It's Just the Key to Your Room
Computerworld surveys 100 hotel card keys to explode an urban myth.
Computerworld - Warning: Hotel card keys may contain personally identifiable data on the magnetic stripe. Is it factor fiction?
"It's an urban legend. It doesn't work," says Joe McInerney, president of the American Hotel and Lodging Association (AHLA). Nonetheless, unsubstantiated reports keep surfacing every six months or so, he acknowledges.
For example, last fall, an IT director at a travel club in Wyomissing, Pa., told Computerworld that he had found personal information on magnetic hotel key cards when visiting three major hotel chains. The IT professional said he read the cards using a commonly available ISO-standard swipe-card reader that plugs into any USB port. At one resort, he said, his card key contained credit card information, his address and his name. He said the hotel expressed surprise when he showed it the results. His comments, which appeared in a Computerworld blog in September , created a furor. He subsequently declined to comment for this story.
As part of a Computerworld investigation into the allegations, reporters and other staff members who traveled last fall brought back 52 hotel card keys over a six-week period. The cards came from a wide range of hotels and resorts, from Motel 6 to Hyatt Regency and Disney World. We scanned them using an ISO-standard card reader from MagTek Inc. in Carson, Calif.the type anyone could buy online.
We then sent the cards to Terry Benson, engineering group leader at MagTek, for a more in-depth examination using specialized equipment. MagTek also gathered cards from its own staff. In all, 100 cards were tested.
Most cards were completely unreadable with an off-the-shelf card reader. Neither Benson nor Computerworld found any personally identifiable information on them. Based on these results, we think it's unlikely that hotel guests in the U.S. will find any personal information on their hotel card keys. There is, however, some debate among industry experts over whether some older systems could have been configured to store personal information under specific scenarios.
To understand why personal information is unlikely to appear on hotel card keys, you must first understand how the technology works. Electronic locks that use magnetic cards were developed to address petty-theft problems associated with traditional keys. "Those problems have virtually gone away," says Brian Garavuso, CIO at Hilton Grand Vacations Co. in Orlando and chairman of the AHLA's technology committee. Most keys contain only a room number, a departure date and a "folio," or guest account codealthough other data may be stored on them as well.
The door locks, which are stand-alone, battery-powered devices, each contain a sequence of lock codes. The
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts