Making the switch to contactless
10 February, 2009
category: Contactless, Corporate, Financial, Library
Switching out a physical access control system can be an intimidating process. The switch from 125-kHz proximity technology to 13.56 MHz contactless smart card technology can seem daunting.
But as prices have come down and the advantages of the technology increases, corporations have more reasons to look at migrating to new technology. Two physical access control experts give their tips on making the switch.
Jack Bubany, director of product marketing, credentials and physical access control for HID Global, realizes there is a “natural fear” by some of contactless technology. “They don’t fully understand how it works or the level of security it actually provides,” he says. “Globally, most people have explicit confidence in contactless technology. In fact, many markets outside the U.S., such as China and Latin America, moved directly to using contactless technology for physical security, bypassing magnetic stripe (and prox) altogether.”
But there are still problems for those who have an installed base of prox card users, says Roger Roehr, manager of the government vertical with Tyco Fire & Security’s Access Control and Video Systems business unit, Reston, Va. “What I see in the corporate world is not so much making a switch to contactless as them saying, ‘hey, we’re going to unify our ID management system and put both 125 KHz prox and (13.56 MHz) contactless capability on the same card,” says Roehr. “They’ll reserve that mostly for biometrics because only contactless technology can store a template.”
Companies looking to transition to a contactless access system need to consider not only their older applications but also how to integrate the newer systems and what system to choose.
That’s why any conversions will take time and should be done in an orderly fashion. “The key to moving to contactless is to have a viable migration plan,” says Roehr.
One transition plan might simply be to replace legacy readers with the newer multi-technology ones as existing readers go bad, says Roehr.
Then corporations need to look at what Bubany calls “the next frontier” which involves making the move to more processing power. That “will further drive the convergence of multiple applications on to a single card,” he says, “keeping user information, financial data and company networks secure through multiple layers of identity verification.”
When it comes to deciding whether to go with multi-tech cards or readers, Roehr thinks there are cases when one makes sense over the others. “You have to look at the deployed base and move on from there.”
There are instances when both solutions are needed, says Roehr. “If you were a corporation moving into a brand new building and you re-badge all your people in that building, but you want to let your employees in from other buildings with older systems, then it makes sense to have multi-readers so they could use their legacy cards.” Still those cards would be for those in low-risk areas.
Numbers matter as well. “The number of employees and amount of facilities requiring physical access control really determine which solution would be best for a company,” says Bubany. “Many times we are seeing the use of both multi-technology cards and multi-technology readers deployed within the same company, tailoring the migration to the needs of each individual facility.”
Making the switch can be tough, but the increased security received from contactless smart cards should be worth it. One of the major difference between prox and contactless is that every transmission with the contactless card is encrypted.
“If you have true encryption you eliminate the ability to do a replay attack,” says Roehr. “With any other, you’re passing the same information each transaction so you’re replaying the attack, while encryption, made possible with contactless, supplies a random answer each time.” It’s the same philosophy behind contactless payments and why its proponents say it’s so hard to capture a transaction since it changes each time the card is used.
But it’s about more than using 13.56 MHz technologies for security, says Bubany. “Since the introduction more than 30 years ago of magnetic stripe technology to physical access control, it has provided the market with basic access control. In the 90s with the addition of prox, customers embraced hands-free operation and maintenance-free readers. With the turn of the century and evolving customer needs, the 13.56 MHz smart card technology addresses the convergence of multiple application solutions on a single card, providing security and privacy, for both the company and the individual user.”
“People using 13.56 MHz contactless technology are looking for solutions that provide a higher level of security and privacy,” says Bubany.
Whether the war is over or there are still some battles to be fought, the eventual outcome seems to be a world of contactless access control … it’s just a matter of when.