Welcome to the fourth installment in our series on Levels of Security! In this series we are investigating how different ID solutions fit different security needs. As we advise clients on the appropriate badge solution for their organizations, we’ve found that badging needs will generally fall into one of five levels of security. We’ve categorized these by the appropriate solutions: printed PVC cards, barcode & magnetic stripe cards, proximity access devices, contact and contactless RFID cards, and biometric authentication.
Contactless smart cards use high-frequency radio frequency identification, or RFID, and afford stepped-up security (vs. standard proximity cards) by employing a memory chip that can store more information. Using a larger capacity chip gives users the ability to store more data and encrypt that data, making it much more difficult to compromise. The technologies employed allow the chip data to be read from up to 30-feet, though typical implementations will use readers that are limited to 1-foot, or less. Like standard proximity devices, RFID credentials do not need to be in a direct “line of sight” from the reader. As a result, these devices can be read through clothing, and even packaging (such as in a box, pocket, wallet or purse).
Common applications for contactless RFID devices include:
- use of RFID-enabled ID cards or fobs for access-control through secured doors or vehicle access to controlled parking areas;
- storage of computer-network access credentials and authorization levels;
- access to pharmaceutical cabinets and dispensaries;
- medical and healthcare applications vary from the tracking of inventory and patients, to confirming correct medication for patients and out-of-bed and fall detection;
- tracking of retail goods for stock/inventory control, and anti-theft systems;
- contact-less payment systems, linked to your credit-card or bank-account (i.e. – Apple Pay(TM) )
If you are considering use of RFID credentials, be aware that there are privacy concerns regarding data stored on such devices. Because these devices can be scanned from an extended range, they can be read without the holder’s knowledge. This opens the door (pardon the pun!) for duplication and for skimming of information that is intended to remain private. Some holders of RFID technology choose to wrap their cards in aluminum foil or use RFID blocking wallets to prevent reading until use.
Contact-type smart cards carry a chip with exposed contacts, which must be inserted into a reader for any data to be read or retrieved from the memory chip. These are slightly more secure in that the cards cannot be skimmed in the manner described above. These devices can be used for access control applications, but are currently used more frequently for payment applications. In fact, if you live in the United States and have bank-issued credit- or ATM-cards, you most likely now have a card of this type today, as all US institutions were required to adopt these more-secure cards within the past year. For our European friends, you know you’ve been using these cards for years.
Check back soon for our post regarding the highest level of access control security: biometric authentication.