
"Southern California law enforcement professionals assigned to detect new threats to personal security issues, recently discovered what type of information is embedded in the credit card type hotel room keys used throughout the industry.
Although room keys differ from hotel to hotel, a key obtained from the "Double Tree" chain that was being used for a regional Identity Theft Presentation was found to contain the following the information:
a.. Customers (your) name b.. Customers partial home address c.. Hotel room number d.. Check in date and check out date e.. Customer's (your) credit card number and expiration date!
When you turn them in to the front desk your personal information is there for any employee to access by simply scanning the card in the hotel scanner. An employee can take a hand full of cards home and using a scanning device, access the information onto a laptop computer and go shopping at your expense.
Simply put, hotels do not erase the information on these cards until an employee re-issues the card to the next hotel guest. At that time, the new guest's information is electronically "overwritten" on the card and the previous guest's information is erased in the overwriting process. But until the card is rewritten for the next guest, it usually is kept in a drawer at the front desk with YOUR INFORMATION ON IT!!!!
The bottom line is: Keep the cards, take them home with you, or destroy them. NEVER leave them behind in the room or room wastebasket, and NEVER turn them in to the front desk when you check out of a room. They will not charge you for the card (it's illegal) and you'll be sure you are not leaving a lot of valuable personal information on it that could be easily lifted off with any simple scanning device card reader. For the same reason, if you arrive at the airport and discover you still have the card key in your pocket, do not toss it in an airport trash basket. Take it home and destroy it by cutting it up, especially through the electronic information strip!
Information courtesy of: Sergeant K. Jorge, Detective Sergeant, Pasadena Police Department
Re:Illegal? (Score:3, Informative)
$1.50 card reader (Score:5, Informative)
Re:Wrong (Re:Snopes claims this to be false) (Score:5, Informative)
This looks like a hoax (Score:2, Informative)
I remember this hoax . . . (Score:5, Informative)
Here's the link: http://www.snopes.com/crime/warnings/hotelkey.asp [snopes.com]
Thanks for the FALSE INFORMATION /. (Score:2, Informative)
http://www.snopes.com/crime/warnings/hotelkey.asp [snopes.com]
The key cards at hotels don't hold anything but the room number and number of nights it needs to work.
Hay since I can check out in the mornings using the television does that mean the TV holds all my CC info too?
Read up and use some common sense before posting an article. kthx bye.
Sigh... (Score:4, Informative)
2. Snopes article has been revised a few times over the last several years. So, some of the information is older than other parts of the information.
3. "One of the difficulties in dealing with crime-related warnings is trying to distinguish between common occurrences to which the average person is likely to fall victim, and circumstances which are possible but have rarely (or never) played out in real life." from the Snopes article.
4. The Snopes article quotes a security expert who tested 6 cards at a security conference. 3 contained personal information, including one with a credit card number.
My experience at Walt Disney World is that the room key can be used in a credit card swiper and charges the card used to reserve the room. I still have this key card. If I ever get a stripe reader, I'll check.
The point of the Snopes article isn't that you will never find a CC number on a key card. The point is that they are not aware of this as an ACTUAL security threat. There's no reason that can't change in the near future, of course.
This "news" is bogus (Score:3, Informative)
Re:This is why... (Score:5, Informative)
First, I want to say that I've worked at a hotel (night auditor/clerk). We had a VingCard system when I was there and at no point did any personal information hit these cards. I know people who work at hotels with slightly more advanced systems, and none of them store any personal information. They just store the room and duration.
I won't say that such cards with personal information don't exist. I will say that they aren't the norm. Let's look at this from a realistic standpoint though:
This seems like much ado about nothing. It's a fairly low risk scenario when compared to all the other ways to get at this information. Who's going to sit around at these hotels and swipe cards looking for embedded information? If they did, don't you think the CC companies would eventually catch onto how it was happening, or at least that it was just a few hotels?
I'd ask how my information was being shared if they said that I could use my keycard to pay for things. If there's nothing like that, I wouldn't worry about it. Depending on the situation, I might keep the card. Normally I just turn it into the clerk, who has access to all the information on it anyway.
If you do keep your card, perhaps you should consider keeping it under your tinfoil hat.