Email: Hotel Key Cards Encoded with Personal Info
Netlore Archive: Email rumor claims hotel and motel key cards are routinely encoded with customers' personal information, resulting in identity theft by employees.
Description: Email rumor
Circulating since: Oct. 2003
Email text contributed by Eric, Oct. 14, 2003:
For those who travel, or those special ones who use the room for a few hours!
Southern California law enforcement professionals assigned to detect new threats to personal security issues, recently discovered what type of information is embedded in the credit card type hotel room keys used throughout the industry.
Although room keys differ from hotel to hotel, a key obtained from the a major hotel chain that was being used for a regional Identity Theft Presentation was found to contain the following the information:
· Customers (your) name
When you turn them in to the front desk your personal information is there for any employee to access by simply scanning the card in the hotel scanner. An employee can take a hand full of cards home and using a scanning device, access the information onto a laptop computer and go shopping at your expense.
Simply put, hotels do not erase these cards until an employee issues the card to the next hotel guest. It is usually kept in a drawer at the front desk with YOUR INFORMATION ON IT!!!!
The bottom line is, keep the cards or destroy them! NEVER leave them behind and NEVER turn them in to the front desk when you check out of a room. They will not charge you for the card.
Analysis: "That's just a nasty rumor," says Kathy Shepard, vice president in charge of corporate communications for Hilton Hotels Corporation, which owns and operates the Doubletree Hotel chain. "Our key cards are encrypted with minimal information -- the guest's name, room number and arrival and departure dates -- and encrypted in such a way that they can't be read by ordinary card readers."
According to Shepard, whom I interviewed on October 20, 2003, the rumor stemmed from an actual incident in 1999 in which a southern California police officer claimed that personal information had been easily extracted from a key card procured at a franchisee-owned Doubletree hotel. In later attempts officers were unable to reproduce that result, however, and the original claim has since been retracted, Shepard says.
Detective Sergeant Kathryn Jorge of Pasadena, who authored the above email alert, offers a slightly different version of events but agrees on the essential detail that the key card systems currently used by Doubletree and other major hotel chains pose no such security threat to guests.
"In years past," she said in a statement quoted by the news Website Bend.com, "existing software would prompt the user (employee) for information input. If the employee was unaware of hotel policy dictating that such information NOT be entered, it could have ended up on the card in error. Since this subject came up, experiments on newer cards have failed to duplicate the problem. It appears that the problem is not as widespread as it used to be in the larger chain hotels."
That said, it's worth noting that law enforcement officials still warn that lost or stolen hotel keys can be put to ill use by identity thieves in another way - namely, re-encoding them with stolen personal information and using them to mimic ATM or credit cards for unauthorized purchases and withdrawals. Prudence therefore dictates returning key cards to the hotel registration desk upon checking out or destroying them to prevent their falling into the wrong hands.
Update: Official statement from the City of Pasadena.
Share This Article
Sources and further reading:
Hotel Cards: Holding ID Key?
LA Times, 7 May 2006
It's Just the Key to Your Room
Computerworld, 16 January 2006
The Embattled Swipe-Card Hotel Key
NY Times, 8 November 2005
Debunking the Key Card Myth
USA Today, 5 November 2003
Last updated: 06/22/10