LAS LLAVES MAGNÉTICAS....DE LOS HOTELES ( HELPFUL INFO) IDENTITY THEFT ADVICE

huskie says on May 6, 2008, 04:33:

Bump

"Great spirits have always encountered violent opposition from mediocre minds-"

Alma del Norte says on May 6, 2008, 05:20:

Huskie - received any spam recently?

I thought we decided this was cock & bull a few months back?

La vida es una rutina

huskie says on May 6, 2008, 05:23:

What do you mean?

"Great spirits have always encountered violent opposition from mediocre minds-"

huskie says on May 6, 2008, 05:25:

Speak english as I cannot read minds
Cheers

"Great spirits have always encountered violent opposition from mediocre minds-"

rocinante says on May 6, 2008, 05:27:

These emails make me laugh and are utter crap. Probbably one of those emails that gets circulated like Bill Gates is giving away millions.

The key card has a unique ID number inside and maybe a room number. That's it. No more no les.

When the key is swiped the reader sends a message with two thingas back to the Key Computer. 1) The ID on the KeyCard and 2.) the location address of the reader (room #2108). The Key computer located at the front desk looks to see if the door and keycard are a match. If yes send back a message to the door to open.

When you check in the keycard is read by the front desk and assignbed a room number. When you check out the key card is read at the front desk and its connection with the room it had been opening during your stay is erased.

Second scenario: the cards are writeable and only contain the door nuimber of which it can open. When you swipe your card and it is has room 2108 and you are swiping at room 3106 the reader on the door won't open the door.

Either system above is totally different than the guest system (with all your information) and if they are the same, the card itself still only contains a unique ID and NONE of your personal information. It makes no sense and serves absolutely no purpose to waste time and effort sticking all of your personal information on your key. Plus card/keys that are able to hold all of that data are so much more expensive that ones carrying only a 6 or 8 digit code.

"World economic indicators point to a democrat winning 2008. It will surely be Obama. Peso 1400 by November" Feb 5, 2008

huskie says on May 6, 2008, 05:44:

Well you seem to know it all Roci, Mr expert I shall call you from now on.....something against Bill Gates? Jealous you do not have his mind and brains? Guess the only stuff worth reading is your posts. BTW for some one who knows " everything" take a course in English spelling.. you need it.

Alma del Norte... Don't tell me you are back... Chorizo? I thought you had been fried a while back!
Cheers

"Great spirits have always encountered violent opposition from mediocre minds-"

rocinante says on May 6, 2008, 05:56:

Nice comment. I may mispell but I wasn't born yesterday. Someone who knows more than you is not necessarily one who knows it all. Why not relax and accept what I have written? I didn't attack you.

"World economic indicators point to a democrat winning 2008. It will surely be Obama. Peso 1400 by November" Feb 5, 2008

huskie says on May 6, 2008, 06:02:

Not gonna do that just because you say so
Cheers

"Great spirits have always encountered violent opposition from mediocre minds-"

huskie says on May 6, 2008, 06:04:

There is a button on the site where you can ignore comments or posts. Use it!
Cheers

"Great spirits have always encountered violent opposition from mediocre minds-"

tasco66 says on May 6, 2008, 07:08:

Don't be a sucker for e-mail hoaxes

By Michelle Singletary | May 21, 2006

P.T. Barnum is often quoted as having said, ''There's a sucker born every minute."

It turns out, there's no evidence that Barnum ever made such a declaration. Interesting, isn't it, that one of the most famous quotes about the gullibility of people is falsely attributed to Barnum?

Still the quote holds true. In this Internet era, there really are as many suckers as there are megabytes.

Take for example, a very annoying e-mail making the rounds. The subject line says, ''PLEEEEEASE REEEEEAD! IT WAS ON GOOD MORNING AMERICA TODAY SHOW."

The ''it" the e-mail is referring to is a story that Microsoft and AOL are running a tracking test and if you forward the e-mail, you could get $245 for every person you send it to. The e-mail goes on to claim, ''For every person that you sent it to that forwards it on, Microsoft will pay you $243, and for every third person that receives it, you will be paid $241. Within two weeks, Microsoft will contact you for your address and then send you a check."

Oh, and to make it all seem so legit, the writer (you can't really tell who it is) claims he or she got a check for $24,800 two weeks after receiving the e-mail. Then the person urges, ''Please forward this to as many people as possible. You are bound to get at least $10,000. We're not going to help them out with their e-mail beta test without getting a little something for our time. My brother's girlfriend got in on this a few months ago. She showed me her check. It was for the sum of $4,324.44."

You would think I wouldn't have to say this, but here goes: You are a sucker if you believe this is true.

Stop forwarding this darned e-mail. It's a hoax, according to a spokesman for Microsoft.

Fortunately, the e-mail doesn't contain a virus, so it's not too harmful. But what about others that are forwarded that result in undue worry? Most recently, I received an e-mail with a dire warning.

It claimed that the plastic credit card-looking room keys hotels often use contain personal information, such as your credit card number and expiration date and home address. Don't just turn the cards in at the end of your stay, the e-mail warns. Anybody, especially an unscrupulous hotel employee, can take the card and -- using a scanning device -- access your information.

I was worried that out there in some trash can was a plastic hotel key I had discarded with my personal information.

Turns out this, too, is not true.

''On most hotel key cards, there is an encoder system with numbers only," explained Victor Glover, senior vice president of safety and security for Accor North America and chairman of the Loss Prevention Committee for the American Hotel & Lodging Association.

Glover further explained, ''The number represents the date and time a guest checks in and out. Once that date and time has passed, the key is no longer active. The magnetic strip on the back of the card carries the encoder numbers that will correspond to the strips in the door itself. The activation of the key card is solely based on how long a guest is staying, not credit card, Social Security, and other personal information."

OK, so I was a sucker. But this particular e-mail sounded so plausible.

If you are curious about a suspicious e-mail, there is nothing wrong in checking it out. Try www.snopes.com. In fact, the Microsoft/AOL money giveaway is number two on the site's 25 Hottest Urban Legends.

What you should never do is forward these e-mails. And if you do, don't think it's a harmless action.

Here's the note I got along with the e-mail promoting the bogus Microsoft giveaway, ''Sorry about the mail of this sort, but maybe we can benefit from this ... who knows? Try it yourself, what can you lose?"

Folks, in the end somebody could lose. Forwarding these e-mails could result in many of your friends, co-workers, or family members ending up on spam e-mail lists. That could in turn increase the amount of junk mail they get. And that might lead to somebody becoming a sucker who loses some real money.

http://www.boston.com/business/personalfinance/articles/2006/05/21/don...

Bravo, Presidente Uribe for the perfect operation!

sloopskipper says on May 6, 2008, 08:03:

It appears that key-cards might contain credit card and other personal information (although I see no retraction to the story at Snopes) But, even the flag indicating "credit card on file" would expose a real risk if the card were to come into the wrong hands during the stay, if not afterwards:

Hotel Key Cards: Identity Theft Risk or Not?
"Mythbusters" Aside, the Answer's Not Clear-Cut
http://www.consumeraffairs.com/news04/2006/10/travel_hotel_keys.html

By Martin H. Bosworth
ConsumerAffairs.com

October 15, 2006
A few years ago, a rumor made the rounds on e-mail and the Web that hotels were encoding room key cards with guests' personal information, and that any prospective identity thief with a card reader could gain access to your most essential private data.

The reports were debunked at the time by self-proclaimed mythbuster Snopes.com, which claimed that hotels didn't encode anything more than the guest's name and duration of their stay on the card.

"Even in cases where a hotel keycard can be used to purchase goods and services (e.g., at a resort complex such as Walt Disney World), guests' credit card information is not encoded on the cards themselves," Snopes.com said with its customary assurance.

"The cards simply contain a flag indicating that the guest has a credit card on file with the resort and is authorized to charge purchases to his room," explained Snopes.

In a slightly more authoritative debunking, Computerworld, an information technology trade journal challenged a top maker of magnetic card readers to find personal data on 100 room-card keys -- from Hilton, Holiday Inn, Sheraton, Westin and other major chains. The keys had been collected by staff members in their travels.

The cards yielded only strings of numbers and letters, according to Terry Benson, engineering group leader for MagTek Inc. in Carson, who did the tests, the Los Angeles Times reported. The magazine conceded that its sample was small and confined to the U.S., however.
The Origin

The great hotel key mystery began on October 6, 2003, when Detective Sergeant Kathryn Jorge of the Pasadena, California, Police Department received information from a group of Southern California detectives who had formed a fraud investigations network.

One of the detectives said that during an investigaton, he came across a plastic hotel card key from a major hotel that had personal information -- name, length of stay and credit card number -- that could lead to identify theft and fraud.

The police sleuths now say that hotel executives have assured them that personal information is not included on their key cards.

But it's not necessarily the end of the story.

Snopes itself conceded tbat the report about hotels encoding key cards with personal information was confused with another, much more legitimate story -- that of identity thieves stealing key cards and turning them into "clone" credit cards using personal data that had been taken from other sources.
Seeing Is Believing

Adding more fuel to the fire, since the rumors regarding hotel keys were first supposedly debunked, instances have shown up around the country of hotel card keys actually containing personal information encoded by the hotel.

In Nevada, Deputy Attorney General Tracey Brierly saw some evidence with her own eyes. Brierly, a deputy attorney general in the state AG's Bureau of Consumer Protection, attended a High Technology Crime Investigation Association conference in South Lake Tahoe.

The speaker asked for volunteers to provide their credit-card style room keys, the ones with the magnetic stripe. Five or six people provided their keys, and the speaker swiped them through a credit card reader.

"Two of the keys brought up a name and partial address, and another one brought up a name, address and credit card number," Brierly said. "I had no idea this was even a possibility."

Brierly said she didn't know which hotel keys had the embedded information, saying she typically leaves the key in the room upon checkout, but won't any more. All of the hotels denied that such information is on their keys, but said guests were free to keep the keys at check-out.

In fact, at least one major hotel chain concedes it formerly stored credit card information on its keys but says it no longer does so, according to Janet Pope, spokeswoman for the Pasadena Police Department.

But Pope rejected the "urban myth" tag making the rounds about the keys. "It's not an urban myth; it can potentially happen," she told the Las Vegas Review-Journal.

Far from being a total debunking, the Computerworld story was sparked by an incident in which Peter Wallace, information technology director for AAA Reading-Berks in Wyomissing, Pa., reported finding personal information on magnetic hotel key cards when visiting three major hotel chains.

His curiosity piqued, Wallace said he carries a small card reader with him when he travels.

At one resort, he said, his card key contained credit card information, his address and his name. He said hotel officials expressed surprise when he showed them the results. Wallace told ComputerWorld travelers should take their access card with them and shred it when they get home.
Hotels Murmur Reassurance

The hotel industry continues to deny that there's anything treacherous about the keys. Just last month, American Hotel & Lodging Association president Joe McInerney issued a statement reiterating that hotels did not encode guests' personal information on their key cards.

Instead, the cards typically contain an identifying code that ties back into the guest information -- name, address, credit card, etc. -- that's taken at the front desk. However, when you get down to the pesky details level, a little backtracking occurs.

In some resorts or hotels, the systems used in the bar, restaurant or other concessions may not be tied back into the front-desk system that contains guest billing information. Those hotels might choose to encode credit card data directly onto the hotel key to allow credit charges to be made, Computerworld noted.

Information technology specialists insist that major hotel chains in the U.S. don't encode personal data on the card keys, but when pressed, admit that older systems are another story -- as are hotel systems outside the United States.

"There are locking systems in Europe that, when you check in, let you enter a credit card, guest name, everything [on the card]. But never in the States," Jocelynn Lane, vice president at VingCard AS, told Computerworld.
Check-Out Time

At the very least, the key cards can result in odd charges popping up on travelers' bills.

Those who blithely leave the keys in their rooms are counting on the front desk staff to quickly process their check-out and disable the account information that the cards link to. In larger resort complexes, where the cards can be used to make retail purchases in spas, shops and restaurants, the cards could be used to make some very expensive purchases in just a few minutes.
Free Lancers

Besides their potential role in identity theft and unauthorized purchases, the key cards can get up to other mischief.

Brian Krebs, a security and technology columnist for Washingtonpost.com, related a story of Las Vegas police confiscating hotel keys from criminals, only to find they were encoded with data stolen from consumers.

The crooks would use them to buy goods at convenience stores and gas stations, as the low purchase levels were beneath the notice of most fraud-detection systems.

The still-unexplained data breach that led to a massive shutdown of debit cards issued from major banks, including Citibank, was attributed to identity thieves stealing data from a payment processor and encoding it on blank ATM cards. The thieves then proceeded to make withdrawals from victims' bank accounts, with no one the wiser.
What To Do

So what's a hapless hotel guest to do?

As Deputy AG Brierly suggests, your best bet is to take the card with you when you check out, then shred or destroy it when you get home. It costs you nothing to do so and the hotels don't care one way or the other.

Even Snopes.com, frequently quoted as "debunking" the threat, offers this advice: "[W]hen you check out of your hotel, you can retain or destroy your keycard" to eliminate the risk, however slight it may be.

The reassurances of hotel mouthpieces should be taken as the usual p.r. blather. After all, fraud, by its nature, is often committed by insiders who, understandably, conceal their activities from others within their organization, somewhat negating the soft-soap assurances of hotel executives who aren't likely to have any actual hands-on knowledge of how their systems work.

It takes only hotel employee who succumbs to temptation or intimidation to cause trouble.

The entire dust-up raised the ire of one consumer activist we contacted.

"Why is everyone so hellbent to assure consumers that their key cards are safe?" he fumed. "This is a little suspect, is it not? There is no risk involved in shredding your key card so why would anyone urge consumers to take the much bigger risk of relying on the honesty of everyone who has access to their personal information? Take the thing home and shred it."

cdy says on May 6, 2008, 11:46:

My 2 cents - for now this is a hoax, I spend about 160 nights per year in hotel rooms and have had this discussion countless times- hotels are not storing your cc # on room keys. The systems are not generally even tied together. If a hotel employee wnats to steal your credt card info they don't need your key, it is all there on their computer.

Who knows what will be stored on your key card in the future, techology changes so fast ,
probably will be able to swipe your card at the lounge and your favorite drink will quickly be delivered to your table or swip your key card at the buisness center and of your bookmarks from your home computer will show up on theirs(probably not a good thing).

A myth for now but the future reality might be a lot scarier.

rocinante says on May 6, 2008, 11:52:

Doesn't matter. The sensitive data will always be stored on a remote system with just a number to tie the two together. That number being on the keycard. Your fav drink and other stuff is stored on a different system.

When you go to Amazon.com WITHOUT EVEN LOGGING IN the site makes recommendations and says hello to you. Is this information stored on your computer? All this information? NO only a cookie file with an ID number that goes to the Amazon website when you type in the URL and hit enter. All the real info is on the Amazon side on a protected database.

Bottom line is it will never be scarier.

"World economic indicators point to a democrat winning 2008. It will surely be Obama. Peso 1400 by November" Feb 5, 2008

germuno says on May 6, 2008, 12:37:

rocinante...I jumped into amazon.com on a computer that I have used before to order things and it didn't come up with anything personal. It requests me to log on to get personal recommendations. Which it does in abundance.

Agree with you on the original post. People like conspiracy stuff and this sure fits into that category

Got a kick out of the op stating that it's against the law for the hotel to charge for unreturned cards. Yep all 190 plus countries in the world have this policy

sloopskipper says on May 6, 2008, 12:41:

rocinante says on Tuesday May 6th, 2008 11:52:

"Doesn't matter. The sensitive data will always be stored on a remote system with just a number to tie the two together. That number being on the keycard. Your fav drink and other stuff is stored on a different system."

"ALWAYS" can be a tough statement to defend. A single exception blows a hole in it.

I guess you did not read the article, or simply chose to not believe it, as you keep saying the same thing.

It seemed quite reasonable because I don't know, for a fact, how the hospitality system operates in each and every hotel on the Planet.

As far as asking staff in a chain hotel, I doubt there would be many in a position to really know what is stored on the card (and readily accessible).

Of course, like an ATM card, sensitive data can be encrypted and not viewable without the algorithms or in the past, hardware non-linear & shuffle encryption keys.

huskie says on May 6, 2008, 12:42:

I did not say 190 hotels have this policy!!! can't you read?
Cheers

"Great spirits have always encountered violent opposition from mediocre minds-"

huskie says on May 6, 2008, 12:48:

ROC: when that happens with Amazon, is because you did not sign out to begin with (given the fact you had sign in). DUH
you are full of it, pretending to know so much about how systems work
Cheers

"Great spirits have always encountered violent opposition from mediocre minds-"

Robert Jorge says on May 6, 2008, 16:15:

I am, for some reason, reminded of the old saying: "Give a person enough rope and they will hang themselves."

--"I believe in making the world safe for our children. But not for our children's children, because I don't think that children should be having sex." - Jack Handy

sloopskipper says on May 6, 2008, 18:02:

Yep, yep.

Papi de Alejo says on May 6, 2008, 18:47:

Roci is correct. If you go to Amazon.com, they will read your cookie and give you reccommendations based on what you previously looked at or purchased from them. Delete the cookie before you go to their site and you will not get this information until after you have signed on.

PdA

rocinante says on May 7, 2008, 06:55:

Hang on Sloopy:

Sorry my post and the one directly before it are referencing the scary FUTURE and systems to come. I should have addressed CDY and quoted him instead of assuming my post 6 minutes later would be understood to be directed towards him/her.

If some hotel chain had a system that wrote all the personal information to a magnetic card they most likely do not do so today. I highly doubt that today there are hotels who have not switched to more secure systems and the ones that did spend the big bucks purchasing systems that wrote everything to the card (to serve what purpose since the card is only used for openning doors?) were probably not mom and pop places.

I have a ton of experience with with magnetic readers, serialized barcodes and RFID. I am not hanging myself. If you want to keep and destroy your key card fine.

Huskie, the way I have outlined the Amazon cookie is how it works. If you don't log out, Amazon automatically times you out. You never stay logged into Amazon or any major e-commerce site. If you use the same computer 2 weeks later, without logging in, Amazon is still gong to say "Hello Huskie" and still make a recommendation based on what the ID in the cookie file attached to your browser returns from a database lookup which stores your recommendations and name and other non sensitive stuff. In your case the recommendation will be "Crying in My Coffee" by Hillary Clinton

When you need to access your account, personal info, order history or something serious you will be forced to log in fully to Amazon. This is how it works I promise you.

"World economic indicators point to a democrat winning 2008. It will surely be Obama. Peso 1400 by November" Feb 5, 2008

Robert Jorge says on May 7, 2008, 07:46:

Rocinante, I was not refering to you when I said "hang themselves." Somebody else's posted "information" was innaccurate, and then their response to you was even more innaccurate - to the point of being humorous. Rocinante, you were spot on ... and quite civil about your patient responses to ignorant info.

--"I believe in making the world safe for our children. But not for our children's children, because I don't think that children should be having sex." - Jack Handy

sloopskipper says on May 7, 2008, 09:09:

Roci, what you say is most likely true, especially with the publicity that this has attracted.

I am not totally unaware of this equipment. I can not measure my experience in tons, but I was already in the business 11 years when I first worked with mag card writer/readers, and 25 years after that, and not just with ATMs, mag card equipment, or in financial:


Circa 1975 (Online/Offline ATM)

That old ATM had a stainless steel "vandal door" which dropped to cover the keyboard and the money release drum. Probably be a popular feature in Bogotá these days. It could also capture a "hot" card, and/or purge the cash if not taken within a certain time frame.

huskie says on May 7, 2008, 10:35:

Haha "Crying in my Coffee" that is funny, but right now I just bought one.. " seating and waiting to see what happens" it is really wicked.
Thanks for the info
Cheers

"Great spirits have always encountered violent opposition from mediocre minds-"

huskie says on May 7, 2008, 10:42:

Oh I almost forgot, I live in Eastern Europe and have traveled extensively all over the world, you will be surprised of the many hotels (not your mom and pop hotels) that would probably not afford the extra cost of implementing such sophisticated systems; and I am talking 4-5 star hotels.
Cheers

"Great spirits have always encountered violent opposition from mediocre minds-"