Shark Bait

Knowledge Centers

Operating Systems

Networking & Internet

Mobile & Wireless

Security

Storage

Business Intelligence

Servers & Data Center

Computerworld Reports

Industry

See your link here

Robert L. Mitchell

Reality Check

Hotel swipe-card keys: An endangered species?

5 comments

IT TOPICS:Hardware, Mobile & Wireless, Security

According to a story in today's New York Times by travel columnist Chrisopher Elliot, the magnetic card keys used by hotels may be on the way out. In The Embattled Hotel Swipe-Card Hotel Key, Elliot says that rumors about personal data being stored on the magnetic stripes on the back of hotel card keys persist and that "the hotel business is quietly looking for alternatives to make sure the fears don't spread." Technologies under consideration include fingerprint readers, smart cards and proximity cards.

Elliott also cites my blog entry in which a source cited three instances when personal data was stored on his hotel card keys (see Swipe here to steal ID, and the follow up entries Bring your swiper and Hotel reader facts and fiction).

In his story, Elliott quotes me as saying "But what is the truth? We intend to find out." Readers might wonder what I meant by that.

While I am sure that most major hotel chains that directly own their own properties would never be so sloppy as to allow customer data to be encoded on hotel card keys, it is also possible to envision some situations where hotel card keys might contain personal data. The only way to find out for sure is to examine real cards. With the help of the Computerworld staff I am currently gathering hotel key cards, logging them and scanning them for data. I am also passing those cards by an expert who will also do a second scan to see if indeed any data resides on them. When I have enough data to say something substantive I'll post it here.

Note: For the purposes of this experiment I cannot accept cards from parties outside of Computerworld.

Email this

Digg this

What People Are Saying

Add new comment

Are those rumors started by

Submitted by Borge Christophersen on November 16, 2005 - 10:10 P.M.

Are those rumors started by someone out to hurt the hotels or the lock system manufacturer ore are they equipt with an oweractive imanigination and a total lack commen sens.

Report this comment

We provide the ideal

Submitted by Paul Frenette on November 16, 2005 - 2:16 P.M.

We provide the ideal solution to this that allows complete secrecy of guest data and yet allows high security for hotel doors and access control. My company deploys iButton technology that bridges the need for privacy of information and yet allows access if/when required. Magstripe is on the way out, too easy to lose, corrupt, read and write.

Report this comment

Surely everything is already

Submitted by Jim S. on November 16, 2005 - 2:09 P.M.

Surely everything is already covered here:
http://www.snopes.com/crime/warnings/hotelkey.asp

Report this comment

JMAC makes a good point.

Submitted by Robert L. Mitchell on November 10, 2005 - 11:57 A.M.

JMAC makes a good point. Ideally the identifier on the card key's magnetic stripe is an abstract one that is meaningless unless it can be associated with data in the back-end systems. A fingerprint reader is much more personal. I would invite JMAC or anyone in the hotel industry who wants to talk about these issues to drop me an e-mail.

Report this comment

I have worked in the hotel

Submitted by JMac on November 9, 2005 - 8:58 A.M.

I have worked in the hotel industry for a long time and have spent the past decade in the IT department for a small national chain. I can't imagine the purpose of having any personal guest data on the card key. Although some chains I guess, could include a guests fequent stay number for some purpose. The only data we pass to any of our cards is the information needed for the lock to know the key is valid for a given room along with at what date and time it should prevent it's use. At a few properties a data bit to indicate parking is validated.

As to alternatives. We here in the USA enjoy our freedom and as a part of that, many demand complete privacy. Any lock system that would be ultimatly secure would need to use private information. Retna, finger print, or possibly DNA down the road. That would then mean that a hotel company would have acess to far more information on it's guests than the demographics and credit card numbers we have now.

So what of the guest that wants to protect their privacy and to do so pays by cash now. Carry an extra finger with them???

Report this comment

iPhone 3Gs jailbreak jeopardy: Apple pwns Dev-Team's 24kpwn

How reliable is YOUR wireless network?

Think you own your Kindle books?

Analyst advises caution over Windows 7 demand estimate

LIVE Nov 10, 2009 12:00 PM ET

Architecting Business Intelligence Applications for Change: The Open Solution

LIVE Nov 12, 2009 02:00 PM ET

Faster, Cheaper and Easier to Maintain
Can you afford not to upgrade your servers to today's advanced, energy-efficient technologies?

Top to Bottom Performance Management Excellence at the City of Chicago
View now.

Do more with less thru Netcool?
Learn how IBM Tivoli® Netcool® solutions can help service providers streamline their operations, improve responsiveness and reduce costs.

Effectively Implementing Datacenter Automation
Effectively select and deploy the best datacenter automation solution today!

IDC report: Profitability and OSS Support: A Return on Investment Analysis of IBM Tivoli Netcool
IDC studied 14 mobile and fixed-line service providers that implemented Tivoli® Netcool® and found that IBM Tivoli Netcool can help in big ways.

Aligning IT to Business: The Rising Importance of Application Delivery Networks
Application Delivery Networking (ADN) will play a vital role in helping enterprises incorporate strategic technologies to achieve business initiatives.

All White Papers | All Webcasts