What's On Your Hotel Keycard 416
Lam1969 writes "From Robert Mitchell's blog on Computerworld: '... Wallace, IT director at AAA Reading-Berks in Wyomissing, Penn. has been bringing a card reader with him on business trips to see what's on the magnetic strips of his hotel room access cards. To his dismay, a surprising number have contained his name and credit card information - and in unencrypted form.' " Update: 09/20 19:10 GMT by J : Snopes, as of two months ago, says this is false.
Illegal? (Score:2, Interesting)
And they DO erase them after you check out, don't they? It could be a precaution telling you not to lose it
This is why... (Score:5, Interesting)
Really a big deal? (Score:5, Interesting)
Re:Illegal? (Score:3, Interesting)
Why do they need that? (Score:2, Interesting)
Re:Illegal? (Score:3, Interesting)
I'd be willing to bet that most of them simply put them back on the stack behind the front desk, to be overwritten if and when they get reused. This, of course, raises another interesting question - can the information of prior users of the card be obtained with data recovery techniques? How many generations of data could one conceivably extract from a single keycard?
Re:Illegal? (Score:3, Interesting)
Easy to distribute master cards to maids, easy for them to tell how to bill you by just the card.
Think about it, if your computers went down, and all you had were your customers keycards... they want to be able to bill you no matter what.
They don't care about your security/safety, it's just the convenience for the hotels.
Re:Really a big deal? (Score:5, Interesting)
bought a $39 card reader at a local retail store.. (Score:1, Interesting)
Paranoia? (Score:2, Interesting)
Granted, I've never checked, but I'd find it hard to believe that the large national chains (Marriott, Hilton, Accor, etc.) put your credit card number on your room key, and nobody has made a giant fuss about it yet. Guess it's time to go check my latest Courtyard key and see for myself.
Re:Snopes claims this to be false (Score:3, Interesting)
Urban myth? (Score:2, Interesting)
Sure it's possible to put any kind of data you want on a magnetic strip, but you might as well worry the hotel is printing your PII data on sheets of paper and tossing them out the back windows. What possibly reason would they have to put info like that on the keycard??
I'm not buying this story, not even a little.
Re:Illegal? (Score:2, Interesting)
Knowing that, it's not far fetched to assume that they are sloppy about erasing data on the cards. Then again, it seems that people throw them on the ground most of the time anyway. I guess stolen credit card info would count as a harsh fine for littering
Re:Necessary data (Score:2, Interesting)
They had one a while back where the myth was that credit cards could be 'erased' by things like refrigerator magnets and magnetic money clips.
They got a reader/writer, hooked it up to a laptop, programmed a bunch of blank cards and then tested various magnetic sources to see what it took to make the card to lose its information and/or become unreadable/unusable. Not surprisingly, it took a fairly strong field to mess things up.
I could see Jamie and Adam checking into hotels and then taking the key cards back to the shop to see how hard it is to crack (though they should get Kari to pose as the hotel guest or something).
What my hotel encodes on its keys (Score:2, Interesting)
On the date of check out the key will stop working at 3:00 PM. If you check out early, your key will continue to work until 3:00 PM on your check out date. But if I check someone else into the room and create them a new key, when they open the door, they will advance the sequence register on the door lock and all prior keys will stop working.
My system has the ability to but the guests name on the card but in order to do this the card must be made directly by the key system. This only happens when I make master keys for employees. Guest keys are processed through an interface between my Front Office system and the key system. As a result no name is transmitted and when I read the key it will list the guest name as Guest.
Ironic: Debunking the Debunking (Score:4, Interesting)
None of this changes the Slashdot article at all, assuming that we trust the author to not be fabricating his results with the card reader completely (and I have no reason to believe that).
I think instead we just have a case where reality imitated art a little too closely -- the art in this case being that hoax, and reality being the stuff the hotels are putting on your card.
Think about this logically; (Score:5, Interesting)
Think about this. You're designing an electronic key-card system for a hotel. In order to do this you have to deal with lobby-monkeys who only occasionally swipe the card correctly through the machine when the customer's checking in. These cards are going to get shoved in pockets, scratched and generally abused.
Now, as an engineer are you going to create a solution that (a) writes to the magnetic strip for every person who checks into the hotel, running the risk that the card runs through skewed or otherwise renders the information unusable, or (b) are you going to assign each card a unique ID number similar to a credit card number that's permanently printed on the card repeatedly across the magnetic strip.
Talk amongst yourselves, but think about the fact that a mag-stripe WRITER costs more than a mag-stripe READER. If you control the locks from a central computer which only has to recognize that card (a) opens door (z), then how are you going to engineer that system for optimum efficiency and lowest cost?
While I don't doubt some droid might consider it a nice idea to have all the customer's info on the card, it doesn't make an awful lot of sense from an engineering perspective now, does it?
And yes, I've worked on hotel key card systems, and no I've never seen one that writes the cards in any way shape or form on check in.
URBAN MYTH ALERT (Score:5, Interesting)
http://www.truthorfiction.com/rumors/k/keycards.h
http://www.breakthechain.org/exclusives/keycards.
http://www.trendmicro.com/vinfo/hoaxes/hoaxDetail
I'm surprised this one passed thru Slashdot's editorial staff.
Re:Thanks for the FALSE INFORMATION /. (Score:3, Interesting)
Having just called my buddy who's a manager at the Hampton Inn nearby, he told me "Yes, we do put all that info onto the card. It serves as a way to track the person who owns it, where it's been used in attempts to access areas, and as validation that the room is still open and the card is still valid to our computer systems. It also tells us when the card is used for entry, and allows us to contact the person if they're in the room."
So false information? For some hotels, possibly, but not for that particular one I just called. Perhaps you should call around hotels and just do a brief checkup on what they do/do not put on the card. I think I'll be doing this so I can determine a more secure hotel to stay at whenever I'm out of town.
About the Snopes update (Score:2, Interesting)
What I found more disturbing, however, was this passage by the Snopes article author: It never occurred to me that hotels might have a record of every time you opened your door.