Hotel Keys

[Angus]

Just received this on our intranet. Thought it may be of interest/use to any travellers out there.

Subject: Hotel room keys - warning

With thanks to COMUSNAVEUR Security Staff for the warning, you are advised that hotel room keys that look like a credit card may contain personal information, including

* Customers (your) name
* Customers partial home address
* Hotel room number
* Check in date and check out date
* Customers (your) credit card number and expiration date.
* and in Europe, passport numbers are also frequently recorded onto the cards.

When you turn them in to the front desk your personal information is there for any employee to access by simply scanning the card in the hotel scanner. An employee can take a handfull of cards home and using a readily available scanning device, access the information onto a laptop computer and go shopping at your expense. Simply put, hotels do not erase these cards until an employee issues the card to the next hotel guest. It is usually kept in a drawer at the front desk with YOUR INFORMATION ON IT!!!!

You should always destroy the card. NEVER leave it behind in the room and NEVER turn them in to the front desk when you check out of a room. The hotel should not charge you for the card.

[5lab]

i would *guess* this is bs. i'm pretty sure they just contain the access 'code' to your door, and nowt else.

[Angus]

It's come from a fairly reliable source. So I'd take some notice.

[Tumble]

any way of wiping them yourself.... ie go down to HMV and swipe it over the jobby that deactivates the security tags?

[5lab]

snap it in half or stick it on a cheap telly maybe?

can magnetic strips actually be programmed reliably? i've just thought that maybe the card remains the same and just the doorlock is changed. i know for sure they didnt change anything on my spare card when i needed one for the travelodge i stayed in for a night or 2..

[Agent]

Originally Posted by 5lab

i would *guess* this is bs. i'm pretty sure they just contain the access 'code' to your door, and nowt else.

I would tend to agree.
I cant see them storing such personal information on a card, especialy when it can be stole so easily. I doubt this also follows the outlines of the data protection act.
There is simply no *need* for those details to be stored on the card, so i cant see why they would.

[Rythmic]

All the hotels I've stayed in have used a seperate system for writing to the cards from the reservation system, so it's hard to see how they would store this.

Besides - isn't the amount of data you can store in these cards really small? I can't even see how they'd find room for all that.

[RVF500]

As a frequent traveller I've found it's not uncommon for credit card fraud to be done by hotel staff. I personally haven't suffered yet but a number of my work colleagues have. One being from the Wyndham El San Juan hotel in Puerto Rico, so we're not talking low end establishments only here. A staff member took his AmEx black details for a meal. Good job the miscreant didn't realise just how powerful a spending tool he had the details of!

Though taking information from a smart card would be unlikely I would think. Hotel employees have ready access to a multitude of credit card information when you check in/out or reserve rooms. Resorting to a smart card simply isn't neccesary. They can take your number, security number, personal details etc. Straight from their own systems. Also every key card hotel I've ever been in always refers to their central system to check me in and out, I've never seen anyone swipe my key card for details.

Though if this source is reliable then it simply means that you should be particularly careful of losing a key card as opposed to just handing it back to the hotel.

[Paul Adams]

I would also question the validity of this information - as far as I understand it, the cards themselves have no relationship with specific rooms or clients, they just have their unique ID.

On reserving a room and checking in, a card is associated with a room on the system, so the system knows which door(s) it can open legitimately on which date(s).

To design a system where the card dictates what its permitted functions are would be insane (I'm not saying that noone has considered it though ).

Thus if a card was stolen/lost then there should be no indication of who it belongs to or which room it opens, and the hotel don't need to be concerned about potential security implications of lost, damaged or non-returned cards.

Almost 100% certain this is how, for example, Travel Lodge work their system.


Edited to clear up ambiguous use of the word "it".

[Angus]

OK, google searches (should have done this before posting)

Now unsure of the issue - this one; http://www.trendmicro.com/vinfo/hoax...+Key+Card+Hoax says that it's a hoax.

This one says that it's possible but the information is normally an index to reference the data in the hotel's database; http://www.interesting-people.org/ar.../msg00221.html

Just goes to show - don't believe everything the government/internet tells you.

[5lab]

i got a hoax thru the other day - deleted it but it was similar to this..

Subject: Be careful!

This is sick. Please pass on to those you know who go to the movies.

***************************
Subject: Movie Theatre Alert

I'd like to share this note that was sent to co-workers in my sisters office. It happened to one of her friends and it can happen to anyone of us. If you must go to the movies, please, please check. One of the safest way is not by sticking your hands between the seats, but at least, move the seat part up and down a few times and really look. A lot of us just plop down into the seats...

INCIDENT AT THE MOVIE THEATRE

Please check your chairs when going to the movie theatres. An incident occured when a friend's co-worker went to sit in a chair and something was poking her. She then got up and found that it was a needle with a little note at the end. It said "Welcome to the real world, you're HIV Positive."

Doctors tested the needle and it was HIV+. We don't know which theatre this happened at, but it happened here in Hawaii. Be cautious when going to the movies.

i swear some people believe anything. i never trust any info forwarded to me. full stop.

[Kezzer]

iirc, the reason why they send these e-mails is to gain peoples e-mail addresses to forward spam to. When you forward an e-mail like that everyone else's e-mail address from who previously recieved and sent it is in the header, this way it eventually gets around to people and gives out everyone's e-mail address to become subject to spam

[petrefax]

Originally Posted by 5lab

can magnetic strips actually be programmed reliably? ..

in answer to this, yes they can (although i don't know how) - where i work we often deal with fraudulent cards which have been retained by petrol pumps which accept "payment at pump"....ie: you put your card in, fill up with petrol & your card is automatically debited by the pump

occasionally we get what look like mobile phone top-up cards or store loyalty cards where the magnetic strip has been reprogrammed to read like a credit card.

as for whether hotels keep this amount of info on their door cards, i personally doubt it.....but i will be digging around my suitcases tonight to see if i have one to take to work & run through the card reader to see exactly whats on it!!