Interesting as I did not know the key was left in the vehicle. Does the strong branding of the car help them out because it reduces the potential resale value? I perceive most stolen cars are "parted out", so this shouldn't matter much though.
Modern car security usually involves a coded key. The key is coded to an immobiliser computer, which is then coded to the main engine computer. Sometimes the key works by RFID. Without the correct combination of key/immobiliser/engine computer the car will never start. You can't just replace the key - it has to be ordered via the dealer and programmed to match the car - same goes for all the other computers. You can't just take out an engine computer from car A and put it into car B and expect it to work. Each is encrypted to only talk to it's matching set of key/receiver/immobiliser computer/engine computer - subsitute one out and nothing will work. The actual ignition lock is immaterial - and a lot of newer cars have done away with it altogether and just have a slot for the key and a start button instead.
So for someone like Zipcar etc, it wouldn't be economically feasible to try and develop new hardware for the car that adapted/circumvented the proprietary immobiliser security systems in modern cars. Much cheaper and easier to leave the original key in a locked box.
As for parting out- you're probably correct. Without an original set of keys, you're not going to get the car going again, because the only way to get a key is to apply to the factory for one. And they keep a list of stolen vehicles in the same way cellphone companies know which handsets have been stolen.
The flipside of all this - if you're purchasing a used car and only one key is available start asking questions why. If you go to the dealer to purchase a replacement key you might find out that the car has been blacklisted and no more keys are available. Cars that have been carjacked or stolen by stealing the owners bag with keys in it generally don't have the spare keys available.
My understanding is that ZipCar locks/unlocks the doors, probably by interfacing with the car body computer which handles lock/unlock functions.
The engine ignition security system is usually totally separate from the lock/unlock feature despite both functions being accessed from the same piece of hardware (ie the key/keyfob). So my guess is they've interfaced with the lock/unlock system but not the ignition system, which is why the key is still kept in the car for starting.
It's a bit more sophisticated than that--the keys won't start the car without the RFID Zipcard in the vehicle. So they've definitely tapped into the ignition system.
yes, thinking about it even if the ignition system is impossible to adapt to, you can still easily disable it by interrupting the power supply to the immobiliser. It's easy to further disable the ignition but not easy to circumvent the ignition. My guess is that their RFID system probably closes a relay in the power supply for the existing OEM ignition system. That way you couldn't start the car without the correct RFID card, but you still need the key.
I think a lot of the commenters here are overestimating the probability of car theft.
"The National Insurance Crime Bureau (NICB) reports that 2009 marked the nation's sixth consecutive year of declining vehicle thefts in the United States. U.S. motor vehicle thefts declined 17.1 percent from 2008 to 2009—the largest annual decline in decades."
Most of this decline will be related to better in-vehicle security systems rather than a more obedient public.
The interesting stats are the thefts of older vehicles - which are way higher than new vehicles because of the crude anti-theft measures in 80's and 90's cars.
