Campus ID News
Card, mobile credential, payment and security
FEATURED
PARTNERS

The urban legend phenomenon strikes our card-based dorm and hotel keys

CampusIDNews Staff   ||   Nov 01, 2003  ||   ,

In the past weeks, an email warning has been circulating describing alleged identity thefts occurring from information stored on hotel key cards. The warning claims that personal information stored on room keys can, if discarded improperly, enable a criminal to access your credit card number and use it for unauthorized charges. This is absolutely not true and is merely an “urban legend” spread via well meaning members of the Internet community.

Likely, you have received some version of the message. In an informal poll of CR80News staff members and contributors, we found that nearly every one had received the message at least once–one person reporting more than 15 occurrences.

Campuses have expressed concern regarding this reported threat as well because the same or a variation of the hotel style door locking systems are widely used for securing dormitory rooms and other campus facilities around the country. Let’s get to the facts.

To learn just what information is stored on the hotel keys and in the key creation system, CR80News spoke with Henry Fell, Technical Services Manager for Persona, a leader in the manufacture of these offline electronic locking systems. “This email warning is absolutely untrue–for our system and every other manufacturer’s system that we are aware of,” stresses Mr. Fell. “We store a numeric data string that tells the lock whether to accept or deny entry for that card. It is not based on any personally identifiable data.”

When pressed to find if there is any truth, any ‘under the covers’ type of data that might have led to this concern, again Mr. Fell is firm. It seems that the only part of the warning that has any substance is that some manufacturers use the date of checkout as a component in the numeric string stored on the card. Say Mr. Fell, “it is sometimes used to create the numeric code that tells the lock when to stop accepting a given card.”

Obviously, an unknown person’s checkout date would hardly facilitate an identity theft. Further, in cases where the checkout date is used as a part of the code, it is only one part of the equation and the resultant code is encrypted. Says Mr. Fell, “every company encrypts the data string. There may be a date or even a lock number involved but it is never a free read.” Thus, if someone were to read the card in a magnetic stripe reader, they would see only a meaningless string of characters and symbols.

Flashing back to the basics of magnetic stripe technology, remember that the key to most bankcard, campus card, and other card systems is standardization. By agreeing on a standardized character set, different cards can be read in different systems. But in the case of offline door locking systems, the goal is not standardization but rather security. Manufacturers don’t want their cards to be read in different systems. So the use of the standardized schemes
for encoding data onto cards is not required–or even desired. When a card is read via a standard magnetic stripe reader, the resulting string of zeros and ones (bits) do not necessarily even form recognizable alphanumeric characters.

Obviously, there is no security breach or cause for concern. There is no personal information tied to the checkout date and thus no problems with the card. Speaking on behalf of the industry, Mr. Fell confirms that he knows not a single provider of these systems that stores name, bankcard, or other personally identifiable data on the card.

Calls to several other manufacturers of this technology echo Mr. Fell’s comments. It seems that this is simply a rumor. Like the long-standing myth that the electric properties contained in eelskin wallets can damage magnetic stripe cards, the ‘hotel key identity theft myth’ can be added to the list of ID technology urban legends.


Sample of the ‘urban legend’ email
* Note: this message is inaccurate and presented only for background purposes. **

Southern California law enforcement professionals assigned to detect new threats to personal security issues, recently discovered what type of information is embedded in the credit card type hotel room keys used through-out the industry.

Although room keys differ from hotel to hotel, a key obtained from (a hotel) that was being used for a regional Identity Theft Presentation was found to contain the following the information: Customer name; Home address; Hotel room number; Check in/out dates; Credit card number and expiration date.

When you turn them in to the front desk your personal information is there for any employee to access by simply scanning the card in the hotel scanner. An employee can take a hand full of cards home and using a scanning device, access the information onto a laptop computer and go shopping at your expense.

Simply put, hotels do not erase these cards until an employee issues the card to the next hotel guest. It is usually kept in a drawer at the front desk with YOUR INFORMATION ON IT!!!! The bottom line is, keep the cards or destroy them! NEVER leave them behind and NEVER turn them in to the front desk when you check out of a room. They will not charge you for the card.


Special thanks go to Henry Fell and Persona for their assistance in the compilation of this article. Persona provides offline access control to the educational, corporate, and other markets, based on the Vingcard hotel locking system. Mr. Fell can be reached via email at [email protected].

Related Posts

|| TAGS:
Subscribe to our weekly newsletter

RECENT ARTICLES

USF ID card back
Mar 28, 24 /

Caveat emptor when adding contact numbers to campus cards

The back of University of South Florida’s ID card provides several phone numbers for students in crisis or seeking safety services. Many campus cards contain similar resources, but what happens when this information changes. How do you deal with incorrect contact info for essential services? The USF card prominently lists contact numbers for the victim […]
High school bathroom

Bathroom breaks tracked by campus ID and mobile app

At California’s Fresno High, a new app is authorizing and monitoring trips to the bathroom in an effort to increase students’ time in class and decrease gathering in halls and bathrooms. Of course, this has not gone over well with students. Raising your hand and asking the teacher if you can go to the bathroom […]
Atrium Ozzi container

Atrium clients track check-out and return of reusable containers at OZZI kiosks

The push to reduce or even eliminate single-use containers from campus dining is now easier for Atrium clients. Thanks to a seamless integration between Atrium and the OZZI reusable container program, the processes for both students and dining services is streamlined. Atrium clients have been using OZZI for years, but the two systems were independent. […]
CIDN logo reversed
The only publication dedicated to the use of campus cards, mobile credentials, identity and security technology in the education market. CampusIDNews – formerly CR80News – has served more than 6,500 subscribers for more than two decades.
Twitter

Feb. 1 webinar explores how mobile ordering enhanced campus life, increased sales at UVA and Central Washington @Grubhub @CBORD

Join Jeff Koziol and Robert Gaulden from @AllegionUS as we explore how mobile credentials and proptech are changing on- and off-campus housing.

Load More...
Contact
CampusIDNews is published by AVISIAN Publishing
315 E. Georgia St.
Tallahassee, FL 32301
www.AVISIAN.com[email protected]
Use our contact form to submit tips, corrections, or questions to our team.
©2024 CampusIDNews. All rights reserved.