FACT: Hotel Key Cards Don’t Carry Personal Information
Persistent Internet rumors that magnetic swipe cards carry personal information is one privacy concern that needs to be discarded
As consumers interact and transact more frequently online, divulging personal and financial information is often done without much hesitation. Many trust security measures are in place, knowing that an operation’s reputation is on the line if there is a breach.
Hotels especially collect and maintain a vast database of guest information to cater to guests’ personal preferences, aiming for an exceptional stay and repeat visits. Because of this, the industry is a target for data theft and related rumors; and has many systems in place to protect personal information. In fact, the industry has spent tens of millions of dollars to protect consumer privacy data.
One rumor that continues to show up on the Internet is the myth that hotel key cards hold a guest’s personal data, including credit card information. As the CEO of HFTP, I frequently travel to events to speak about hotel technology trends. The question of whether guests should pocket their card for security reasons is still asked, even though it’s been over a decade since room key cards have mostly replaced hard copy keys.
Rumor Started in 2003 by Pasadena, Calif. Police Department
The genesis for this rumor stretches back to 2003 when an alert was distributed by the Pasadena , Calif. police department that hotel key cards were being used for identity theft. According to a 2009 update released by the Pasadena Police Department, this warning stemmed from an Internet fraud investigation. Concerned that an electronic key might contain personal information and could lead to fraud, the information was quickly distributed to detectives without verification. Since this is something that would be a valid concern for all consumers, the warning jumped outside of the network and rapidly spread even though there is no personal or credit card information carried on an electronic keycard. As evidenced by the need to distribute an update six years after the fact, this idea still persists.
“As of today, detectives have contacted several large hotels and computer companies using plastic card key technology and they assure us that personal information, especially credit card information, is not included on their key cards,” stated the 2009 Hotel Key Card Update released by the City of Pasadena.
Only Data on Card is Reference Number for Room
Kerry Hirschy, senior vice president of sales and marketing for KABA Lodging Systems, a distributor of electronic locks and systems, explained, “The KABA process for its Saflok and ILCO products randomly generates a reference number code associated with a guestroom door lock that enables the lock to recognize its keycard code. The room number is not a part of the key’s code data.”
Plastic cards with magnetic strips are the most common type of electronic lock used today in hotels. The strips are coded at the front desk with a new reference number per new room assignment. No other data is added to the card, and this code expires based on the planned check-out date. If the card is lost or stolen, the code can be immediately changed once reported.
Newer lock models use contactless RFID (Radio Frequency IDentification) tags which communicate data via electronic waves to the transmitter on the room door. RFID technology is widely used today in retail, mobile technology, agriculture and more, including an expansion within the hotel industry. The use of RFID cards within a property can offer a range of conveniences for the guests beyond easy room entry. Guests can use their card to walk into multiple limited access areas, such as the spa and resort facilities, as well as pay for services and food. Regardless of the expanded purpose of key cards with RFID tags, there is still no cause for security concerns. That is because the actual data saved on the card is non-personal. In addition, these cards are even more secure than magnetic strips because they feature anti-cloning technology that makes it difficult to retrieve and copy the data on the card.
But the latest hotel door technology uses an entry signal that changes every time the door is opened and then the signal is gone. This new form of entry from OpenWays — featured in the 2010 version of GUESTROOM 20X — uses Crypto Acoustic Crendential (CAC) via a cell phone app. It emits a unique audible sound from the cell phone speaker to unlock the door. The encrypted signal is sent directly to guests’ cell phones in advance, allowing them to skip the front desk and head straight to their room. Each encrypted sound produced is unique and becomes obsolete from the moment it is used. This eliminates any reason for a thief to try to record and use later.
“We do not carry any guest personal data,” says Pascal Metvier, CEO and founder of OpenWays. “The OpenWays solution carries through the encrypted sound the same data that is normally written on the guest plastic key card. As per the guest phone numbers, they are provided by the guests as part of the enrollment process which is handled by the hotel chain with a formal opt in process.”
Keep Personal Information Secure
Remaining diligent with personal information is very important. Consumers are frequently asked for detailed personal information along with their credit card numbers, which increases the channels for fraud. Consumers should always remain aware of where and why you offer your details.
As stated earlier, data security is an important concern for the hotel industry as well. Hotels are entrusted with valuable personal data from their guests, and it would be a major violation of their guest relationship if the data was used for adverse reasons. So security remains a priority, and is a top trend that will be addressed at HITEC 2011.
Fortunately though, hotel room key cards can be eliminated from the list of security concerns. Only a random code can be extracted, making it a useless piece of plastic worth about two American pennies.
Frank Wolfe, CAE is the CEO of Hospitality Financial and Technology Professionals (HFTP). HFTP is a professional association dedicated to offering hospitality finance and technology professionals with networking opportunities, industry-leading certification programs and events , and essential resources for professional growth. Follow him on Twitter @frankwolfe.
This article was originally featured on Global Hotel Network’s On My Mind Column.