Organizations struggling with the contactless conundrum
Legacy 125-kilohertz proximity technology is still in place at around 70% to 80% of all physical access control deployments in the U.S. and it will be a long time before that changes, says Stephane Ardiley, product manager at HID Global.
The above scene, however, is starting to play out more frequently as corporations, educational institutions and government agencies migrate from older technologies to contactless. Case in point, U.S. federal agencies are replacing prox or in some cases even magnetic stripes with contactless smart cards in order to comply with government mandates, Ardiley explains.
Still, it will be years before contactless card shipments overtake proximity in the Americas. IMS Research predicts that in 2016 contactless shipments will eclipse proximity, says Paul Everett, senior manger for the security team at the consultancy. Obviously, obstacles to contactless adoption still remain, even more than a decade after international standards were first released and nearly two decades following wide scale product availability.
Opinions vary as to the root cause of the delay. Many cite high replacement costs for some enterprises. Others blame the supply chain, noting that physical access control dealers and local security integrators have been slow to push clients to new technology. They believe it is easier and more profitable to stick with the older solutions that they have been selling for years and fully understand.
Still there are many reasons a migration from older access technologies is inevitable. The biggest is the increase in security. “Proximity cards and mag stripes are basic technologies when it comes to physical access control,” Ardiley says. “There is no security, they’ve been hacked, there’s no protection of data, no privacy, everything is in the clear and it’s not resistant to sniffing or common attacks.”
Unlike prox technology, contactless smart cards are resistant – some would say impossible – to clone
In most cases the cards have the ID number printed on the back. If someone obtains the card they can take that number, encode a new card and use it to gain access, Ardiley says.
Unlike prox technology, contactless smart cards are resistant – some would say impossible – to clone. The data in the card is encrypted and the communication between a card and reader is secure, says Ardiley.
Despite the security risks, prox isn’t going away anytime soon, says Jason Hart, executive vice president for identity management and cloud solutions division at the Identive Group. “Some people are oblivious to the risk and those who aren’t accept prox as a convenience tool rather than a physical security tool,” he explains.
Many of the enterprises that feel this way deployed prox a long time ago and simply haven’t looked back since, Hart explains. “Customers were sold on that fact that it’s secure and they never really questioned it,” he says. “They deployed in the early 1990s and haven’t done any assessment of the security technology since then.”
The lengthy lifecycle of a physical access control system is another reason prox remains prominent, Hart says. Physical access systems can have life spans as long as 20 years and swapping out can be time consuming and expensive.