It seems like everyone’s pushing for mobile phone smart keys. Hilton just rolled out their version. Whether branded or independent, every hotelier faces the same issue. An essential part of mobile phone smart keys is a guest-facing app that works in concert with both the PMS vendor and the Key vendor.
Let’s consider the inner workings of how this is actually going to happen. First, the guest must download an app. Smart keys for the hotel guest require a native app to access the bluetooth low-energy (BLE) or near field communication (NFC) radio hardware on the guest phone. This hotel app might be a loyalty or brand app. Or perhaps it’s just a light key-only app. Either way, that app initiates key generation.
However the guest enters the room—other than physical key and tumbler lock—a key must be generated. The system that manages access control must be informed of dates and in some cases, times pertaining to arrival and departure of hotel guests that so the key generated only unlocks the door for the time pertaining to the guest stay. So, in most cases, a front desk agent creates the key in the hotel access control system, or the hotel property management is integrated to the access control system, so the agent can create a key from the hotel property management system at the time of check in.
In the case of smart keys, the guest has to know which app to download, where to go within that app, and the app now must transmit the date/time data securely and instantly from the guest’s mobile device to the hotel’s access control system via the cloud. Ideally, the property management system would also be involved so hoteliers can track key creation. We’ve had a hard enough time passing serial data across DB25 cables for the last few decades.
Further, operational aspects must be considered, particularly credit cards. Different credit card transactions require different things. Ever notice how a zip code is required at a gas station, but no signature? Buying online requires the CVV Code. And at Starbucks or McDonalds, it’s none of the above. Signatures, CVV, Swipes, and pins are all security measures to verify the customer and the transaction. Most hotels require a swipe an authorization, and signature to get a lodging transaction, where the merchant actually receives arrival/departure dates and folio numbers. Because of the data collection, lodging transaction are difficult to dispute and usually receive a lower processing % rate. A 100 room hotel with a $200 ADR operating at 75% occupancy could lose up $11,000 at a .2% change. It’s even worse when it comes to chargebacks. Got an auth and a swipe but no signature on the $2000 seven night stay? The hotelier could be eating that cost if there’s a charge back. If guests are bypassing the front desk, how does ID get verified? Are hoteliers going to allow guest to charge their entire stay on a ‘card not present’ transaction (which cost more to process)? What happens when a guest disputes charges, and their identity was never verified beyond an app download? As NFC and mobile payments take off and chip and pin becomes the standard will the definition of a lodging transaction change?
We know Smart Keys are the future of our industry. As the hotel industry lunges forward in smart keys, competency in the cloud, native apps, and secure transmission of data across from a WAN to LAN are essential. But it’s not as simple as just building the app. There’s service-oriented answers for the case for mobile phone keys, but there are more operational questions. Operators both big and small and their vendors need to consider the bigger picture when it comes to smart keys. We, as an industry and our vendors will have to reconsider how we operate to make smart keys the de facto standard for guest room access.