About 50 years ago, organizations requiring a higher security level began replacing their locks and keys with electronic card-based access control systems. Through the decades, plastic has remained the favorite medium for employee credentials. But a new generation of credentials that go beyond the card has arrived.
Don’t expect plastic credentials to disappear entirely in the near future. Yet, it’s become apparent many security directors are looking at other solutions that offer improved protection, greater convenience and overall lower costs.
The COVID-19 pandemic has organizations demanding systems that eliminate any opportunity for intentional or incidental contact with a device. And many companies are already planning to replace their aging Wiegand wiring protocol that lacks any signal encryption, making it easy for hackers to intercept communications between proximity cards and readers.
Also, it’s not unusual for enterprise organizations to install different card technologies in multiple facilities. A card providing employees access to a New York office may not work at corporate buildings in California.
Alternative Access
Biometrics offers a convenient, quick and accurate solution for access control for any facility size or type. Plastic credentials may be shared, lost or stolen, all virtually impossible with a biometric – such as an iris pattern, facial shape or fingerprint – that’s part of a person. These technologies are highly accurate and eliminate the need to carry a card or remember a passcode. Many mission-critical facilities already use biometric readers in conjunction with card-based systems as part of a two-factor identify authentication process.
Employees may be recognized at any company facility following a one-time enrollment into a biometric database. Accessing a door using biometrics takes a second – about the same as required for a card-based system. And like card-based access control, the biometric system software may limit which doors, days and times an employee may enter.
A biometric access control system can provide a card-free, end-to-end solution that bridges an organization's physical and logical security needs. Here’s a scenario of how that might work using an iris-based system.
Upon arrival at work, an employee looks into an iris reader mounted at the door. The system matches her scan with a previously enrolled template and instructs the access control system to unlock the door. An elevator lobby reader ensures she is taken only to her restricted floor. A reader outside her office provides another barrier. Finally, one more reader, integrated with software on her workstation, ensures only she can access the computer and its data.
Biometrics Integrate Into Most Applications
Biometric systems integrate with video surveillance and other security systems. Also, biometric readers serve as employee time and attendance function. However, unlike cards, they eliminate a payroll fraud known as buddy punching in which one employee uses another person’s credentials to clock in for an absent person. Biometrics are also used to accurately identify patients being treated in healthcare centers, prisoners being released from correctional facilities, passengers looking to clear airport security, among a few locations.
With iris and facial recognition systems, employees never come into contact with readers. Identity authentication takes place at distances of a foot or more. Biometric technologies are also easily scalable. India’s national identity program, used for employment, passports, social services, banking and other activities, has more than one billion people enrolled in an iris-based system.
Biometric readers are also challenging to spoof through built-in liveness detection. This largely eliminates identity authentication based on photographs, prosthetics and even amputated digits and eyeballs.
Making the Case for Contactless
Contactless identity solutions are hugely popular during the current pandemic. According to analysts at market researcher Frost & Sullivan, contactless solutions and biometrics are anticipated to be a $46 billion global market by 2024.
However, a couple of recent studies have shown some problems with leading biometric technologies. The federal National Institute of Standard and Technology (NIST) recently found new contactless fingerprint readers are not as accurate as contact scanners. Another recent NIST study reported that contactless facial recognition systems are up to 50% less accurate when employees wear masks. Contactless iris recognition systems are highly accurate and unaffected by personal protective equipment, including gloves, masks and goggles.
Smartphones are another potential card-killer as virtually all employees now carry smartphones. Use of the technology has been proven by the hospitality industry, which for years has enabled frequent hotel guests to bypass the front desk and go directly to their room using a smartphone to open the door.
On the job, workers receive an email containing an app with the data required to turn a smartphone into a virtual key. The phone communicates with the readers using an encrypted Bluetooth signal. The process also accommodates visitors, enabling them to directly enter pre-approved doors without registering at the front desk. Visitor credentials may be set to expire as the person leaves.
These apps may contain multiple security protocols that vary between facilities or even within the same building. Entering a computer room, for example, may require the smart credential along with biometric authentication.
Smartphones offer several security safeguards. People don’t generally lend their phones, loaded with personal information, to another employee. Lost or stolen phones are likely to be noticed quickly, enabling them to be removed from the system. A smartphone typically requires a PIN or biometric to open it. And employers can use a phone’s embedded GPS technology to track their location within the workplace.
Going Mobile
The costs of mobile credentialing are predictable with organizations paying only for credentials in use. Unlike plastic cards, mobile credentials may be remotely deactivated, issued, transferred and reused. This makes the technology a more sustainable choice. Adding new features and functions only require a wireless upload to the phone’s app and access readers.
The response ranges of mobile credentials are customizable. Some organizations prefer a hands-free solution that enables employees to keep their phones in a pocket or bag while entering pre-authorized doors. Other facilities may want the mobile credential to be presented near a single reader.
Higher education campuses also may use mobile credentials as a one-card solution, enabling students, faculty and staff to use their phones to make purchases of food, supplies, event tickets and other necessities.
Smartphone credentialing is already making significant inroads in the security market. Gartner, a global research firm, estimates up to 20% of companies will have replaced plastic credentials with smartphones this year.
This is an excellent time to make a change from card-based access control. The cost and time involved in procuring, storing and printing cards may be overwhelming for many organizations. Imagine the annual process a large university undergoes as thousands of freshmen students arrive each fall. Also, Weigand systems need to be replaced by new, more secure cards and readers based on the Open Supervised Device Protocol (OSDP), an internationally recognized standard.
And there’s no reason the migration from cards has to be an all-or-nothing process. Organizations may begin adding biometric readers at doors to highly sensitive areas. New hybrid readers support mobile credentials as well as magnetic stripe, proximity and chip-based smart cards.
A new generation of access control credentials are proven and available. Options providing higher levels of contactless security, convenience and long-term cost savings are available. Decades ago, a better solution pushed aside key-based locks. It’s time now to do the same with the plastic access control card.
About the Author:
Mohammed Murad is vice president, global sales and business development for Iris ID.