Hotel Keys Do Not Store Your Personal Information, but Here’s Why You Might Think That
They can store your personal information, but it doesn't mean they do.
As I learned on a family vacation this weekend, some people think that their hotel keycard is encoded with all sorts of personal information. This belief leads to people refusing to turn in their keycards at the end of a hotel stay for fear of that information being stolen. It’s not true, but here’s why some people think it is.
Depending on the type of card and format, the magnetic strip of a keycard can hold more information than some people realize. This was a plot point in 24 season one. The fact is that hotel keycards are capable of storing a good amount of the data about you that the hotel has on file, and that’s where the misunderstanding began.
At a security meeting for fraud detectives in 2003, someone demonstrated that keycards could store this personal information and that identity thieves could use them as a surreptitious means of storing data. A detective at the meeting began telling people, and at some point the true statement, “Hotel keycards can store data such as personal information,” became, “Hotels store personal information on keycards.”
This misinformation has been perpetuated in a series of recurring chain emails that well-meaning uncles, mothers-in-law, or your dad’s friend from college send out as warnings. They look like this:
Southern California law enforcement professionals assigned to detect new threats to personal security issues, recently discovered what type of information is embedded in the credit card type hotel room keys used through-out the industry.
Although room keys differ from hotel to hotel, a key obtained from the Double Tree chain that was being used for a regional Identity Theft Presentation was found to contain the following the information:
- Customers (your) name
- Customers partial home address
- Hotel room number
- Check in date and check out date
- Customers (your) credit card number and expiration date!
When you turn them in to the front desk your personal information is there for any employee to access by simply scanning the card in the hotel scanner. An employee can take a hand full of cards home and using a scanning device, access the information onto a laptop computer and go shopping at your expense.
Simply put, hotels do not erase these cards until an employee issues the card to the next hotel guest. It is usually kept in a drawer at the front desk with YOUR INFORMATION ON IT!!!!
The bottom line is, keep the cards or destroy them! NEVER leave them behind and NEVER turn them in to the front desk when you check out of a room. They will not charge you for the card.
The police department that employed the detective who started this whole thing even sent out a retraction email to clear things up, but it apparently didn’t make it as far as the original.
Hotels don’t store your personal information on your key, because why would they? In most hotels the key is just that — a key. It’s used to open your room, or maybe access the pool area. Some more elaborate hotels may link your room key to your account so you can use it at an on-site restaurant or shop. In this case, it might be assumed that your credit card information is stored on the key, but it isn’t. In those cases, the hotel stores a marker on the card which tells any scanners that there is a credit card on file for that room.
So yes, a hotel keycard can be used to store personal information — or any information for that matter — but hotels don’t encode them with that information, because there’s no reason for them to do that. All it would do is open their customers up to potential identity theft, and that would be bad for business.
Next time you stay at a hotel, don’t worry about what’s on your keycard.