15 Sep 2021

Editor Introduction

Since the advent of the physical security industry, access control has been synonymous with physical cards, whether 125 kHz ‘prox’ cards or the newer smart card alternatives. However, other credentials have also come on the scene, including biometrics and even smart phones. Some of these choices have distinct cost and security advantages over physical cards. We asked this week’s Expert Panel Roundtable: How soon will the access control card become extinct and why? 

Physical security is the first line of defense and a critical part of an organization's security and risk mitigation strategy. Current access control approaches, such as cards, increase the risk of security breaches because they are so easy to lose or duplicate. Frictionless access through secured entryways is the ideal method to enter a space.  Instead of carrying an additional credential, people can now use the most secure and unique credential, their face. In addition, face biometrics technology allows for a touchless authentication solution that enhances health and safety measures by reducing touch points when entering secured areas in buildings.

Eric Trabold Nexkey Inc.

We gathered some very interesting data around the use of key cards in our annual Access Control Trends Report (published in early August): 44% of businesses are using key cards in the here and now, making it the leading credential. Having said that, the use of the smartphone as a credential (which now 98% of office workers have) has increased by an astonishing 64% year-over-year. Not only has the usage of the smartphone as credential increased, but it is the #1 choice, as future credential among survey respondents. This data shows us that a new credential is emerging rapidly. Will it make key cards completely extinct in the near future? Most probably not, but it will eat into their market leadership quickly. If the mobile credential continues on its growth trajectory, it will dominate the market by 2028 and key cards will have fallen to just 5% market share.

Access control in its traditional form is already moving into the history books. We now supply access and identity management platforms, and provide data to assist in more efficient use of the built environment. These systems are now more intuitive and provide a mine of data, which impacts across a multitude of business processes and systems. While we have doors and perimeters to monitor and control, we’ll have access control, but it has morphed more into the management side of the equation, rather than just the physical locks and keys traditionally associated with it.

Sean Foley Interface Security Systems LLC

Access control cards will go the way of the dinosaur, but they still have some life left in them. For the short term, they have plenty of utility in minimum security use cases and leave a valuable audit trail. But for companies that are more technology-centric, particularly those with high value assets, we’re seeing demand for next-generation access control, which includes increased integration with video surveillance systems and professional monitoring services. Since access control cards can be stolen, lost or copied, there’s clearly a trend towards multi-factor authentication, bringing the end-user’s mobile phone into the equation. Combining an access card with a PIN code dramatically increases security from single-factor solutions. The COVID-19 pandemic has made people more aware of common touch points and businesses are responding by increasing use of touchless access control solutions. As facial recognition becomes more accepted, it will likely become a core factor to authentication as well.

On the contrary, physical access control cards will continue to play an important role, alongside mobile IDs on phones, watches, wristbands and other devices. Almost 78 percent of respondents in an HID user survey said they would rather be issued both, a physical card and mobile ID, rather than one or the other. In some environments, such as hospitals, physical photo ID badges are mandatory and must be displayed above the waist for quick visual identification. Not only will physical cards endure, but there will be more choices. HID Global recently added to its card offering, the most feature-rich implementation of the latest MIFARE DESFire EV3 credential, reinforcing this technology’s full range of advanced security and privacy capabilities, with HID’s powerful model for identity data protection. It joins our Seos credential to provide robust high-frequency technology choices that are interoperable with our HID Signo, iCLASS SE and multiCLASS SE readers.

For starters, the access control card won’t disappear in the near future. We can’t limit access control to doors, as anywhere there is a lock, some type of authentication is needed, for example, gaining entry into your company’s parking lot with a badge or grocery pick up at your local market. Instead, we will see additional authentication methods added, such as biometrics and license plate recognition, among others, which are becoming increasingly popular. Contactless and touchless solutions are becoming more in demand because of the pandemic. What’s becoming important is to understand how these different methods can be used in conjunction with each other, as part of a multi-factor authentication scenario. The increased importance of interoperability is also at play here, as communication among devices becomes of greater importance, where multi-factor authentication is required.

Technology has evolved since the creation of access control cards, designed based on what could cost effectively be done with technology, to solve the specific use case. At the time, RFID readers were expensive and it was not an option to provide all employees with a reader. Therefore, the solution was to give all employees, the RFID tag embedded in a card, and have them transport the tag to the reader to monitor access. Today, the tables have turned, now all smart phones are readers, tags are inexpensive and available in a variety of form factors, proving lots of different design options to the use case of access control. For example, by combining a mobile application and NFC tags, we can not only monitor access, by simply tapping an NFC tag located at any entrance. But, we can now cost effectively measure and manage detailed work plans.

John Cassise RealNetworks Inc.

Extinct is a definitive word and because our industry is slow to adopt and change, I think we’ll have access control cards around for some time. However, I believe they are already starting to play a much smaller role in our technology mix. Access control is continuing to evolve towards multi-factor authentication, where identities are being more closely tied to the process, whether it is through biometrics or Bluetooth/Wi-Fi links to trusted devices. The speed of evolution really depends on what is on the other side of the door. More important assets will require more levels of authentication. Access control cards, on their own, simply don’t provide enough security. They can easily be lost, pilfered and depending on the technology, duplicated. They are not tied to a person in any way. This is one of the reasons that facial recognition has become an increasingly important aspect of multi-factor access control.

Editor Summary

Even given the growth in new choices for access control credentials, it appears the traditional ‘key card’ is here to stay. Our Expert Panelists agree that use of cards is likely to diminish in coming years. They also point to specific reasons why cards are unlikely to disappear completely. Instead of disappearing, cards appear destined to take their place among other credentials and multi-authentication schemes that will make our premises safer than ever. The common use of printed key cards as photo ID badges also points to their continued deployment for years to come.