Welcome to the fifth, and final, installment in our series on Levels of Security! In this series we are investigating how different ID solutions fit different security needs. As we advise clients on the appropriate badge solution for their organizations, we’ve found that badging needs will generally fall into one of five levels of security. We’ve categorized these by the appropriate solutions: printed PVC cards, barcode & magnetic stripe cards, proximity access devices, contact and contactless RFID cards, and biometric authentication.
Biometric authentication uses a reader to scan and verify identity using a unique physical attribute. The most common are fingerprints, palm prints, facial scans, and iris scans. New technologies are being introduced that include scans of the shape of the skull and of the interior of the ear canal.
For access control, these methods of identity authentication are most often used in addition to another method, playing on the security adage that the most secure method is “something you have, something you know, and something you are.” An ID card (of any level) or key serve the purpose of being an exclusive item one has. Biometric markers, which are unique to the person seeking entry, is something they are. Often keypads or password encryption serve as “something you know.” Verifying identity through biometrics prevents cards or other access devices from being either stolen or skimmed and recreated using stolen data, as the person who uses the device is just as important as the device itself.
Biometrics are also used on their own to help protect data and to provide appropriate access. Many mobile devices and laptops now use thumbprints instead of passwords as a more secure and unchanging piece of data that only allows access to the appropriate user. This technology provides the option for targeted, instead of widespread, use of biometric authentication. Some programs require the input of a password and verification of a user’s biometric data before allowing access to secure information. This solution can provide an incremental security increase, rather than outfitting an entire facility for biometric scanning.
Certain industries have also begun using biometric scans to store user data: hospitals such as Carolinas Medical Centers use palm scans to ensure that medical records are accurate and secure. Many school systems have begun using thumbprint scanners to link student lunch accounts, replacing the need for a card (which students are prone to lose) or a code (which students sometimes forget and takes a longer time to enter into the lunch line keypad).
The use of biometrics is still controversial, as many people worry about this secure information being stolen or hacked into, creating another version of the privacy problems that have begun to plague technology companies. Companies address this concern in multiple ways. Many do not store biometric information, rather using a computer algorithm to create a unique identifying number based on the biometric scan, which is then associated with the user. Others keep the biometric information stored on a device rather than in a database–banks that have begun using biometric authentication in mobile apps store the user’s information on the device itself rather than in a bank database of users. The same can be done with smart cards. The chip in a contact or contactless smart card has enough storage space to store the data required to verify the cardholder’s identity, which prevents their information from being stored in a centrally controlled (and thus target-rich) access control database.
Thank you for following along with our series on access control security. As always, feel free to contact one of our experts for more information at +1 704.535.5200.