What Are the Best Access Card Credentials?

125 KHz proximity cards are not secure

Today, anyone with a card cloner can copy the data off a 125 KHz proximity contactless card and make a perfect duplicate. It’s so easy that you can do it in less than 5 seconds without the cardholder’s knowledge or permission at a kiosk in many retail stores. Mifare Classic and legacy iCLASS are vulnerable as well. Despite this security risk, these unsecure credentials are still in wide circulation.

In the U.S., more than half of the 3 million access credentials sold every year are vulnerable technologies such as prox, Mifare Classic and legacy iCLASS. Multiply that number over the past 15 years, across geographic regions, and that equates to tens of millions of unsecure credentials in use, representing a huge security risk for facilities around the world.

Access Credentials Timeline Infographic
Click infographic to enlarge.

13.56 MHz cards with encryption are secure

Next-generation 13.56 MHz smartcards with AES encryption have been available for years now. From a price standpoint, there is not a significant difference between these secure smartcard credentials and readers, and the unsecure legacy technology that is still being sold and deployed.

We strongly recommend that every new system that an integrator sells should include secure smartcard credentials and readers. Customers who currently utilize legacy cards and readers should be educated about the risks and encouraged to make a plan to upgrade their access control systems with secure credentials and readers.

Mobile and biometric credentials are the future

By the year 2020, it is expected that 20% of all access control credentials will be mobile technology. Along with the migration/adoption of smartcard credentials, you should consider the addition of mobile credentials and readers as a future-forward investment. Mobile credentials can be issued or revoked from anywhere, they cannot be cloned, and they benefit from the extra protection of the mobile device’s PIN/biometric security. In most cases they eliminate the need for physical cards or fobs.

Biometric credentials use a person’s unique physiological traits as their access control credential. They are highly secure, can never be misplaced and are cost-free. They are the only technology that provides positive authentication of the user before granting access. When combined with a credential or pin code they create double or even triple authentication.

How to upgrade to smartcard and/or mobile credentials and readers

Security integrators have a responsibility to educate their customers and to help them upgrade their unsecure card credentials and readers to secure technology.

Guide your customers through this four-step migration process:

  1. Determine which secure credential technology you want to use. Establish a standard, whether it is secure smartcard credentials, mobile credentials or a combination of both.
  2. Replace legacy readers. Multi-technology readers can be used to read the existing unsecure technology as well as the new secure technology, making it easy to transition users to secure credentials without disrupting their access. TIP: For large-scale/multisite deployments, ask about project deployment services to help you complete the project on time and under budget.
  3. Once the readers have been replaced, begin issuing new secure smartcard credentials. This takes the most time, as new credentials must be issued to each employee and programmed into the access control system.
  4. Finally, turn off the unsecure portion of the readers so they will no longer read unsecure credentials. 

Products

Ask an expert

To learn more about the latest access control technology and standards, contact us to speak to an Anixter technology expert.