Beware of Unauthorized Key Bumping

Key bumping is a lock-opening technique that has been used by locksmiths for more than 75 years but was mostly kept from public eyes and knowledge – until recently.

Thanks to the popularity of such Web sites as YouTube, as well as other readily available how-to video tutorials and full-length training seminars, this well-kept trade practice is now very public. Campus officials need to be aware of this vulnerability and take appropriate steps to reduce the risk of unauthorized entry to their facilities.

A bump key is a lock key in which the teeth have been ground down to the lowest level, known as level 9. Other slight modifications are also made so the key can slide slightly deeper than normal into the lock.

Then, with a little tension on the lock pins and a precise sharp impact on the bump key, the pins are momentarily bounced in an open position and the key turns to open the lock. Existing keys as well can be easily filed down and made into a bump key. Less than a dozen popular key styles provide 80 to 90 percent of all basic U.S. locksets.

Almost any existing tumbler-type key lock (even some thought to be high security key locks) can easily be opened. To compound matters, organizations such as The Open Organization of Lockpickers or TOOOL promote the art, and yes the sport, of lock picking and key bumping.

Premade bump key sets can be purchased openly on the Internet. They are often referred to as “depth keys.” A Google video search on “key bumping” may surprise you.

According to noted security expert Marc Tobias, who is the principal attorney of Investigative Law Offices in Sioux Falls, S.D., “Bumping is a real threat. If you have conventional pin tumbler locks, they are at risk. If a burglar wants to bump open your locks and you have pin tumbler mechanisms, then there is a high probability that your lock can be compromised.”

Presently, there is no bumping-resistance test for lock standards. However, a hospital, school or university can combat its vulnerability to key bumping and enhance lock security by installing locks that have advanced technology such as sidebars. Tamper switch circuits/alarms should also be considered.

Don’t forget that many standalone, electrified door locks use common type tumbler key sets as physical key overrides. Some manufacturers can provide nonkeyed versions, which help to eliminate a lock’s key-bumping vulnerabilities.

Campuses can also add access control equipment that can be controlled through a dispatch center or central station. This service is a particularly attractive add-on for campuses that already have alarm monitoring.

A problem with key bumping is there is usually no noticeable physical entry damage. Could this start counting for some false alarms? Will the insurance company pay for losses with no physical damage? These concerns provide even greater justification for professionally monitored alarm equipment.

In the past, central station or dispatch center support of standard remote access hardware required additional human resources. However, new remote support automation software can drastically reduce the drain on personnel.

Another great feature is redundancy since remote central station/dispatch center support allows onsite security guards or police officers to be more mobile. Redundant access control support also provides backup in case of a natural disaster.


Bob Dolph has served in various technical management and advisory positions in the security industry for more than 30 years.

To subscribe to Campus Safety magazine, click here.

Get Our Newsletters
Campus Safety Online Summit Promo Campus Safety HQ