The growing trend towards automating hotel processes, including self check-in and keyless room entry, seeks to streamline the guest experience and simplify operations. But to what extent does it also present security concerns, both perceived and real, and how can they be overcome? Geraldine Calpin, chief marketing officer of Hilton Worldwide, and Alyssa Waxenburg, vice president of mobile strategy at Starwood, discuss.
When, in November 2014, Starwood announced it was set to roll out keyless room entry in certain hotels, this was just the latest step in a trajectory that had been underway for a while. As the so-called ‘digital revolution’ in hospitality has gathered momentum, we are not just witnessing better social media engagement, or quicker ways to book online. Rather, we are seeing what amounts to a radical overhaul of the guest experience, with even the less tech-savvy travellers benefiting from the rapid pace of change.
For over a decade, hotels have pursued a growing trend towards automation, with a view to eliminating hassle for guests and staff alike. As early as 2004, Marriott piloted the first self check-in scheme, with ‘NCR EasyPoint Xpress Check-In’ kiosks introduced to three hotels. Since then, a number of operators have followed suit, with brands such as the tech-heavy citizenM doing away with the front desk altogether. The idea is that guests will be more interested in speeding up their arrival than in interacting with a concierge.
More recently, the process has gone mobile. The Marriott app has contained a check-in and check-out option since 2013, with the likes of Hyatt and Hilton offering a similar service in selected properties. Guests can check in using the app prior to arrival, picking up their keycard from a designated kiosk when they reach the hotel.
Starwood has modified this strategy slightly at its Aloft brand. Participating Starwood Preferred Guest (SPG) members are posted a keycard based on radio frequency identification (RFID) technology. The day before their arrival, they receive a text message telling them to their room number, allowing them to skip the check-in queue and head straight to their room.
Key to success
For guests already using mobile services, SPG Keyless might seem like the next logical evolutionary phase. A Bluetooth-enabled smartphone app, it enables guests to access their rooms without needing a key: the doors open and shut at a simple tap of their phone.
Initially rolled out at ten hotels across the Aloft, Element and W brands, the service has now spread to 141 hotels and counting, redefining the traditional check-in process. To date, 320,000 SPG members from 130 countries have registered.
“Technology is constantly changing the way that people travel and, for that reason, Starwood makes it a priority to be on the forefront of innovation,” says Alyssa Waxenburg, vice president of mobile strategy at Starwood. “SPG Keyless is a perfect example of how we leverage our guests’ inherent mobility and use of technology to create effortless travel. We’re literally opening doors for our guests.”
Hilton too has developed a keyless service, introducing Digital Key in August 2015. As Geraldine Caplin, chief marketing officer at Hilton Worldwide explains, the system allows HHonors members to access their hotel room, fitness centre, pool, and any other areas requiring a key.
“After a long day of travel, HHonors members with prior stay history can swiftly bypass the Front Desk and head straight to their room, using Digital Key to unlock their door,” she explains. “They can currently use Digital Key at more than 125 U.S. properties across three brands and we will expand that rollout to additional brands later in the year.”
Those not in favour
As this trend gathers pace, it stands to reason that we are seeing resistance from certain quarters. One frequently leveled accusation is that keyless entry and self check-in are a poor replacement for personal service. In 2014, a Quartz article declared that the disappearance of hotel room keys marks the end of hospitality’, opining that hotel guests prefer ‘humanity’ and ‘personalisation’ above all.
This argument is likely to rumble on; after all, it’s true that the drive towards efficiency and simplicity may sometimes involve less face-to-face attention. However, with ten million digital check-ins at Hilton so far, it seems clear that guest demographics are changing and that many of today’s frazzled business travellers do seek expediency first and foremost. What’s more, in the vast majority of brands, digital services remain a choice – guests are welcome to visit the front desk if they prefer.
As Waxenburg puts it: “Balancing the desire for efficiency with the desire for personal service is an overarching theme of our approach to innovation. We offer our guests choice and control to create the personalised experience that is right for them. For those that want to go right to their room, SPG Keyless enables that experience. For guests wanting to engage with a front desk associate, they can.”
More galling is the idea that keyless entry, and mobile services more broadly, may pose security concerns. With cyber crime on the rise, might digital innovations of this kind make a tempting target for hackers?
It is worth stepping back here to look back at the last real step-change in hotel entry systems: the plastic keycard. The first hotel keycard was introduced in 1978, following a high-profile and somewhat distressing lawsuit. In Garzilli v Howard Johnson’s Motor Lodges Inc, a woman received a $2.5 million payout after an assailant broke into her motel room. It was determined that the hotel had not exercised ‘reasonable care’ in guest security and that the door had been ‘unsecured from outside without much difficulty’ – perhaps unsurprising in a property that had already been burgled four times.
The case shook up the hotel industry. Intent upon avoiding a repeat scenario, they became more willing to invest in good security, which at least in high-crime areas meant going beyond a traditional keying system. They turned their attention to VingCard, a recodable keycard invented in 1975. Following the addition of new features, like encryption, this rapidly became the global leader in room security.
The system has worked well throughout the years, with keycards having proven a great asset in helping guests and their belongings stay safe. Through virtue of looking identical to all others, the plastic keycard gives opportunistic criminals a harder time. Lose your metal room key, inscribed with your room number, and you had better hope it winds up in the right hands. Lose your plastic keycard, however, and you don’t need to worry about anyone tracing it to your room.
It is only over the last few years that security alarms have been raised, most notably in 2012 when a Mozilla software developer demonstrated a vulnerability in Onity’s keycard locks. Using a $50 piece of hardware, he was able to digitally pick a type of lock that appears in around four million hotel rooms. Later that year, a criminal exploited the very same flaw to execute a break-in.
Repair the damage
While Onity swiftly resolved the bug, cases of this kind have created further impetus for new solutions. Smartphone keys are widely considered to be more secure than a standard swipe card lock, not least because it’s far harder to break into somebody’s phone than it is to steal their piece of plastic. The key only works on that person’s phone, for their particular room, and only for the duration of their booking.
From a technical standpoint, the features have not been widely publicised: however, we know that SPG Keyless uses AES encryption and cryptographic hash functions. Both the mobile app and associated locks have undergone ‘penetration testing’ to minimise their vulnerability to hackers.
Hilton’s system too was designed with ‘every security precaution in mind’. As Calpin explains: “All of Hilton Worldwide’s proprietary systems undergo rigorous testing and validation. Guest facing systems have proven to be reliable and secure. Additionally, before new technology is deployed to our hotels, more rigorous internal testing is supplemented with certification by external security experts.”
Complete hacker-resistance is perhaps an unrealistic holy grail. However, reverse engineering an algorithm is surely harder picking an old-style lock. Assuming guests take appropriate precautions, such as ensuring their phones are password protected, it seems these systems are among the most secure on the market today.
As for the other advantages, these speak for themselves. For today’s increasingly self-reliant travellers, keyless entry eradicates the ‘pain point’ of queuing to check in, not to mention the annoyance of lost or demagnetised keycards.
“Our goal with all emerging technology is bringing value to our guests in order to surpass their needs and enhance the way they want to travel,” says Waxenburg.
This article appears in the Spring 2016 edition of Hotel Management International