What's On Your Hotel Keycard

Lam1969 writes "From Robert Mitchell's blog on Computerworld: '... Wallace, IT director at AAA Reading-Berks in Wyomissing, Penn. has been bringing a card reader with him on business trips to see what's on the magnetic strips of his hotel room access cards. To his dismay, a surprising number have contained his name and credit card information - and in unencrypted form.' " Update: 09/20 19:10 GMT by J : Snopes, as of two months ago, says this is false.

Illegal?

[AndreiK]

You would think that actually using the reader would be illegal

And they DO erase them after you check out, don't they? It could be a precaution telling you not to lose it :P

Re:Illegal?

[Evil W1zard]

I have to wonder if they do erase them. I mean most ppl just keep the key or toss it after they check out. And because its a simple magnetic strip the data will be resident on it unless someone physically demagnitizes it or deguasses it.

Re:Illegal?

[networkBoy]

And in the meantime that hotel employee is reading all of them for data after the guest has left. Since there is no tampering with the computer, there is no audit trail that a guest has been comprimised.
-nB

Re:Illegal?

[Anonymous Coward]

Now admittedly this country has gone to hell, but why in the world would you think a card reader would be illegal?

That is incredibly depressing.

For the government, and its media cronies to have you in the state of mind where you feel that you should not have access to something like a card reader is sad and pathetic.

Re:Illegal?

[JadeNB]

And they DO erase them after you check out, don't they?

Although this seems suspicious to me (it's hard to believe that as highly-motivated a work force as the desk personnel at a hotel won't slip up and forget from time to time), I guess it's true that the keys are then kept in a reasonably safe place until they are re-encoded for the next visitor. (Is this true? Is there a way to recover old information from a magnetic stripe even after it's been overwritten?)

You're kidding, right?

[swb]

I know a lot of people (including myself, until now) simply assumed the card had some magick code on it that opened the door, and once they checked out, the code stopped working, so key cards got:

1) left in the room when you walked out. There's probably a box on the cleaning carts where they get chucked. Highly insecure.

2) left in the rental car or wherever. You're done with it and presumably it has no information relevant to you.

3) idly thrown away (probably the most secure, provided its a sufficiently yucky trash can)

4) Taped to office doors or cube walls to make a "gee, I travel a lot" mosaic.

The idea that they're somehow secure because they MIGHT get stored and reused seems laughable.

Re:Are you guys on crack?

[op12]

You see them left all over the place in Vegas.

Jackpot!!!

Re:Are you guys on crack?

[xaque]

What are you talking about? People don't leave Vegas until they don't have any money left, and all their credit cards are maxed out. You couldn't make a dime off that.

Re:Illegal?

[Lord Dimwit Flathead]

they DO erase them after you check out, don't they?

I'd be willing to bet that most of them simply put them back on the stack behind the front desk, to be overwritten if and when they get reused. This, of course, raises another interesting question - can the information of prior users of the card be obtained with data recovery techniques? How many generations of data could one conceivably extract from a single keycard?

Data Recovery

[Kadin2048]

Using a regular card reader I'm pretty confident you could only get one "generation." To get the next one you'd have to use some pretty specialized equipment. And I'm not sure it would be a sure thing either, provided that the information was recorded into the stripe using the same equipment and the same power level.

However if the hotel personnel sometimes used card reader/writer A, which has low power, but occasionally reader B, which has an ever so slightly higher power level, then assuming the last one used was A, you ought to be able to get at least 2 records off of the card, because the last record from B will be buried a little deeper in the strip than the overwrite by A.

Or if you had 3 card reader/writers, each at slightly different power levels, and used them in the right order, you might be able to reconstruct 3 sets of data from the card.

The analogy I'm thinking of is like how (analog) HiFi audio is written to a VHS tape [eed.usv.ro]: it's recorded onto the tape underneath the video signal, using a recording head where the flux pattern goes deeper into the recording medium. (It's also separated by virtue of an FM carrier and the azimuth angle of the recording heads, which you wouldn't have on a magnetic stripe card.)

I've read some articles on recovering overwritten information from linear magnetic tape (Nixon tapes, etc.) and it's no easy task. The usual way to do it is to just look for areas of the tape near the edges that weren't saturated by the erase head the second time around. I'm fairly confident in saying that recovery of two sets of data, made by the same reader/writer, would be non-trivial.

Re:Illegal?

[servicemaster]

Hotel cards aren't for your convenience, they are for the hotel's convenience. An easy way to create and distribute keys to rooms, keeping out only the most simple theives...
Easy to distribute master cards to maids, easy for them to tell how to bill you by just the card.

Think about it, if your computers went down, and all you had were your customers keycards... they want to be able to bill you no matter what.

They don't care about your security/safety, it's just the convenience for the hotels.

Re:Illegal?

[CheshireCatCO]

If the computers are going down, why do they need the credit card information on my room key? If they can't read my credit card, how are they reading the key?

I agree that they key cards are for the hotel's convenience, but I'm not following why they need my credit card info on the key.

Re:Illegal?

[CheshireCatCO]

Perhaps. But usually they just put the charge onto your hotel bill rather than charge the meal separately.

Re:Illegal?

[thparker]

Think about it, if your computers went down, and all you had were your customers keycards... they want to be able to bill you no matter what.

I find this whole article suspect. Just the other day when I checked into a Sheraton, the computer system was down. No reservation data (they had a faxed list from some other location), no swiping of the credit card, nothing. Still, I could get my keycard and get into my room -- because the keycard encoding was part of a completely different system.

I'm not suggesting that when all systems are online that additional info couldn't be passed to the keycard, but I don't buy it.

Re:Illegal?

[mintshows]

Having worked at a motel before, I can attest that it is NOT policy to erase the cards after use. The cards are usually given an expiration date (usually the checkout date). The expiration date only serves as data for the card reader on the door. The key will not be erased at this date...it will only be unable to open the door.

Re:Illegal?

[Cerdic]

I saw an episode of 20/20 or a similar show on one of the networks some years back. They tried keeping an old key and then they had someone check into the same room they had. They found that the code wasn't changed and that the old key could be used to gain entry into the room after someone else had checked in with a supposedly new key code.

Knowing that, it's not far fetched to assume that they are sloppy about erasing data on the cards. Then again, it seems that people throw them on the ground m

I don't think they do

[dpaton.net]

I've never, ever seen the hotel staff erase the cards. I have however, had hotel staff give me a card that had just been given back to them by a guest checking out. 2 passes thru the magstripe writer and it was mine, not the previous guests. All one would have to do is swipe a few cards out of the totally unsecured and easily accessable SHOEBOX on the counter. If I knew which chains did the CC#/name/address I'm sure I could abscond with enough data to cause real trouble for people. It's amazingly easy.

Than

This is why...

[Shkuey]

You always keep your keycards, and you always destroy them. I've yet to have an issue with a hotel wanting it back.

Re:This is why...

[Bensel]

I've yet to have an issue with a hotel wanting it back.

That's because it's illegal (can't remember where I found this out, sorry) for the hotel to make you give it back.

Re:This is why...

[Bensel]

Aha... here's the email I heard this from:

From the Colorado Bureau of Investigation:

"Southern California law enforcement professionals assigned to detect new threats to personal security issues, recently discovered what type of information is embedded in the credit card type hotel room keys used throughout the industry.

Although room keys differ from hotel to hotel, a key obtained from the "Double Tree" chain that was being used for a regional Identity Theft Presentation was found to contain the following the information:

a.. Customers (your) name b.. Customers partial home address c.. Hotel room number d.. Check in date and check out date e.. Customer's (your) credit card number and expiration date!

When you turn them in to the front desk your personal information is there for any employee to access by simply scanning the card in the hotel scanner. An employee can take a hand full of cards home and using a scanning device, access the information onto a laptop computer and go shopping at your expense.

Simply put, hotels do not erase the information on these cards until an employee re-issues the card to the next hotel guest. At that time, the new guest's information is electronically "overwritten" on the card and the previous guest's information is erased in the overwriting process. But until the card is rewritten for the next guest, it usually is kept in a drawer at the front desk with YOUR INFORMATION ON IT!!!!

The bottom line is: Keep the cards, take them home with you, or destroy them. NEVER leave them behind in the room or room wastebasket, and NEVER turn them in to the front desk when you check out of a room. They will not charge you for the card (it's illegal) and you'll be sure you are not leaving a lot of valuable personal information on it that could be easily lifted off with any simple scanning device card reader. For the same reason, if you arrive at the airport and discover you still have the card key in your pocket, do not toss it in an airport trash basket. Take it home and destroy it by cutting it up, especially through the electronic information strip!

Information courtesy of: Sergeant K. Jorge, Detective Sergeant, Pasadena Police Department

I remember this hoax . . .

[Rob the Bold]

It was a good one, too.

Here's the link: http://www.snopes.com/crime/warnings/hotelkey.asp [snopes.com]

Ironic: Debunking the Debunking

[Kadin2048]

It's sort of odd, that at first there was this urban myth saying you needed to worry, and then Snopes "debunked" it, and now we have good evidence from a person who actually took a card reader and checked some cards (as opposed to Snopes, who just called Doubletree, apparently), saying that the original hoax actually was on to something, after all.

None of this changes the Slashdot article at all, assuming that we trust the author to not be fabricating his results with the card reader completely (and I have no reason to believe that).

I think instead we just have a case where reality imitated art a little too closely -- the art in this case being that hoax, and reality being the stuff the hotels are putting on your card.

Re:Ironic: Debunking the Debunking

[DerekLyons]

It's sort of odd, that at first there was this urban myth saying you needed to worry, and then Snopes "debunked" it, and now we have good evidence from a person who actually took a card reader and checked some cards (as opposed to Snopes, who just called Doubletree, apparently), saying that the original hoax actually was on to something, after all.

No, we don't have good evidence - we have a posting on a blog.

None of this changes the Slashdot article at all, assuming that we trust the author to not be fabricating his results with the card reader completely (and I have no reason to believe that).

We have no reason to make an assumption either way - that this is a hoax, or that he is telling the truth.

Re:I remember this hoax . . .

[lxs]

For someone from a community that has a healthy scepticism to all things published both on- and offline, the average slashdot reader appears to have an unshakable faith in snopes.com

Could be true

[logicnazi]

Grr...why do people never actually read the snopes discussion and just blindly rely on the 'true/false' distinction. Often that is quite misleading.

If you read the snopes discussion it says that some hotels might do this but they have recieved no evidence this is true. Well this sounds like some evidence to me.

Basically snopes is responding to an over-sensationalized urban legend not taking a position that this is somehow impossible. While they do offer the analysis that they see no reason why the hotel

Re:This is why...

[superpulpsicle]

Well after they saw the stain on my card, the hotel clerk said PLEASE keep it.

I don't get it

[mblase]

You always keep your keycards, and you always destroy them.

What for? If I return it to the desk, assume there's a possibility that desk clerk can read my personal data off of it. Why wouldn't that desk clerk just read it off the computer, or copy it when I give it at check-in?

Re:I don't get it

[AK Marc]

As opposed to the employee that can just print out the same information, take home the printout, and go shopping at your expense? Seriously, it may be an additional location where your information is stored, but it isn't anything that the front desk doesn't already have ample access to.

Re:This is why...

[SlayerofGods]

Why destroy them?
I keep them as souvenirs from my various trips.

Re:This is why...

[bedroll]

Let's have a reality check here.

First, I want to say that I've worked at a hotel (night auditor/clerk). We had a VingCard system when I was there and at no point did any personal information hit these cards. I know people who work at hotels with slightly more advanced systems, and none of them store any personal information. They just store the room and duration.

I won't say that such cards with personal information don't exist. I will say that they aren't the norm. Let's look at this from a realistic standpoint though:

• If your hotel doesn't allow you to use your card to charge things to your account then you probably have nothing to worry about. Why would they include any personal information if you can't use that card for anything but entry to the building and your room?
• Even if your hotel does allow this, what benefit do they gain from having your information (more than your room) on the card? Obviously the payment system must be hooked into the registry somehow, so why wouldn't they just store the room number/unique id to make the link? Wouldn't it be MORE work for them to link it back if they use your information instead of theirs?
• Let us say that these cards are in a lot of places, why are we worried about them when folios are normally plain text and stored in paper format somewhere on the premises? You don't know what happens to these records. Normally they just get locked in a storage closet for a while until they get thrown out.
• I hope you don't ever buy anything online. I'd venture to guess that it's much more common for poor security practices to be used on billing databases for e-comm than it is for hotels to embed your billing info on your keycard. For that matter, if you have a CC you probably use it all over the place. The receipts are normally poorly handled and not very secure. Point being that your CC information is rarely secure, and that includes places that also get your address.

This seems like much ado about nothing. It's a fairly low risk scenario when compared to all the other ways to get at this information. Who's going to sit around at these hotels and swipe cards looking for embedded information? If they did, don't you think the CC companies would eventually catch onto how it was happening, or at least that it was just a few hotels?

I'd ask how my information was being shared if they said that I could use my keycard to pay for things. If there's nothing like that, I wouldn't worry about it. Depending on the situation, I might keep the card. Normally I just turn it into the clerk, who has access to all the information on it anyway.

If you do keep your card, perhaps you should consider keeping it under your tinfoil hat.

DMCA

[senducemhere]

The fact that he read his own information off of the card has to be a DMCA violation - he should get a lawywer now.

Re:DMCA

[SlayerofGods]

I know your trying to be funny....
But no, this is not a DMCA violation. In fact it's so far from being a violation that it's really not that funny anyway.

Really a big deal?

[DeadSea]

Your credit card contains your name and credit card number on it in an unencrypted form. If your key card does as well, you should treat it like a credit card.

1. It certainly would be nice for the hotel to tell you what they put on the card
2. They should tell you to report your credit card as stolen if you lose your key card.
3. They should securely erase or destroy key cards when you check out

I generally trust the hotel staff with my credit card number, and I generally acknoledge that there is info about me on the magnetic stripes in my wallet. Is this anything to get upset about?

Re:Really a big deal?

[stuckinarut]

You often hear about people that have had their ATM cards wiped by the magnets used to disable the security tags in stores. Many stores have 'Don't place cards here' signs to prevent this. If the hotels had 'Please place keycards here' on a similar magnet when you sign out then that would wipe them and problem solved.

Why a mag wipe out pad is a bad idea

[Frank T. Lofaro Jr.]

And then someone accidently puts their credit card (which you often need to check out) on that pad and it then it gets wiped and then they sue, for inconvenience or embarrassment because they went to dinner and then they found out their card was erased and couldn't pay.

Re:Why a mag wipe out pad is a bad idea

[RLiegh]

There's no reason, however, that the hotel couldn't have a strip like that behind the counter and make it a routine part of check-out for the clerk to use it.

Re:Really a big deal?

[Noksagt]

If a hotel offered to copy my credit card & hand it to my kids or my coworker so they could get into the roomm I'd probably decline. Shared credit card account numbers are often unique. They should similarly have unique numbers on hotel keys.

Yeah, please make it easier to spend money...

[soft_guy]

What the world really needs is the ability for you to buy stuff using your hotel room key. Because it is not easy enough to spend money currently.

If these hotels are putting credit card and other personal info on the room key unencrypted, how else might they be mis-handling your personal information?

This is bad.

Re:Yeah, please make it easier to spend money...

[generic-man]

Ever been to Disney? Their hotel room keys act as charge cards and even theme park tickets. To do the latter, you just go down to the front desk and have them charge the cost of admission for a given day. You can also set limits per card; for example, you can give your kid just enough money to buy a small souvenir at a gift shop. It's brilliant. Leave it to Disney to make it easy for you to spend money.

Re:Yeah, please make it easier to spend money...

[pnice]

They keep a ton of information on those cards I think. I went to Disney World for my honeymoon and we were given 25 of those magical wishes. You could just take your room key to Planet Hollywood, Rain Forest Cafe or any of those places at Downtown Disney and tell them you wanted to use a magical wish for your meal. Then you could get anything on the menu as long as it was one appetizer one main course and one desert, tip was included. We ate surf and turf almost every night.

It would also work if you

Re:Yeah, please make it easier to spend money...

[TykeClone]

That's not really using it as the credit card - that's just using it as a method to bill something to your room - like you can do with a meal at almost any hotel.

Re:Yeah, please make it easier to spend money...

[soft_guy]

Ever been to Disney?

No. And I don't plan to go - ever. I avoid Disney like the plague which means I miss out on a lot of movies. But I can't stand a company that got where they are by using stories in the public domain, then uses their money and power to eliminate the public domain.

Snopes claims this to be false

[Anonymous Coward]

http://www.snopes.com/crime/warnings/hotelkey.asp [snopes.com] Who is right?

Re:Snopes claims this to be false

[InfiniteWisdom]

All snopes claims is that this isn't a widespread phenomenon. Presumably different hotels have different policies, and it's entirely possible the the hotel mentioned here does it while others don't.

Re:Snopes claims this to be false

[fnj]

Snopes says EVERYTHING is false. A big hurricane in New Orleans? False. Insurgency in Iraq? False. World War 2 is over? False. The earth is round? False.

Re:Wrong (Re:Snopes claims this to be false)

[the eric conspiracy]

Right. But now that the security hole has been identified, watch out for exploits.

Re:Wrong (Re:Snopes claims this to be false)

[ifwm]

Why would they want to "exploit" this. Anyone with access to the keycards would also have access to the computers the info is on.

Far easier to simply print it out than to jump through hoops with a card reader.

Re:Wrong (Re:Snopes claims this to be false)

[millennial]

Let's keep reading, shall we? Snopes ACTUALLY says that none of the hotel chains they contacted put sensitive information on the cards. One reader who works at a hotel said that the only thing that goes on there is the room number, the number of nights in the stay, and the number of keys issued.

Sigh...

[JLavezzo]

1. Article is about a hotel that DOES this. Therefore, we're talking about it happening.

2. Snopes article has been revised a few times over the last several years. So, some of the information is older than other parts of the information.

3. "One of the difficulties in dealing with crime-related warnings is trying to distinguish between common occurrences to which the average person is likely to fall victim, and circumstances which are possible but have rarely (or never) played out in real life." from the Snopes article.

4. The Snopes article quotes a security expert who tested 6 cards at a security conference. 3 contained personal information, including one with a credit card number.

My experience at Walt Disney World is that the room key can be used in a credit card swiper and charges the card used to reserve the room. I still have this key card. If I ever get a stripe reader, I'll check.

The point of the Snopes article isn't that you will never find a CC number on a key card. The point is that they are not aware of this as an ACTUAL security threat. There's no reason that can't change in the near future, of course.

I have a card reader ...

[Anonymous Coward]

Let's see what the card says: "Housekeeping Notes: Customer uses excessive amounts of Kleenex on overnight stays ..." HEY!!!

According to every "investigative" news team...

[The Ultimate Fartkno]

...in the country that owns a UV light, I imagine the answer has something to do with semen.

Take your card with you?

[nharmon]

To be safe, the next time you check out of a hotel take your access card with you and shred it when you get home, Wallace advises.

Last summer while vacationing in Kentucky I stayed at a Holiday Inn Express, and had to turn in my cards at check out. Mind you, I don't stay in hotels very often (perhaps a dozen times in my lifetime, and 3 since graduating high school)...but do most hotels allow you to keep the access cards?

Re:Take your card with you?

[Red Flayer]

"but do most hotels allow you to keep the access cards? "

It doesn't matter. Unless you are informed ahead of time for a fee for a lost card, they won't charge you. And if they value your business, they won't give you a hard time about it.

If they don't value your business, then they'll be losing a customer...

Re:Take your card with you?

[binarybum]

hah, I'm picturing a great holiday Inn Express commercial -- a raggady bum looking guy in a ditch with a dirty suit. Another homeless guy comes up to him and asks him if he lost it all in the market, the reply? "no, but I did stay at a holiday inn express last night" pan to some sketchy dude with a card reader sipping champagne in a bathrobe in a holiday inn suite.

In my experience many hotels don't ask for the cards back, but some definitely do, and while they won't hassle you if you say you lost

Necessary data

[bytesmythe]

I wonder how much of that data is necessary for the card to work. Perhaps you could get a magstripe writer, scan the card, and re-write only what needs to be there to get the door to open.

Sidenote:
Fun with cards -- Use a reader/writer to exchange the data on different cards. (E.g., swap your gas station card with a retail store card. It's kind of like paying for fast food with $2 bills.)

Rewrite cards

[JLavezzo]

Do you know of a source for a magnetic strip writer for less than $1,000?

Re:Rewrite cards

[freshman_a]

Yes. Ebay.

Re:Necessary data

[pnice]

I've read something about people doing this when they use a card swipe at a restaurant to get credit card information. They swipe the card with their PDA and a card reader to get the info. After that they use old hotel room keys or whatever magnetic cards they have access to and write the data to it. Then when they want to actually use the card at a gas station (pay at the pump) or wal-mart self checkout lane they pay using a hotel key card with stolen information on it. It works pretty well I guess bec

Re:Necessary data

[pnice]

I read that snopes link that someone posted. Maybe I read it there. The have a writeup about it.

Re:Necessary data

[AeroIllini]

Fun with cards -- Use a reader/writer to exchange the data on different cards. (E.g., swap your gas station card with a retail store card. It's kind of like paying for fast food with $2 bills.)

An interesting social experiment: rewrite your old, expired credit card with the mag information from the new card, and see how many cashiers notice. Better yet, use a card that expired years ago (this experiment will take a little longer to do). Usually, if the authorization goes through on the cash register, the cas

Re:Necessary data

[Otter]

Perhaps you could get a magstripe writer, scan the card, and re-write only what needs to be there to get the door to open.

Oh, that should get your honeymoon off to a rousing start! "Hmmm, padding with zeros didn't work, maybe random data will. Honey, could you go outside and try this one?"

Re:Necessary data

[Fishstick]

Sounds like a good premise for a MythBusters episode.

They had one a while back where the myth was that credit cards could be 'erased' by things like refrigerator magnets and magnetic money clips.

They got a reader/writer, hooked it up to a laptop, programmed a bunch of blank cards and then tested various magnetic sources to see what it took to make the card to lose its information and/or become unreadable/unusable. Not surprisingly, it took a fairly strong field to mess things up.

I could see Jamie and Adam

Remember the security indoors too.

[The-Bus]

Remember to keep valuables in the in-room safe. Lest your buddy's dawn wanderings around Atlantic City lead him and a cheap hooker back to your shared room. Cash in your wallet could prove valuable for any sort of "service upgrades" and I didn't have to lose my keycard to be $60 poorer.

Why do they need that?

[VisceralLogic]

Why do they even have that information on the card in the first place? The card is just to open your door, isn't it? It seems all it should need is some password that the door lock will recognize. It's not like the door charges your credit card, after all.

Information On Card

[Daveznet]

Why would the Hotel need to put straight Credit Card information onto the card? This doesnt make any sense. Why wouldnt they just use some sort of key to tie your swipe card to your account on their system. This way if you DO lose your card and it isn't cancelled in time someone who decides to use it can only use it within the Hotel where it can then easily be tracked.

I call BS...

[Julius X]

I've worked in a number of hotels for the past seven years- and all of them used electronic key systems, either the card type, or an electronic microchip key.

In EVERY case, the key system is a seperate box not tied into the main computer, and only contains your room number, and length of your stay. The device is ONLY a key coder - it does not tie-in to the main network or the hotel's database in any way.

This story is spreading FUD, do we really need more of that going around?

Paranoia?

[-Grover]

Maybe I'm just a skeptic, but I'd really enjoy to see some sort of facts, or even a sentence or two about what sorts of places he actually tested, and what % of them came back with discernable information. The fact that he found it in 3 chains hardly means that things are worth panicing about.

Granted, I've never checked, but I'd find it hard to believe that the large national chains (Marriott, Hilton, Accor, etc.) put your credit card number on your room key, and nobody has made a

Magnetic Money Clip

[Loether]

I have a magnetic Money clip I use. If I put a hotel keycard even in the same pocket it wipes it completely. Whereas my credit card has never been a problem. Hotel cards use a different technology that is more easily wipable than standard credit cards.

Wait he's complaining

[ifwm]

That something he keeps in his wallet with his driver's license and credit cards has his personal info and credit card number on it?

C-R-Y-B-A-B-Y.

People just love to invent stuff to complain about.

Re:Wait he's complaining

[DustyShadow]

No, he's complaining because a lot of hotels tell their guests to RETURN the card to them when they leave. They usually just throw those cards in a pile next on the counter to be used again. A lot of people are starting to realize this. All it takes is for the counter boy to walk away and bam, I've got my hands on a hundred valid credit card #s with their billing addresses. Cha-ching.

Re:Wait he's complaining

[ifwm]

"No, he's complaining because a lot of hotels tell their guests to RETURN the card to them when they leave."

Really? Name some, then tell me why you can't insist they destroy the cards, or destroy them yourselves.

I've traveled a lot, and NEVER returned the card. Not once. I have also NEVER been told to return the cards. YMMV.

No, I was right, he's making up crap to complain about.

Re:Wait he's complaining

[DustyShadow]

Over the last 3 years I have traveled a lot as well and I have had several hotels tell me to return the keys. I can't remember which ones they were but I never have returned it. I've never worked at a hotel so I can't prove to you that they do use it again but why else would they ask for the keys back? Either way, you and I are not the problem because we are aware that the cards may have personal info on them. The problem is that most people are not so they will be careless with their keys, leaving them any

Re:Wait he's complaining

[ifwm]

"I can't remember which ones they were but I never have returned it." And there's the point. The rest doesn't matter.

Re:Wait he's complaining

[east coast]

That something he keeps in his wallet with his driver's license and credit cards has his personal info and credit card number on it?

While your point is well taken I do have to add a bit in his defense; If this story is true remember that not all people carry this card in their wallet. Infact I don't when I travel. I keep it seperate for the convience of quick access to the card when I go back to my room. With this in mind think about the situation if you lose the card; not knowing that it contains such pe

Urban Legend?

[nonsense28sal]

I have to admit, I'm a little suspicious. I've heard this story [snopes.com] before and it was labeled false. Add to the situation that the author "declined to name specific hotels" and it only adds to my doubts. Why not name names???

Better idea!

[czarangelus]

Instead of using a hotel keycard, they should code the lock to allow you to open your door with your own credit card. That's something you're far more likely to take good care of, and then you don't have to worry about duplicates of that information floating around.

Why put the info on at all?

[frdmfghtr]

I don't see the point in putting all that information on the card in the first place. All the card has to do is match the embedded code with the code the door is programmed to accept. Why bother with anything else?

A metal key doesn't need all that extra information, and is somewhat harder to duplicate. By that I mean all you need is a card reader/writer and a blank card. The card doesn't need to be a specific shape, they are all pretty generic, aren't they? A metal key in comparison is secured not onl

Re:Why put the info on at all?

[Requiem Aristos]

If you lose a metal key you'll have to re-key the lock to prevent the "finder" from getting inside. It's also harder to make an instant replacement for the customer.

With the keycards, you can simply change the door code and generate fresh cards. I agree though, putting anything other than a pointer or key value on the card is just asking for trouble.

A metal key will take more time to duplicate, but if you know what style of blanks (this determines the "side grooves") the hotel uses and have the equipment

Dupe

[aggieben]

This is a dupe. A pretty old one too.

I know it's too much to expect /. readers to search the old stuff to make sure they're not posting something already discussed, but is this also something the editors aren't willing to do?

Obviously: outlaw card readers!

[dpbsmith]

...What right does the lay public have to know what information is on their own magnetic stripes? It just causes trouble! Now all the bad guys will know about these hotel-card stripes.

----> Note: IRONY ----

This looks like a hoax

[Matt Perry]

This looks like a hoax accroding to snopes: http://www.snopes.com/crime/warnings/hotelkey.asp [snopes.com]

Re:This looks like a hoax

[RapmasterT]

you just beat me to that point. This same story was going around as a chain letter a year or so ago.

I suspect this guy was trying to impress the author with his technical skills by repeating some story that showed up in his inbox.

Urban myth?

[RapmasterT]

this article reads almost word for word like an urban myth email chain letter that went around a while back, it sounds like this guy is just repeating it and putting himself in the story.

Sure it's possible to put any kind of data you want on a magnetic strip, but you might as well worry the hotel is printing your PII data on sheets of paper and tossing them out the back windows. What possibly reason would they have to put info like that on the keycard??

I'm not buying this story, not even a little.

New TV Drama Hook

[geomon]

I'm sure it is just a matter of time before this plot angle shows up in an episode of Law and Order. Other urban myths have been incorporated into that series in past scripts (i.e., kidney harvesting).

Thanks for the FALSE INFORMATION /.

[greymond]

Thanks you made me laugh with this article.
http://www.snopes.com/crime/warnings/hotelkey.asp [snopes.com]

The key cards at hotels don't hold anything but the room number and number of nights it needs to work.

Hay since I can check out in the mornings using the television does that mean the TV holds all my CC info too?

Read up and use some common sense before posting an article. kthx bye.

Re:Thanks for the FALSE INFORMATION /.

[Khyber]

False information, nothing.

Having just called my buddy who's a manager at the Hampton Inn nearby, he told me "Yes, we do put all that info onto the card. It serves as a way to track the person who owns it, where it's been used in attempts to access areas, and as validation that the room is still open and the card is still valid to our computer systems. It also tells us when the card is used for entry, and allows us to contact the person if they're in the room."

So false information? For some hotels, possibly

Tin foil hat time

[smallguy78]

Yes, I keep my hotel cards after I've checked out and destroy them in a vat of acid, burning the acid vat afterwards, then burrying the chard remains in 9 foot hole to be safe.

Usage

[genetik]

"What's On Your Hotel Keycard"

My hotel keycard has the little logo graphic of the hotel on the front of it and a memory storage device on the back. There's also a small mustard stain on it. What kind of data is stored within the memory on the card is an entirely different thing.

To quote George Carlin:

"About this time, they'll be telling you, 'Get on the plane. Get on the plane.' Well I say fuck you, I'm getting IN the plane. Let Evel Knievel get ON the plane. I'll be inside with the folks in uniform."

This is FALSE

[bad_outlook]

They passed this around work last week, can't believe ppl are buying this:
http://www.snopes.com/crime/warnings/hotelkey.asp [snopes.com]

This "news" is bogus

[janoc]

An internet myth: Snopes [snopes.com]

Think about this logically;

[Thumper_SVX]

Really. Despite the fact that this has already been identified as a probable urban legend by Snopes, I ask everyone on this site to think of this like an engineer.

Think about this. You're designing an electronic key-card system for a hotel. In order to do this you have to deal with lobby-monkeys who only occasionally swipe the card correctly through the machine when the customer's checking in. These cards are going to get shoved in pockets, scratched and generally abused.

Now, as an engineer are you going to create a solution that (a) writes to the magnetic strip for every person who checks into the hotel, running the risk that the card runs through skewed or otherwise renders the information unusable, or (b) are you going to assign each card a unique ID number similar to a credit card number that's permanently printed on the card repeatedly across the magnetic strip.

Talk amongst yourselves, but think about the fact that a mag-stripe WRITER costs more than a mag-stripe READER. If you control the locks from a central computer which only has to recognize that card (a) opens door (z), then how are you going to engineer that system for optimum efficiency and lowest cost?

While I don't doubt some droid might consider it a nice idea to have all the customer's info on the card, it doesn't make an awful lot of sense from an engineering perspective now, does it?

And yes, I've worked on hotel key card systems, and no I've never seen one that writes the cards in any way shape or form on check in.

URBAN MYTH ALERT

[Thurmont]

Here are sites detailing this myth...

http://www.truthorfiction.com/rumors/k/keycards.ht m [truthorfiction.com]
http://www.breakthechain.org/exclusives/keycards.h tml [breakthechain.org]
http://www.trendmicro.com/vinfo/hoaxes/hoaxDetails .asp?HName=Hotel+Key+Card+Hoax&Page=4 [trendmicro.com]

I'm surprised this one passed thru Slashdot's editorial staff.

Re:What's the problem ?

[Spy der Mann]

Yes, but you carry your creditcard with you, if you lose it you usally report it stolen. But what will happen if your hotel keycard gets lost?

Re:Walt Disney World

[BlueOtto]

I'd love to see what kind of data is on one of those.

It could just be a single number stored on those cards... linked to their massive visitor database linked every where at Disney.

Re:Walt Disney World

[CoffeeJedi]

yeah, you're right.

i suppose what i'd like to see is the actual database that keeps track of the whole shebang, perhaps graphically represented like Roller Coaster Tycoon as each guest moves from place to place (provided that they buy stuff with it of course)

Re:Walt Disney World

[Hans Lehmann]

They don't need to put any information on the card other than a random number that's different than all other Disney card keys. The card readers in the fast-pass machines, at the store cashiers counter, etc., are networked back to the database that contains the real information, like whether or not you've already gotten a fast-pass ticket for this ride.

Re:Walt Disney World

[CoffeeJedi]

article was slashdotted before i could get to it

it makes more sense that that card would only have your unique ID on it. the system would just edit your entry in the database showing what park you're in and whether or not you have a FastPass at the moment

$1.50 card reader

[Anonymous Coward]

you can get one from all electronics corp for 1.50 yes one dollar and FIF-tee cents all electronics reader [allelectronics.com] then use stripesnoop (.sf.net) and you can figureout how to hook them up to a gameport/whatever on their forum check their forum [sourceforge.net]

Re:bought a $39 card reader at a local retail stor

[justforaday]

They seem to be more than $39... [google.com]

Re:bought a $39 card reader at a local retail stor

[sholden]

Your local retail store, obviously.

Or use a damn search engine: http://froogle.google.com/froogle?q=magnetic+strip e+card+reader&scoring=p [google.com]