Campus ID News
Card, mobile credential, payment and security
Mag stripe card cloning

St. Louis University dorms dump ID card for brass keys following card cloning incident

Incident reenforces need for secure credentials and campus cards

CampusIDNews Staff   ||   Feb 07, 2024  ||   ,

While most institutions are eliminating physical keys in favor of cards and mobile credentials, Saint Louis University (SLU) was forced to make the opposite move. This comes after a student illegally cloned a valid ‘master’ card and used it to access another student’s dorm room.

According to an article in SLU’s student newspaper, the student used a card-skimming device known as a flipper to copy data from the mag stripe of an campus card belonging to a staff member. This data was then encoded to the magnetic stripe on another card, creating the clone.

We have long known of the vulnerabilities inherent in both magnetic stripe and 125kHz prox technologies, still thousands of facilities continue their use.

According to an anonymous residence advisor, the cloned card belonged to a staff member who had master access to the residence halls, so the forged card could potentially provide entry to any dorm room.

This aligns with a university statement.

In an email to students, the university said the switch to keys was due to an incident involving a student worker in the central housing office.

Though not explicitly confirmed, it would follow that the cloned card belonged to a housing staffer with master access privileges to residence hall rooms.

Fortunately, though the impacts of the cloning could have impacted life safety, they were minor. The university says the unauthorized access was limited to the single event, no one was hurt or robbed, and the card skimmer was confiscated.

The anonymous residence advisor says a female student used the card to enter her ex-boyfriend’s dorm room.

In response to the incident, the university suspended use of ID cards at residence hall doors and returned to physical keys. The campus cards are still being used for functions including parking, dining, and access to non-residence hall buildings on campus.

SLU’s reacted quickly to remedy the situation. Because the doors in the dorms had both physical and electronic locks, in just a few days card access was shut down and physical keys were provided to residents.

There are lessons to be learned for campuses across the country and beyond.

The SLU case is just one more in a decades-long string of events that demonstrate the dangers associated with antiquated ID technology. We have long known of the vulnerabilities inherent in both magnetic stripe and 125kHz prox technologies, still thousands of facilities continue their use. Migration to secure chip-based contactless and NFC credentials is essential to guard against card cloning and other security threats.


Related Posts

Subscribe to our weekly newsletter


Kent State autonomous store
May 23, 24 /

Kent State autonomous store uses campus cards from CBORD for entry, payment

Kent State University’s Flash Bistro is a grab-and go store that offers snacks and light meals. These days, the meals seem even lighter as students enter the store, pick up their food, and exit without interacting with a cashier or self-checkout device. With the help of Kent State’s transaction system provider, CBORD, students to present […]
Assa Abloy trade show booth video
May 15, 24 / ,

Entertaining video shows range of lock options from Assa Abloy and HID

Visiting a company’s booth on an exhibit hall floor is often informative, but it is not alway funny or entertaining. But when the tour is led by two of the security industry’s social media leaders, it can be both. In this video from ISC West, Phil Coppola, HID’s Mobile Evangelist, tours the Assa Abloy booth […]
Atrium and Towson autonomous convenience store with zippin
May 09, 24 / ,

Towson University and Atrium discuss new autonomous market

New technology at the Tiger Express convenience store at Towson University let's students walk in, grab products, and walk out without interacting with a employee or using self-checkout. In this CampusIDNews Chat, we get the lowdown from Myron Esterson, IT Manager, Auxiliary Services at Towson and David McQuillin, Vice President of Sales and Atrium Co-Founder. […]
CIDN logo reversed
The only publication dedicated to the use of campus cards, mobile credentials, identity and security technology in the education market. CampusIDNews – formerly CR80News – has served more than 6,500 subscribers for more than two decades.

Attn: friends in the biometrics space. Nominations close Friday for the annual Women in Biometrics Awards. Take five minutes to recognize a colleague or even yourself.

Feb. 1 webinar explores how mobile ordering enhanced campus life, increased sales at UVA and Central Washington @Grubhub @CBORD

Load More...
CampusIDNews is published by AVISIAN Publishing
315 E. Georgia St.
Tallahassee, FL 32301[email protected]
Use our contact form to submit tips, corrections, or questions to our team.
©2024 CampusIDNews. All rights reserved.