- Security TWENTY
- Women in Security
Mark Green, Physical security specialist, at the infrastructure contractor LMG, writes of the shift from physical access cards to mobile credentials.
There are many who are breathing a sigh of relief as people begin returning to the office. Both employees and businesses want this process to run smoothly, be safe and seamless. Part of this transition will be smarter, more secure ways to facilitate and monitor access. Modernising access control is a great first step.
Moving from physical access cards to mobile credentials should be a top priority for businesses eagerly anticipating the full return to the office. Replacing traditional physical cards with smartphone credentials is one of the most direct routes currently available for widely sought-after administrative efficiencies while creating a user experience that is as simple and hassle-free as possible.
However, many companies (often wrongly) perceive that they are safer issuing employees with physical cards as cyber security and privacy concerns are limiting the widespread adoption of mobile credentials. Yet, these concerns are misguided. There are several problems associated with old-fashioned cards, and several benefits to using mobile credentials.
Physical access cards: out with the old
There are good reasons to say goodbye to physical access cards (PACs). In the first instance, looking after tens of thousands of physical cards is costly and time consuming, especially if the organisation has a high turnover of cardholders, as in the case of universities and colleges. One of the most ubiquitous gripes is that building entrants frequently lose or misplace their physical credentials, which building owners must then replace – this is an unnecessary expense, and not very environmentally friendly.
As more PACs are misplaced, the risk to organisational security grows. Many PACs are reliant on outdated technology such as low-frequency (125 kHz) proximity cards or unencrypted card serial numbers. Should these cards be obtained by bad actors, they are relatively straightforward to clone — leaving a building vulnerable to intrusion.
Another glaring issue with legacy systems such as PACs is the frequent inability to integrate with the rest of the technology in the building. Sometimes, this is due to older access control systems being locked to specific hardware — meaning upgrades can’t be implemented without stripping out the whole system. Often, the issue is that PACs rely on proprietary technology that simply isn’t designed to be integrated with anything else. A lack of integration between physical access control and digital security systems leaves an organisation vulnerable to intrusion from hackers and other criminals.
Mobile credentials: in with the new
One of the most obvious benefits of mobile credentials is that they can be issued electronically en masse, as well as seamlessly to visitors in advance of a visit, without having to wait or pay for physical card production. This saves on labour, costs, and is more environmentally friendly than using PACs.
As far as security goes, the smartphone credential, by definition, is already a multi-factor solution. A smartphone has three available authentication parameters: RFID card or tag, PIN and biometrics. As a result, the mobile credential is much more secure than PACs and doesn’t suffer from the security issues referenced above.
The key security benefit here is that you cannot have access to someone’s credentials without having access to their phone. And if the phone doesn’t work, the credentials won’t work. The credentials operate just like any other app on the phone: the phone must be on and unlocked. These two factors — availability and built-in multi-factor security verification — are why organisations should want to use smartphones in their upcoming electronic access control implementations.
In general, the read range of a mobile credential using BLE or NFC is greater than that of an access card, meaning a much more frictionless operation for the user.
Additionally, these access control features can be managed through an employee app that can also support with employee administration tasks such as site inductions or fire procedures. Having everything on one secure app like this provides a superior user experience for the employee, who can treat the app as a one-stop hub for all of their work-related needs. The potential addition of geo-fencing capabilities for compatible smartphones also means that the app only switches on when the smartphone gets closer to the building.
The shift to mobile credentials is beginning to speed up, but there’s still a way to go. The good news is that IHS Markit predicts that by 2023, mobile credentials will grow from 1pc of all credentials issued annually to 14 per cent and will be introduced as a prominent alternative to physical credentials across the globe. However, that’s still only a small fraction — demonstrating the opportunity is there for the taking for organisations seeking to cut costs and improve experiences for the employees using their buildings.