We've heard from a few sources (OK, one was an Internet chain letter, but the other was an American Express customer service representative) that hotel room keycards can have personal guest information encrypted on them that includes a home address and credit card number with expiration date. That would create an easy opportunity for anyone with a card reader to commit identity theft by accessing room keycards left behind after check-out.

Is there any truth to this? Here's what two hotel chain executives had to say:

"There is an urban myth about hotel key cards that has been circulating on the Internet for about two years. Although the magnetic stripe on hotel key cards have the technical capability to store various kinds of data, repeated tests in our hotel brands and others show that the cards only store a serial number that determines whether that particular key is authorized to open a specific door. This serial number is encoded from the room number, an access code, and the activation and expiration date. There has not been a business reason to store any additional data on the cards. The magnetic stripe keycards used in hotels today have been an important step forward in protecting the safety of hotel guests. The key is changed each time a new guest checks into a particular room. A lost key does not create the risk of an unauthorized person entering a room because the room number is not stamped on it. And if a keycard is lost, the desk clerk can change the room lock 'combination' and issue a new keycard."
- Stevan Porter, president for the Americas region, InterContinental Hotels Group

"About key cards: This has been developed into an urban myth! I have asked a number of security experts about this over the last few years. Cards do not have PII [Personally Identifiable Information] on them so if one is turned in or lost, your personal info is safe."
- Dave Scypinski, senior vice president, industry relations, Starwood Hotels and Resorts Worldwide