Update to Swiping your ID: a follow-up study of Hotel key-cards.
Although they were able to find readable ISO Standard data on about 15% of the cards while using an off-the-shelf USB card reader, the data didn’t appear to have anything personally identifiable — the single exception being one card that included four digits in an otherwise random string of characters that were the same as the last four digits of the credit card used to reserve the room.
Magtek also used specialized readers to view non-ISO data stored on the cards and were unable to find any personally identifiable data on them.
The article, and associated sidebars at the bottom of it, go on to provide a summary of how hotel key-card systems work and why it would be very unlikely that credit card info or other sensitive data would be stored on them. Although they conclude that there shouldn’t be anything to worry about while traveling in the US, they also cautioned that there may key-card systems in Europe, and possibly some older key-card systems still in use in the US that could have credit card data on the key-cards, but that it’s not very likely.