24 Jun 2021

Editor Introduction

There is a broad appeal to the idea of using a smartphone or wearable device as a credential for physical access control systems. Smartphones already perform a range of tasks that extend beyond making a phone call. Shouldn’t opening the door at a workplace be among them? It’s a simple idea, but there are obstacles for the industry to get there from here. We asked this week’s Expert Panel Roundtable: What are the challenges and benefits of mobile access control solutions? 

Many new facilities now begin with mobile access and many others are upgrading. The discussion about lost access cards is just part of it, people keep their smartphones close and don’t share them, so one of the age-old problems with access cards is immediately solved. Additionally, most people protect their phones with passwords, PINs, or biometrics that can protect the credential on the phone from being used by a thief or opportunist. Seos credential technology enables robust mobile IDs security and access can be centrally managed and provisioned, or revoked, over the cloud, which makes it easy to add, remove or change access rights or issue credentials to visitors and contractors. Mobile access is also an extension of the brand; organisations can personalise the app, add their own corporate branding and integrate it into smart building and employee wellness apps. They’re choosing mobile access because it’s convenient, simple, secure and often more cost-effective.

The use of mobile credentials has been on the rise for several years, and COVID has significantly accelerated that trend. There are several advantages to mobile credentials: the technology is convenient as people carry their smartphones on them all the time and less likely to get lost than an ID card or badge. The technology is more secure and makes it easy to deny access to someone fraudulently trying to enter a secured area. Mobile access control offers greater flexibility as cardholders only need their mobile device to access several facilities rather than carrying multiple credentials. Mobile credentials can be more expensive than traditional ID cards, but the benefits usually outweigh the costs. While employees may be hesitant to allow their employer to install software on their personal devices, privacy concerns can be alleviated by installing software that cannot access personal information.

Mobile access control solutions are an exciting innovation in a market where the day-to-day user experience hasn’t changed much in the last 20 years. One area that has clear benefits and challenges is in improving the user experience. On one hand, physical credentials are expensive and a hassle to administer; however, they work reliably, quickly, and predictably. Mobile credentials are convenient in that everyone already has a smartphone, and you don’t have to admin or carry cards; however when you’re actually standing at the door they need to work as well or better than physical credentials, or the benefits are lost. Inertia is a powerful force, and if you look at the adoption of mobile credit cards, it has taken a long time for consumer behaviors to change. As the user experience improves, it’s easy to see a not-so-distant future in which physical credit and access cards are rare.

There are numerous benefits to using mobile access control solutions, and it is proving to be particularly popular post-COVID due to the reduced contact required to present credentials. By presenting an authenticated mobile device using BLE or NFC, there is no need for contact by the individual, and the reader also avoids any touching, thereby significantly reducing the likelihood of disease transmission. Cost is another benefit – once the appropriate reader is installed, cards or tokens can often be discarded as users simply use their mobile devices. This also reduces the administration costs, with credentials approved centrally and then sent to the mobile device remotely, rather than needing to physically issue or retrieve cards/tokens. There are also practical and security benefits – users leverage the already stringent authentication of the mobile device (often fingerprint or facial recognition). New authentications are but can also be withdrawn instantly with security or employment changes.

Bill Hobbs 3xLOGIC, Inc.

Nearly everyone who has carried a physical access credential has at one time or another lost it. Often, we don’t report a lost credential, assuming it will show up eventually. But the longer a missing credential goes unreported, the greater the chance of unauthorized access. Conversely, everyone carrying a smartphone knows where it is at all times. If it goes missing, an all-out search begins immediately and credentials on that device can be disabled. Multi-factor authentication makes it difficult to use that credential to gain unauthorized access, and proper device security can disable the device after multiple incorrect login attempts. Mobile apps are constantly updated, and new security policies can be easily distributed to the mobile credential. Mass notification of events can be quickly broadcast to all credential holders. Finally, mobile credentials are difficult to clone, unlike physical cards. Mobile credentials deployed across all users ensure a safe environment.

Deon Chatterton Safetrust Inc.

Mobile access control solutions can come with some challenges; however, the benefits can outweigh these challenges. Some people are reluctant to put company applications on their personal devices or may find taking their phone out of their pocket or purse inconvenient when their company may require them to wear a badge anyway. Others report inconsistent performance — sometimes they may leave their phone in their pocket, and it works, while other times they may have to touch their phone to the reader for it to work. And some perceive the cost of a mobile credential to be more expensive than a physical badge. Since a person usually has their phone in their hand already, it is much easier to hold it up to the reader than to fumble for their badge. Users can also store multiple badges in their mobile phones to get into more than one location.

Lulu Yin Anviz Global Inc.

During COVID, everything is contactless. Organizations usually use key cards and biometric-based access control, but we all forget our cards. We leave them at home, in our car, at our office desk, and so on. Almost every adult carries a smartphone, and people rarely forget their cell phones. Mobile access simplifies the process for the user; you don't have to worry about losing the key fob or card, and it's much more secure than key cards. Businesses could save costs by removing the need for physical cards for both employees and visitors. Everything is made easy with Anviz Mobile access which compatible with most of all Anviz access control hardware.

Scott Lindley Farpointe Data, Inc.

Many mobile access credential solutions require the use of back-end portals. For hackers, portals can be rich targets, often containing sensitive end-user data. These types of mobile solutions so often force the users to register themselves, and sometimes their integrators, for every application. Each registration requires the disclosure of sensitive personal information. Bookkeeping alone can be confusing. Farpointe's Conekt distributes credentials with features that allow the user to register their handset only once and need no portal accounts, activation features, or renewal fees. Secondly, OSDP Verified equipment ensures that security equipment such as card and biometric readers from one company interface easily with control panels and equipment from another manufacturer, fostering interoperability among security devices. Customers’ new equipment will provide bi-directional communications between the access control panel and the reader. It will also make standard the option for powerful encryption in support of advanced security applications.

We have been offering discrete integrations between our turnstiles and mobile devices for some time now, and striking the balance between the required level of security, whilst offering a user-friendly entrance experience, remains a top priority. One of the key benefits of upgrading from traditional fobs or access control cards to mobile devices is the flexibility they offer. People carry their phones everywhere with them and wear smartwatches, which makes them a familiar and convenient access control method for regular employees as well as occasional visitors. Additionally, these BYODs offer a touchless and hygienic authentication method when accessing a building, which is now more important than ever. These mobile devices do have some drawbacks, however, as devices can be easily mislaid, stolen, or broken. Whether our turnstiles need to integrate with smartphones and watches for office users or wristbands for gym users, there’s an integration solution for everyone.

Brad Kamcheff Aiphone Corp.

From an intercom perspective, the biggest benefit is also one of the biggest challenges. Users are able to visually confirm visitor identity, answer their door, and allow visitors building access—all from their mobile devices. The benefit is the freedom to answer their door from anywhere. Users are no longer required to be on-site to greet visitors, receive packages or ensure their front door is secure. Of course, the downside to answering a door from anywhere is putting the responsibility of screening guests on the user, as well as the different levels of responsibility that users now have in allowing building access.

The desire for mobile access control is only growing, and manufacturers are working hard to create innovative, robust solutions. While there are a few challenges that exist with the transition to mobile access control, the benefits outweigh the challenges. Typically, mobile access control is recognized as a safer, more convenient, and more reliable option when compared to normal card-reader-managed access control solutions. So, what's the problem? When an organization decides to transition to a mobile access system, the problem often occurs when attempting to force the old system to integrate with the new without making the proper updates. Select a mobile access control system that is fully designed to be a mobile access system. Access control ultimately authenticates the users by recognizing a card or tag, a PIN, or utilizes biometrics. A smartphone already houses these options, and the users often already have a 2-factor verification set in place.

John Nemerofsky SAGE Integration, Inc.

Enterprise organizations are embracing the concept of employee-owned mobile devices as part of an access control solution. The many benefits include reduced costs of procuring, storing, and printing plastic credentials and, unlike traditional badges, smart credentials may be remotely reused, transferred, issued, or deactivated. Employees require less training as they are familiar with their smartphones and are less likely to share their expensive devices than a physical credential or PIN. Also, there’s the convenience of having authorized visitors bypass the front desk after receiving an emailed virtual credential and app. Despite the advantages, a total mobile solution presents challenges. A 2021 market research study found 15% of U.S. adults don’t own a smartphone. Enforcing hardware standards is challenging when replacement devices are purchased on an employee’s timetable. And employers must stress the importance of password hygiene. Hackers may gain access using stolen phones lacking strong passwords and, ideally, two-factor authentication.

Editor Summary

We are all less likely to lose our phone than to lose an access control card. Or, at least, we are likely to try harder to find it! The broad utility of smartphones in our lives bolsters the case for adding one more use case to the list. As our Expert Roundtable panelists point out, there are other advantages, too, not to mention a few challenges. However, the industry's path to a future when mobile access control is pervasive will likely have some bumps along the way.