Archive - Originally posted on "The Horse's Mouth" - 2016-01-04 20:35:57 - Graham Ellis
I have been forwared a message from a Sarah Young (Police, PC - Cyber crime prevention officer, Wiltshire Police)
"PLEASE READ THIS IF YOU STAY IN HOTELS AND ARE GIVEN A CARD FOR ACCESS TO YOUR ROOM" she shouts
She carries on "This is a really useful information for anyone who goes on holiday where the hotel uses key cards. Always take a small fridge magnet on your holiday, they come in handy at the end of it. Never even thought about key cards containing anything other than an access code for the room ? Ever wonder what is on your magnetic Hotel room key card?"
And she goes on to answer the question:
"Answer:
a. Customer's name
b. Customer's partial home address
c. Hotel room number
d. Check-in date and out dates
e. Customer's credit card number and expiration date!"
Problem is - she has it wrong!
We run a hotel. We use keycards for the rooms. Yes - they include the room number that they key card is to give access to, and the start and end time and date, which will indeed usually be the check in and check out date. But they do NOT include the customer's name. They do not include any of the customer's home address. And they certainly don't include any credit card details such as numbers or expiration dates - who on earth told you that they did, Sarah - you have been taken in!
In a large hotel, where cards are used in the restaurant or bar, there is some merit in encoding the guest's name as it would allow staff who don't know him/her to address him by name. And I can see a use in a big place for including the guest's native tongue so that the maitre d'hotel can address the guest in English, German, Afrikaans or Ghodoberi. But to add addresses and credit card details would be crazy - why on earth would we want to - it would be extra work, it would open a big security hole, and it would gain us absolutely nothing except trouble from our merchant credit card company, who rightly supply advise and rules for our security and our customer's security under which we operate.
So what's my message ...
To our customers - your security is far better with timed keycards than with traditional metal keys which a previous guest could have got copied at the local locksmith
To our police force - why on earth are you scaring the public, and making life difficult for legitimate local hotel businessess, by spreading false stories?
I was going to contact PC Young via the web page on the email - but clicking on the link brought up a form with the following message: "Please enter your reply to the Alert you have received below. Please note: the message sender is already aware of your name and contact details so you do not need to repeat them here ..." and it strikes me that Sarah's message must contain exactly the sort of data that she's telling us to be so careful of on hotel key cards. Of course, if the police do what they're warning us against, it's all right, right? No - it's wrong and its hypocrasy of the highest order!
Update - 5th January 2016. Last night, I invited the Wilts Police to comment on this article and on their allegations of a security risk in these cards. No response as yet, but the following has appeared I'm my Facebook feed, where I am tracking the matter.
I would have thought that a trained officer in the CyderCrime unit would have made a few checks before publishing a warning ... it was certainly easy for us amateur to find posts confining that this is an old urban myth that's been around for years. Rather confirms, with regret, my "can't trust the police" view.
I note "The matter will be investigated". I wonder if the results of this investigation will be made public, or if that's just a throw-away line to help in a cover up of what looks like a bungled, knee-jerk message from someone who should have know better.
![[here]](http://www.wellho.net/pix/policescaremongering.jpg){kind=link}
