Our Blog

Connect with us on LinkedIn

Friday, 8 January 2010

The hotel key card myth and other security scares

If you travel on business and are of a curious nature, it is likely that during some idle moment on an otherwise busy trip, you will have stopped to wonder what exactly gets stored on the various cards you have on your person.

There is the old chestnut about room keycards, for example. There are plenty of scare stories going around about how key cards contain enormous amounts of personal data, including your credit card number, date of birth and – if you believe the scariest of the scare stories – the full details of any in-room movies you might have watched last night.

In fact, while hotel keycards have the potential to store any sort of data – including your lottery numbers if you so wish – they are configured only to use the scantest of essential information. This usually means your room number along with date and time of arrival and departure. The idea that they are encoded with your credit card data is an urban myth.

The information held on the magnetic strip of your credit and bank cards is another source of intrigue, not least because of the headlines about card readers attached to ATMs that regularly surface.

In fact, thanks to an organisation called PCI, you can find out exactly what’s on your magnetic strip and you can see this below.

As you can see, there is very little space for information and most of it is the same information that is printed on your card but in an electronic form.

But unlike hotel key cards, there is some information on your magnetic strip (or increasingly on the chip) that could come in very handy for a scammer and that is the information to the right of the diagram labelled with the words VIOLATION TO STORE.

These last few pieces of information relate to your PIN and the three-digit security code printed on the front or back of your card. It is exactly this information that means the use of credit and other financial cards is much more tightly regulated than hotel key cards.

This is where PCI comes in. This global forum was set up in 2006 by five payment companies including American Express, Mastercard and Visa. One of the key functions of PCI is to set standards for the handling for this sensitive information - the so-called PCI DSS specification.

The specification is highly prescriptive, making it hard for just anyone to set themselves up to handle cards and that is as it should be. We know how important security is and that’s why we are PCI DSS compliant.

So now you know what’s on the back of your card, you can rest easy in the knowledge that no-one else will find out.

No comments:

Post a Comment