Thursday, 23 October 2003
Personal data stored on hotel card-key mag stripes
As tracked down (in spite of the initial skepticism of your truly about his initial less detailed reports) and posted by Jay Melnick of TravelBank Systems on his own Web site and in the Travel Guide Writers' Email List, here's more on the storage of personal information from reservation records (including names, addresses, and credit card numbers) on the mag stripes of hotel card keys:
In a message dated 10/22/2003 5:16:13 PM Mountain Standard Time, email@example.com writes:
The following information is in response to numerous inquiries about an e-mail that was distributed regarding hotel card keys and personal information. Please take note and feel free to share with any constituents who may also have concerns.
On October 6, 2003, Detective Sergeant Kathryn Jorge of the Pasadena Police Department received information from a group of Southern California fraud detectives who had formed a fraud investigations network through a local internet carrier. One of the members of this group from another San Gabriel Valley agency reported that in an investigation that he was personally involved in, he came across a plastic hotel card key from a major hotel that had personal information that could potentially lead to identify theft and fraud. This information included names, addresses, length of stay, and credit card numbers. This detective took the precautionary measure of notifying the detectives in the network prior to seeing if this practice was standard in the industry.
As the investigation into this potential fraud risk continued, this information was shared with other members of the Pasadena Police Department and personnel chose to share this information with others before we could correctly evaluate the risk. This has caused a chain reaction of probably thousands of people being given this information before the risk was evaluated thoroughly.
As of today, detectives have contacted several large hotels and computer companies using plastic card key technology and they assure us that personal information, especially credit card information, is not included on their key cards. The one incident referred to appears to be several years old, and with today's newer technology, it would appear that no hotels engage in the practice of storing personal information on key cards. Please share this information with anyone who has a concern over the initial information send out to others as a precautionary measure.
There was never the intent of the Pasadena Police Department to forward this information to others before the risk was evaluated. The information was forwarded by individuals as a possible precautionary note of interest only.
Janet A. Pope
Adjutant to the Chief of Police/Public Information Official
Pasadena Police Department
Thanks again to Jay Melnick for getting to the root of this story.
Christoper Elliott, who also has a travel blog, says that "It's an urban legend." But I wouldn't take the "assurances" that this isn't still happening (at the specific hotels contacted by one local police department) as conclusive, or as indicative of industry norms. What this really goes to show is that there is still no culture of privacy consciousness in the travel industry -- and that people from places with real privacy laws are right to demand the same in the USA before they do business with travel companies in the USA.Link | Posted by Edward on Thursday, 23 October 2003, 09:24 ( 9:24 AM)