Vingcard Hotel Key Cards

Vingcard lock generations — Classic, Essence, Signature, Allure, Flex

Vingcard traces back to 1976 when the first hole-card mechanical lock shipped from Moss, Norway. The first recodable card lock followed in 1979. ASSA ABLOY acquired Vingcard in 1994; the Elsafe merger in 2006 produced the "VingCard Elsafe" brand that operated until April 2024, when ASSA ABLOY Global Solutions formally consolidated the hospitality business under a single "Vingcard" master brand. Procurement teams writing about ASSA ABLOY hotel locks in 2026 should use "Vingcard" (no space, no caps) as the current brand and "ASSA ABLOY Global Solutions" as the legal-entity parent.

The current Vingcard hardware portfolio spans five families: Classic RFID (the workhorse mortise lock with the widest door-thickness range), Essence (in-door electronics, slim escutcheon), Signature RFID with BLE (the hospitality flagship with Apple Wallet / Google Wallet support), Allure (the "no-lock-on-the-door" concept where the reader sits in a wall plate beside the door), and VingCard Flex (marine and outdoor variant for cruise ships and offshore rigs). Senior and Solitaire are older lines that still appear on legacy estates.

Vingcard's marine division is the single largest functional differentiator versus Saflok, SALTO and Onity. VingCard Marine has installed locks on nearly 1,000 vessels and rigs worldwide; Royal Caribbean's adoption documents a single-ship deployment of 3,394 doors using Signature RFID with anti-cloning credentials. Service centres in Florida and Singapore back the marine programme. The fire-rated stainless A-class and B-class variants required for shipboard installations have no equivalent in the dormakaba or SALTO catalogs.

The table below maps each Vingcard generation to its door-thickness range, native credential and lock-case variants. Lock-case variants are a real procurement detail — ANSI, EURO, US ANSI, JPN and AUS form factors are stocked across the portfolio so that the same chip-family decision applies regardless of regional mortise standard.

Chip-family compatibility per generation — including the eStore SKU matrix

Vingcard's eStore publishes a precise per-credential SKU matrix; the matrix is the authoritative source for which chip works on which reader head. The key procurement-relevant rule: MIFARE DESFire EV3 is supported only on reader-type 3G or newer, not on the E100 / C100 reader variants used in older Essence and Classic deployments.

• MIFARE Classic 1K (ISO/IEC 14443A, 13.56 MHz) — the historical default across Classic RFID, Essence and Signature. Vingcard eStore lists Classic 1K MAD2 sector-layout SKUs as the standard. Crypto-1 is publicly broken; new estates should sequence migration to Plus or DESFire.
• MIFARE Plus EV1 4K — Vingcard's standard upgrade-from-Classic credential. SKU on Vingcard eStore as "RFID keycard MIFARE Plus EV1 4K". SL1 mode preserves Classic backwards compatibility; SL3 brings AES-128 authenticated sessions.
• MIFARE DESFire EV3 4K and 8K — Vingcard's premium credential. SKUs on Vingcard eStore as "RFID keycard MIFARE DESFire EV3 4K" and "DESFire EV3 8K". Reader-type 3G or newer required; explicitly NOT supported on E100 and C100 reader variants. Verify the reader-type designation with Vingcard service before ordering DESFire stock.
• MIFARE Ultralight EV1 — standard low-cost paper-card inlay for high-throughput properties.
• MIFARE Ultralight AES — announced 2024. Common Criteria EAL3+ certified; 128-bit AES key length; secure messaging over RF. The newest credential in the Vingcard portfolio and a strong procurement signal for properties that want AES-grade security at Ultralight price points.
• Magstripe (Track 2 / Track 3) — supported on Classic RFID dual-track variants. Required during magstripe-to-RFID migration windows where the property has a mix of legacy magstripe locks and current Vingcard reader heads.
• LEGIC — not standard on Vingcard; appears occasionally on European custom integrations.
• 125 kHz proximity (HID Prox / EM4100) — not natively supported on Vingcard hospitality locks.

Back-end lifecycle — Vision, Visionline and Vostio Access Management

Vingcard has run three concurrent back-end product generations. The card programme depends on the back-end as much as on the reader head because the credential payload, site-key management and PMS connector live there. A material procurement detail: Vision is the legacy platform disclosed in the F-Secure 2018 attack; Visionline is on-premise current; Vostio is the cloud successor. Mixing these in conversation produces confusion (and worse vendor selections).

• Vision — the legacy on-premise back-end. Affected by the 2018 F-Secure InsecureKeys disclosure. Properties still on Vision in 2026 should have the February 2018 patch applied; verify with Vingcard service before scaling card stock.
• Visionline — the current on-premise back-end. NOT affected by the F-Secure Vision attack despite the similar name. Visionline is the typical platform on Vingcard estates running Signature or Allure that have not yet migrated to cloud.
• Vostio Access Management — the cloud-native successor. GDPR by design. Hyatt is a documented Vostio customer for Apple Wallet rollouts. Vostio Access Management replaces local Visionline servers and is the recommended path for new deployments.
• Encoder 4010 — the current Vingcard desktop encoder. USB + Ethernet, PC/SC compliant. Documented on Vostio docs and on FCC record (predecessor model 681001025C1, FCC ID Y7V-681001025C1).
• VConnect — Vingcard's integrations hub launched 2024. Lists Oracle OPERA Cloud, Cloudbeds, Hotelkey, Mews and Apaleo among the named certified PMS partners.
• Lock front-end protocols — Visionline / Vostio communicate to locks via wireless (online) or via portable programmer for offline locks. Online wireless protocol updates propagate site-key changes without an SVN-style data-on-card round trip.

Mobile Access — Apple Wallet, Google Wallet, FLEXIPASS, two-app iOS history

Vingcard's mobile-access track is among the most developed in hospitality. Apple Wallet and Google Wallet are both supported on Signature, Allure, Essence and current Flex hardware with the back-end on Visionline or Vostio. The mobile-app history is a small procurement-confusion point worth flagging.

• Apple Wallet — Vingcard's flagship wallet integration. Documented on the Vingcard product page; supports iPhone and Apple Watch unlock, Find My remote disable, and remote credential delivery from the back-end. Hyatt is a documented adopter; Club Quarters rolled out wallet-compatible room keys across all hotels in January 2025 as the first chain to do so.
• Google Wallet — added in 2024 per Hospitality Net. NFC-based unlock on Android wallet-enabled phones; covers Classic + Signature RFID reader heads.
• FLEXIPASS — a named third-party mobile-key bridge that integrates with Vingcard and is commonly deployed in multi-vendor estates where the property wants one mobile-key provider across dormakaba Saflok, SALTO and Vingcard hardware.
• Two iOS apps — Vingcard has two iOS apps on the Apple App Store. "Vingcard Mobile Access" (id 1403770732) is the current BLE app. "Hospitality Mobile Access" (id 1017290566) is the legacy app and remains downloadable but should not be the deployment target for new rollouts. This split causes real-world buyer confusion; clarifying it on a buyer's-guide page is worth doing.
• OpenKey × Vingcard — earlier third-party mobile-key integration; still active on some properties. Treat as a backup option rather than the primary track.
• Mews + Vingcard digital wallet (2025) — Mews announced itself as "the first and only PMS to offer native digital key for smartphone wallet platforms" via Vingcard integration; useful procurement signal for Mews-on-Vingcard properties.

PMS integration — OPERA, Mews, Apaleo, Cloudbeds, Hotelkey via VConnect

Vingcard integrates with major hospitality PMS platforms through its VConnect integrations hub. The integration list is more aggressive than dormakaba Saflok's, partly because Vingcard's cloud-native Vostio back-end makes API-driven PMS pairings straightforward.

• Oracle OPERA — supported on OPERA 5 (on-premise) and OPERA Cloud through the VConnect-listed Oracle OPERA integration.
• Mews — first-class integration; Mews announced itself in 2025 as the first PMS to offer native digital-wallet key issuance via Vingcard.
• Apaleo — VConnect partner; common pairing for cloud-native independents and small chains.
• Cloudbeds — VConnect partner; documented integration path for Vingcard estates running Cloudbeds.
• Hotelkey — VConnect partner.
• Clock PMS, InnQuest and other regional PMS platforms — historically integrated against Vingcard; verify current connector versions before assuming a like-for-like upgrade after a PMS refresh.
• Front-desk workflow — encoder 4010 sits on the front-desk PC with the appropriate connector for the property's PMS; Vostio cloud installations use a local IO bridge to bridge cloud PMS reservations to USB encoder hardware.

Security update — F-Secure 2018 InsecureKeys attack on Vision (not Visionline)

In April 2018 F-Secure researchers Tomi Tuominen and Timo Hirvonen disclosed a master-key attack against Vingcard's Vision back-end after a 15-year investigation that started from a stolen-laptop incident at a 2003 Berlin hacker conference. The attack used a Proxmark RFID research device to harvest the master key from any legitimate Vision-issued card and forge a master credential in roughly twenty attempts. The disclosure ranks alongside the 2024 Saflok Unsaflok / CVE-2024-29916 incident and the 2012 Onity HT-series Brocious disclosure among the largest hospitality-lock disclosures in industry history.

The critical procurement detail: the attack affected Vision (the legacy on-premise back-end) — NOT Visionline (the current on-premise back-end), despite the similar name. The two products are commonly conflated in retail-press coverage. Vingcard / ASSA ABLOY shipped a patch in February 2018; the scope at disclosure was estimated at 500,000 to 1 million locks across approximately 140,000 hotels and 42,000 facilities in 166 countries.

For card procurement in 2026: ordering new card stock does not by itself remediate or expose the Vision vulnerability. Properties whose locks are still backed by an unpatched Vision installation should sequence the February 2018 firmware update before scaling card stock. Estates on Visionline or Vostio Access Management are not affected by this disclosure. New deployments should standardise on Vostio Access Management to leave the Vision surface behind entirely.

Cruise and marine — VingCard Marine specifics

Vingcard's marine division is a meaningful procurement differentiator. Cruise lines and offshore rigs run unique environmental constraints (salt-spray, wash-down, fire-rated stainless cabinetry, A-class and B-class fire doors) and operational constraints (single-ship deployments of 3,000+ doors in compressed dry-dock windows). VingCard Marine has installed locks on close to 1,000 vessels and rigs worldwide.

• Royal Caribbean adopted Vingcard Signature RFID with anti-cloning credentials; one documented deployment covered 3,394 doors on a single ship.
• Service infrastructure — VingCard Marine maintains service centres in Florida (USA) and Singapore for cruise-line refurbishment and warranty support.
• Lock variants — A-class and B-class fire-rated stainless variants required for shipboard installations are stocked specifically for marine use; not available in the standard land-side Vingcard catalog.
• Card stock for marine — Vingcard supplies anti-cloning RFID credentials specifically for cruise operations to address the higher exposure of shipboard card stock to attack rehearsal between voyages.
• Other cruise / OEM partnerships — Vingcard Marine references the major cruise lines and several oil and gas operators across decades of marine deployments.
• Procurement note — properties operating cruise or yacht hospitality businesses should treat Vingcard as the default option. Competitor platforms (Saflok, SALTO, Onity) do not maintain comparable marine programmes.

Common field failure modes

Field failures on Vingcard estates follow a predictable pattern. Understanding where the break usually happens shortens the troubleshooting cycle and prevents unnecessary card replacements.

• DESFire EV3 stock rejected on a reader-type E100 or C100 lock. The DESFire EV3 4K / 8K SKU is explicitly NOT supported on E100 / C100 reader heads regardless of back-end version; verify reader-type designation before ordering DESFire.
• Vision-back-end estate not patched against the 2018 InsecureKeys attack. The symptom can present as guest-card cloning failures or unexplained access logs; firmware update rather than card change is the correct remediation.
• Encoder 4010 enumerates but Visionline rejects card writes. The PMS connector and Visionline build are out of sync after an upgrade; reinstall the connector to match the Visionline version.
• MIFARE Classic sector-key mismatch after a Visionline reinstall. Re-export the site key from Visionline and re-initialise the encoder before issuing test cards.
• Apple Wallet key fails to provision on a Signature lock. Verify that the property is on Vostio Access Management (Vision and Visionline cannot drive Apple Wallet without the Vostio bridge) and that the lock firmware is on the wallet-enabled line.
• Cruise / marine card reads degrade after wash-down. Verify the lock and card combination is the marine-rated variant and that the antenna seal has not been compromised; substitute card material if the inlay is showing moisture-ingress signs.

Card material and thickness constraints

Vingcard reader heads accept standard hotel card stock without surprises. The constraints to plan around are reader-type compatibility, marine environmental factors and the wallet-key transition workflow.

• Standard ISO/IEC 7810 ID-1 thickness (0.76 mm ± 0.08 mm) is the safe default across Classic, Essence, Signature, Allure and current Flex reader heads.
• Thicker cards (1.0–1.2 mm) — premium PVC, wood-effect, recycled-content or bamboo cards — read reliably on Signature, Allure and Essence reader-type 3G or newer. Older Classic reader heads can be marginal above 0.9 mm.
• MIFARE Ultralight AES (CC EAL3+, AES-128) is the new low-cost-yet-secure option for high-throughput properties — paper and PVC inlays both available.
• Metal-edge or anti-metal cards are not recommended on Vingcard hospitality reader heads; the shielding detunes the antenna and causes intermittent reads.
• Cruise / marine card stock — Vingcard supplies sealed PVC anti-cloning credentials specifically for shipboard use; the seal protects against salt-spray and wash-down ingress.
• Dual-interface (magstripe + RFID) cards remain in stock for Classic RFID dual-track migration estates; verify track format with Vingcard service before ordering.

What to validate before scaling

A Vingcard pilot should exercise the chip, the reader-type designation, the encoder firmware, the back-end platform and the PMS connector together. Cruise / marine pilots add salt-spray and fire-door validation to the list.

• Test the card on the actual Vingcard reader-type designation. DESFire EV3 stock failing on an E100 or C100 reader-head is not a card-quality issue — it is a documented incompatibility in the eStore SKU matrix.
• Run a full check-in, extend, re-encode and cancel cycle on a live PMS reservation through the actual back-end (Vision / Visionline / Vostio).
• Log the lock firmware, encoder firmware (4010 or 681001025C1) and back-end version for every tested unit. Vingcard service will ask for all three before any escalation.
• If the property is on Vision back-end, confirm the February 2018 InsecureKeys patch is deployed before scaling. Visionline and Vostio properties can skip this step.
• For cruise and marine deployments, validate the antenna performance after wash-down cycles and confirm the fire-rated stainless variant is in scope.
• Plan a small (100–200 card) first production batch before scaling to the full property order; most field failures show up in the first 30 days of live issuance.

FAQ