Comments on: Do Hotel Key Cards Contain Personal Info?

By: Hotel cards | Premiervirtual

Hotel cards | Premiervirtual — Mon, 03 Sep 2012 06:00:07 +0000

[...] Do Hotel Key Cards Contain Personal Info? « Broken SecretsFeb 18, 2012 … By Chad Upton | Editor I’ve been saving hotel key cards for years because I want to see exactly what is on them. Years ago, somebody told me … [...]

By: tori

tori — Tue, 05 Jun 2012 07:49:44 +0000

i have been an auditor at a hotel for 2 years and no they do not contain the info. . They include as for the numbers . . Number of nights. . Expiration. . Guest number on file and property id number for the location the key should be returned to as well as how many occupants are in the room

By: Unknown person is using my points for a poor value stay - Page 4 - FlyerTalk Forums

Tue, 29 May 2012 13:45:01 +0000

[...] a rumor, not fact. Not everything googled is current but this 2012 article makes sense…. http://brokensecrets.com/2012/02/18/…personal-info/ …..maybe a problem for old card access systems at one time and rumors are still around because [...]

By: Bill Fane

Bill Fane — Sat, 05 May 2012 06:49:51 +0000

My Credentials:
For 27 years I was a product engineer and then Product Engineering Manager for Weiser Lock at their Burnaby plant. I helped to develop the first card-reader hotel lock system. Check out US patent # 4,663,687.
The Myth:
Hotel key cards contain your name, address, credit card info, etc.
The Truth:
This is pure fiction. There is absolutely no need for a hotel card to contain any of your personal or credit card information. What the card does contain is:
1. A “blind” hotel property code, issued by the lock company, so a given card will only work in the one hotel. Note that this is not the name of the hotel as human-readable text.
2. A “blind” lock number code. This is not the room number, because locks sometimes get moved from room to room for maintenance purposes.
3. Your access code.
4. The access code of the next guest who will be using the room after you.
5. Your check-out date, in a “blind” code.
Here is a highly-simplified explanation of how the system works:
Each lock contains two memory locations, and the front-desk computer contains two memory locations for each room. When you check in, the computer:
1. Takes the access code from its memory location B and writes it to your card in position A.
2. It takes your code from computer memory B and moves it to memory A.
3. It generates a new code for the guest who will follow you and stores it in memory B.
4. It writes the new code to position B on your card.
5. It writes the check-out date to your card.
When you arrive at your room and use your card for the first time, the lock:
1. Checks that you are in the correct hotel and at the correct room and that it is not past your check-out date.
2. It reads the code from position A and compares that to the code stored in its memory A. It doesn’t get a match, but before it rejects you it checks against its memory B.
3. Finding a match in memory B, it moves your code to memory A and places the code from your card position B in its memory B. The card for the guest before you will never work again unless it is re-coded for a later guest.
From now until you check out, your card position A matches its memory A so it lets you in and the lock is ready to welcome guest B.
Note that there are no wires or radio connections between your lock and the front desk computer. Your card carries the required re-keying information, so each room lock remains synchronized with the front-desk computer.
The computer and the locks also contain additional memory pairs for Housekeeping and Management codes, and the front desk computer can generate one-time-only cards for Maintenance personnel to use.
The locks also typically contain a record of the last dozen or so different cards that were used to enter the room. For example, if a usage sequence went something like Housekeeping – You – You – You – You – Housekeeping – Housekeeping – You – You – Maintenance – You – You then this would be recorded as Housekeeping – You – Housekeeping – You – Maintenance – You.
Yes, some hotels can use your room key to charge things to your account, but they don’t need any personal information on the card to do this. The card readers at the point of purchase are hard-wired back to the front desk computer so the charges can be tallied “instantly”. The sales person may ask your name for confirmation, but that came back from the main computer and not off your card.

By: Goliath

Goliath — Tue, 13 Mar 2012 15:24:08 +0000

I have around 100 room cards collected over the past year, only because it’s nice to look at them and get back the memories of my travelings around the world.

By: Leah

Leah — Sat, 25 Feb 2012 19:00:48 +0000

I work at a mid-level hotel, and you are exactly right in your analysis here! We do not keep any personal information on the card, except for the room number and checkout date/time. I do not know of any hotels in our range that keep any sort of credit card data on the hotel keys at all.

By: Chad Upton

Chad Upton — Fri, 24 Feb 2012 05:08:36 +0000

Thanks for visiting Wendy!

By: Wendy

Wendy — Tue, 21 Feb 2012 05:45:04 +0000

Thank you for all your time and extremely helpful information:)

By: Denis McKeon

Denis McKeon — Mon, 20 Feb 2012 06:42:11 +0000

I seem to recall that police found a guy who programmed a card
writing device to write stolen credit card data to some old hotel
cards he had collected for the purpose.

The apparent rationale was that he could use the hotel cards in
unattended swipe devices (gas pumps & similar), without carrying
cards that were visibly odd – multiple names, multiple instances of
a similar card type, or multiple blank (white, or no-logo) cards.

Would not multiple old hotel cards be thought odd?
“Oh, those are just souvenirs.”

So, *in theory*, “hotel cards could carry CC data” but not very
likely a card that you might get from a hotel desk – in practice,
what hotel would risk the PCI/DSS penalties?

By: Kristen

Kristen — Sun, 19 Feb 2012 19:50:25 +0000

good to know; I always wondered…