As part of the method for avoiding misuse of access authorizations of an ID-based access control system comprising at least one access control device (1, 1′) and a central server (2), with which the at least one access control device (1, 1′) can be connected for the purposes of data communication, a data record is stored for each customer medium in a database of the central server (2). The data record contains at least one contact address of the rightful owner of the customer medium and the at least one customer medium ID. During a first interaction between a customer medium and an access control device (1, 1′) of the access control system access is granted for a valid access authorization, and at the same time, or within a specified configurable time span after the interaction, a message is sent involving the data record stored in the central server (2) and the read-out customer medium ID to which the access authorization is assigned, A message is also sent to a contact address of the rightful owner of the customer medium requesting confirmation that he, the rightful owner, is currently using the customer medium. As long as no confirmation is sent by the rightful owner to a specified contact address of the access control system, any further entry via the access control devices (1, 1′) of the access control system, and in the case of a post-payment scenario, the exit from the area covered by the access control system, is refused.