JACKSON, Miss. (WLBT) - A key duplication company highlighted two years ago by 3 On Your Side for security concerns has now expanded its services to include electronic keys, drawing more criticism in the process.
Those electronic RFID keys, used for secure buildings and apartment complexes, were originally intended to be much harder to copy than a traditional key.
In 2018, KeyMe started allowing people to copy them at self-service kiosks across the country, with at least four locations in Mississippi.
“I don’t have a good feeling about that,” said Eve Houston, who works in downtown Jackson and uses one of those access cards for her job every day. “It could create a lot of problems.”
KeyMe’s process -- which I completed at Kroger in Brandon -- was incredibly easy.
I made a copy of my WLBT employee badge and apartment FOB, scanning both and filling out the forms in a matter of minutes.
The price: $25 apiece.
“I don’t think just going to a kiosk is a good idea for anybody to be able to get access. I think you should get it where you originally got your ID," said Melissa Lynch, who also works in downtown Jackson.
Security expert Juan Cloy said ease of use is one of the biggest concerns here.
“In this day and age, we’re sacrificing security for convenience," Cloy said.
KeyMe is becoming increasingly popular in Mississippi.
CEO Greg March said the company has solved 1,101 emergency lockouts here, saving customers an estimated $100,000 over traditional locksmiths.
However, we’ve seen potential security issues with this company before.
A 3 On Your Side investigation two years ago revealed potential problems with the technology, which at that time, focused on duplicating physical keys.
Essentially, one could take their phone out, download the KeyMe app, and take a photo of a key to get a copy made, whether that’s their key or someone else’s.
The app wouldn’t know the difference.
The only way the company would find out if the key was illegally copied would be if they’re contacted by police, which would only happen if that key was used in a crime.
According to March, that’s never happened.
March also said that feature that allowed users to photograph their keys in the app to make duplicates was removed in September “because the kiosk experience was superior."
He did not say whether the move also came as a result of security concerns.
Now the company’s venturing out into a new landscape — copying electronic keys — and promising to be the most secure service of its kind in the country.
Cloy doesn’t buy it.
“What they may tell you to make you feel all warm and fuzzy, I would caution against that," Cloy said.
The threat here, Cloy said, comes from when you leave something unattended, like keys, an access card or a FOB.
Say someone picks that FOB up.
Within minutes, they can copy it at a KeyMe kiosk and put it back.
And the original owner of that electronic access key would never know.
When I bought my keys, the kiosk asked for my name and mailing address because, for electronic keys, it would have to mail them to me within three to five days.
I also had to pay with a credit card, which KeyMe says makes that process even more secure.
“I know what they’re saying. ‘We use a credit card. We can ID them.’ That’s not why they’re using a credit card, to ID them. They’re using the credit card to get the money. There are things that they should do as a company to ensure all measures of security," Cloy said.
Officials with KeyMe say the company uses credit cards instead of cash because of the increased security and convenience.
Part of that increased security includes purging a person’s mailing address as soon as the order is fulfilled.
How then could the company provide useful information to law enforcement if someone’s key falls into the wrong hands?
KeyMe’s law enforcement relations director, Edward Deveau, said the company intentionally stores as little personal information as possible...yet also says they have the ability to provide accountability for the first time ever in this industry.
Deveau also said the company could team up with its payment processor to identify the person who made the purchase.
“Somebody who does this full time, a full-time thief or scam artist, most of the time they don’t have credit cards in their name. They can easily get a stolen credit card, pay for it, and there’s no trace of them other than hopefully there may be some video footage," Cloy said.
Of course, if the credit card doesn’t belong to the person making the key, Deveau said the company captures footage from its kiosks and security cameras located nearby, which could help law enforcement.
Deveau said the company keeps those images for three years.
Still, some who work in downtown Jackson remain skeptical, like Houston
“Most of these companies use these little keys to get in. I just think it could create problems, it really could, if it gets in the wrong hands," Houston said.
Marsh said the electronic RFID keys are much more secure than traditional ones.
“What RFID keys are really highlighting is the lack of security with traditional brass keys. RFID keys can be disabled and are 100 percent traceable; brass keys aren’t,” Marsh said. “We have made millions of keys and are not aware of any key we’ve made used in a crime. We are the riskiest option for someone with malicious intent.”