Silly Hoaxes
unmasking internet hoaxes
Hotel keycards contain personal information
Hoax: Hotel room keycards are routinely encoded with personal information which can be easily harvested by thieves.
Southern California law enforcement professionals assigned to detect new threats to personal security issues, recently discovered what type of information is embedded in the credit card type hotel room keys used through-out the industry.
Although room keys differ from hotel to hotel, a key obtained from the Double Tree chain that was being used for a regional Identity Theft Presentation was found to contain the following the information:
- Customers (your) name
- Customers partial home address
- Hotel room number
- Check in date and check out date
- Customers (your) credit card number and expiration date!
When you turn them in to the front desk your personal information is there for any employee to access by simply scanning the card in the hotel scanner. An employee can take a hand full of cards home and using a scanning device, access the information onto a laptop computer and go shopping at your expense.
Simply put, hotels do not erase these cards until an employee issues the card to the next hotel guest. It is usually kept in a drawer at the front desk with YOUR INFORMATION ON IT!!!!
The bottom line is, keep the cards or destroy them! NEVER leave them behind and NEVER turn them in to the front desk when you check out of a room. They will not charge you for the card.
[Collected via e-mail, 2005]
Just received this and thought it was worth sending around — with so much identity theft going around, makes sense!!
Remember this for the future:
You know how when you check out of a hotel that uses the credit-card-type room key, the clerk often will ask if you have your key(s) to turn in...or there is a box or slot on the Reception counter in which to put them? It's good for the hotel because they save money by re-using those cards. But, it's not good for you, as revealed below.
From the Colorado Bureau of Investigation:
"Southern California law enforcement professionals assigned to Detect new threats to personal security issues, recently discovered what type of information is embedded in the credit card type hotel room keys used throughout the industry.
Although room keys differ from hotel to hotel, a key obtained from the "Double Tree" chain that was being used for a regional Identity Theft Presentation was found to contain the following the information:
a.. Customers (your) name
b.. Customers partial home address
c.. Hotel room number
d.. Check in date and check out date
e.. Customer's (your) credit card number and expiration date!When you turn them in to the front desk your personal information is there for any employee to access by simply scanning the card in the hotel scanner. An employee can take a hand full of cards home and using a scanning device, access the information onto a laptop computer and go shopping at your expense.
Simply put, hotels do not erase the information on these cards until an employee re-issues the card to the next hotel guest. At that time, the new guest's information is electronically "overwritten" on the card and the previous guest's information is erased in the overwriting process. But until the card is rewritten for the next guest, it usually is kept in a drawer at the front desk with YOUR INFORMATION ON IT!!!!
The bottom line is: Keep the cards, take them home with you, or destroy them. NEVER leave them behind in the room or room wastebasket, and NEVER turn them in to the front desk when you check out of a room. They will not charge you for the card (it's illegal) and you'll be sure you are not leaving a lot of valuable personal information on it that could be easily lifted off with any simple scanning device card reader. For the same reason, if you arrive at the airport and discover you still have the card key in your pocket, do not toss it in an airport trash basket. Take it home and destroy it by cutting it up, especially through the electronic information strip!
The Truth
The notion that hotel key cards are routinely encoded with all sorts of personal information (thus making them dangerous should they fall into the hands of identity theft scammers) began in 2003 when an overzealous detective with the Pasadena (California) Police Department sent around a warning
This urban legend can be traced back to an e-mail that a detective from the Pasadena Police Department sent out more than four years ago.
"One of our investigators was at a meeting with other fraud detectives," says Ronnie Nanning of the Pasadena police. "Someone there happened to say that they heard that it was possible to put this information on this key card."
The detective notified other detectives as a "heads-up" to the possibility. That information was shared with others in the police department, who then passed it on before the risk could be evaluated, she says. It took on a life of its own.
Nanning says her department contacted major hotel chains at that time, and "were told time and time again that this was not the policy."
The misinformation wave created by the detective's erroneous
On October 6, 2003, Detective Sergeant Kathryn Jorge of the Pasadena Police Department received information from a group of Southern California fraud detectives who had formed a fraud investigations network through a local internet carrier. One of the members of this group from another San Gabriel Valley agency reported that in an investigation that he was personally involved in, he came across a plastic hotel card key from a major hotel that had personal information that could potentially lead to identify theft and fraud. This information included names, addresses, length of stay, and credit card numbers. This detective tookthe precautionary measure of notifying the detectives in the network prior to seeing if this practice was standard in the industry.
As the investigation into this potential fraud risk continued, this information was shared with other members of the Pasadena Police Department and personnel chose to share this information with others before we could correctly evaluate the risk. This has caused a chain reaction of probably thousands of people being given this information before the risk was evaluated thoroughly.
As of today, detectives have contacted several large hotels and computer companies using plastic card key technology and they assure us that personal information, especially credit card information, is not included on their key cards. The one incident referred to appears to be several years old, and with today's newer technology, it would appear that no hotels engage in the practice of storing personal information on key cards. Please share this information with anyone who has a concern over the initial information send out to others as a precautionary measure.
There was never the intent of the Pasadena Police Department to forward this information to others before the risk was evaluated. The information was forwarded by individuals as a possible precautionary note of interest only.
Hotels generally have no practical or functional reason for wanting to encode customers' personal information on their room key cards; most of them have databases that store the very same customer data, so they have no reason to encode anything more than basic information (e.g., room number, access code, activation and expiration dates) on the key cards themselves. In fact, even that basic information isn't really stored directly on the cards themselves