Yep. Bad actors will still find a way circumvent the system, either by copying keys or other means. It's a matter of risk and liability mitigation, not prevention.
I'd be curious to know if you're building a reputation system for renters/rentees (users), since that would provide value in such a market to fight it.
We are not. This is mostly because we are an infrastructure company that takes care of bridging the air-gap between the devices out there and the software applications that want to use them. Whether the locks are used for hospitality, self-storage access, or rentals is somewhat dependent on the context, and there's a lot of complexity that is unique to each vertical. We think our (beta) customers do a better job at this than we could.
I'd be curious to know if you're building a reputation system for renters/rentees (users), since that would provide value in such a market to fight it.