Urban Myth? Destroy All Room Key Access CardsBack to Forum
AnonymousGuest16 Jul 2009
I discovered this morning I neglected to return my room key card to the receptionist on check out.
I am all for recycling, so do try and return the credit card sized access keys on departure wherever possible.
A colleague has just pointed out that these access cards have a significant amount of personal data on them, including credit card information.
Is this really the case?
If so, travellers should never return the access cards and always destroy them on returning from a trip.
Any techies know if this is an urban myth, or really the case?16 Jul 2009
I’m guessing that this is an urban myth. Given that organisations in europe and the US must be “PCI compliant” in the next few years (PCI deals with credit card information), then having it stored on a door key would fail the compliance (namely, it doesn’t serve any useful purpose to have it on the card).
also, let’s think about it – would a hotel want to risk brand reputation from putting heaps of personal information on a door key and it goes missing?16 Jul 2009
As a hotel designer/developer, I know that some of the newer key-card access systems do include some personal data that you would not want in teh hands of a ne’er-do-well with a mag-stripe reader.
I hate to say it, but I keep mine and shred them.16 Jul 2009
This is a bit of a myth – generally the only info sent to the keycard is:
– The room no (usually encrypted – and most system manufacturers use external & internal number so the no on the card is not the same as the no on the door (i.e. if you were to read it back with anything other than the hotel encoder you wouldn’t get the valid location).
– Also will find the expiry time is present on the keycard along with the creation time.
– An if the card system is interfaced with the hotel system it will also send the guest name but that is usually it.17 Jul 2009
OK but at check-out when they ask for the key what are you guys saying? I always feel obliged to hand it back but if it does have my information on it then I will keep it. Also what about the key cards which you also use to switch the lights on and off? I am guessing viking01’s bathroom light is permanently on.21 Jul 2009
I’m guessing they ask for the keys back, as they are a cost (no idea how much) to the hotel if they have to be replaced.
And as madscot suggested, the information on it is rather basic.21 Jul 2009
I used to work for law enforcement. We tested a selection of these cards for our own security. What we found led us to destroy the cards rather than hand them back. I must say though, not all card keys stored the same amount of data. But we felt on balance, better safe than sorry.21 Jul 2009
Business Traveller asked Starwood and Hilton about the truth behind the myth, and here’s what we found.
A spokesperson for Starwood said:
“The only information stored on the key cards is the time allocation, so how long the guest has the room for, and the room number. Hence if you try to get back into your room after checkout the card won’t work. Once it’s out of time it’s invalid and can’t be used again, but the plastic is recyclable. Our keycards don’t have the person’s name on them.”
A Hilton spokesperson said:
“The only data stored on key cards for Hilton hotel guestrooms are the guest’s room number and the date and time of their check in and departure.
“Each card has this information encrypted into the magnetic strip of the key card upon check-in and cancelled at departure and is only accessible by using the appropriate decoder. The card is automatically deleted at noon on the date of departure. The cards that we use do not have the capability to store any more information.
“Hilton Hotels takes the security and confidentiality of guests extremely seriously and strict policies are in place for guest protection.”3 Aug 2009