The biggest challenges for the end issuer with identity
11 March, 2013
category: Contactless, Corporate, Government, Smart Cards
By Kathleen Phillips, vice president of distributed issuance, Datacard Group
One of the challenges companies face with establishing or upgrading an identity solution is that there is no single “right” solution. It all depends on many factors, including selecting the best solution for the size of an organization – needs change from larger enterprises to smaller organization. Also, we have to consider the business needs – such as if they require the ability to protect physical property and people, and/or they need to also protect intellectual property (IP).
To ensure that the right solution is appropriate, it is in the company’s best interest to perform a thorough analysis of what the current situation is of the company and industry, as well as what the needs are for a successful program and implementation. Organizations should do this analysis in partnership with identity solution providers and/or consultants.
Here are some areas to explore as you determine the right solution for your organization:
Situation Analysis
- What legacy security systems are used for physical and logical security, if any?
- What technologies are currently used for the three factors of authentication, if any?
What you have: such as a card, fob or mobile device. Technologies can include smart cards, radio frequency identification, digital photo, bar code, magnetic stripe and security printing features such as holographic card overlays. - What you know: which would be considered a PIN or password.
- Who you are: for example, fingerprint, face recognition, hand geometry,iris scan
- What do the various stakeholders like about the current system? Dislike?
- What problem(s) are we trying to solve?
Needs Analysis
- Document a list of goals with a new identity solution, in priority order, based on feedback from various types of stakeholders in your organization
- Determine any limitations needing to be taken into account, such as budget, security vs. user privacy, current infrastructure, a desire to utilize as much of the legacy system as possible in the new solution
- Assign a number on a scale of 1-10 to each of the below, with 10 being most important.
- People and physical property
- Intellectual property
- Return on Investment (ROI) analysis should be performed. Costs are relatively easy to identify.
- Quantifying the benefits/return is more difficult and subjective. Work with those in your organization responsible for risk management to arrive at the payback components and amount. Your identity solutions partner and/or consultant will also be of great value in documenting a defendable ROI. Be sure to list all assumptions in your ROI document.
Keep in mind that there are “trade-offs” based on the type of solution you will want and require. Some to consider include, among others:
- Privacy vs. security—a higher level of security can increase privacy concerns of the user. Biometrics are often used in high security environments since they provide the ultimate “who you are” authentication. However, there can be user concern about storage of a fingerprint in the company’s database or having a light beam in your eye.
- Security vs. cost—the greater the security, the higher the cost. Protecting IP in addition to physical security will cost more than physical security alone. However, the benefit might well outweigh the additional cost.
An example of this includes requiring multi-factor authentication, which will usually cost more than single factor authentication. For instance, having a card — what you have — and a PIN — what you know — two-factor authentication for physical security requires the additional cost of PIN pads on all readers. Another two-factor example includes pairing a fingerprint scanner — who you are — with a PIN pad is also a higher cost than a PIN-only entry device at each door.
Even with a single-factor solution, there can be a security vs. cost tradeoff. The vast majority of single-factor solutions utilize a card which has either proximity or contactless/RFID embedded in the card and there is a reader at the door with the same proximity or RFID technology. Adding card personalization features, for example digital photos, micro text printing, secure overlays, and/or different card technologies, such as contact or contactless, to the card will greatly increase the level of security.
They will also increase cost, which is often justified.
Protect Your Investment
As we all know, technology, market and consumer demands, and industry trends continuously evolve. And, as these things continue to change, it’s important for companies to integrate technology for their identity programs that will help them protect their investment as well as grow and change with their needs.
The backbone to any program is the technology that helps support the personalization, security and issuance. Finding a trusted partner in helping evaluate needs, can easily integrate into existing systems seamlessly, scale to fit any issuance program’s needs, and is efficient and easy-to-deploy will ensure that companies are getting the best return on investment (ROI).
About the AVISIAN Publishing Expert Panel
At the close of each year, AVISIAN Publishing’s editorial team selects a group of key leaders from various sectors of the ID technology market to serve as Expert Panelists. Each individual is asked to share their unique insight into what lies ahead. During the month of January, these panelist’s predictions are published daily at the appropriate title within the AVISIAN suite of ID technology publications: SecureIDNews, ContactlessNews, CR80News, NFCNews, DigitalIDNews, ThirdFactor, RFIDNews, EnterpriseIDNews, FinancialIDNews, GovernmentIDNews, HealthIDNews, FIPS201.com, IDNoticias es.