If Peter Wallace’s recent experience with hotel access cards is an indicator, leaving your electronic hotel room key behind when you check out could leave you open to identity theft. Wallace, IT director at AAA Reading-Berks in Wyomissing, Penn. has been bringing a card reader with him on business trips to see what's on the magnetic strips of his hotel room access cards. To his dismay, a surprising number have contained his name and credit card information - and in unencrypted form.
What’s scary is how easy it is for even a novice to steal this information. He says he bought a $39 card reader at a local retail store and plugged it into his laptop's USB port. Now when he scans a card, the device inputs the data directly into an open Excel or Word document.
I asked Wallace how often he finds his personal data on the cards. “Certain chains have that information [on their cards]. I’ve noticed it on three different chains,” he says. While he declined to name specific hotels, he says the most recent incident occurred in June at a resort. In that hotel the magnetic strip yielded his credit card information, street address and full name.
Wallace adds that not all hotels are a problem. For example, a scan of a card at a Disney resort came up with a series of garbled numbers and letters. “It looks like just junk on the card. But it ties back that information to their computer systems,” he says.
To be safe, the next time you check out of a hotel take your access card with you and shred it when you get home, Wallace advises. He admits to even having considered taking a shredder with him on some trips. “The thought has crossed my mind. I’m a paranoid S.O.B. because I know the tricks that are out there,” he says.
Follow-up post: Hotel card reader facts and fiction
Follow-up post: Summary of 'Net responses in today's IT Blogwatch