Levels of Security: 4, Contact and Contactless Smart Cards

Welcome to the fourth installment in our series on Levels of Security! In this series we are investigating how different ID solutions fit different security needs. As we advise organizations on appropriate badge solutions, we find their needs fall into one of five levels of security. We’ve categorized these by the appropriate solutions: printed PVC cards, barcode & magnetic stripe cards, proximity access devices, contact and contactless RFID or smart cards, and biometric authentication.

Contactless Smart Cards

Contact and contactless smart cards are the second highest level of authenticationContactless smart cards use high-frequency radio frequency identification, or RFID, and afford stepped-up security (vs. standard proximity cards) by employing a memory chip that can store more information. These larger capacity chips allow users to store and encrypt more data than before, making it more secure. While typical applications use readers limited to 1 foot or less, the technology can read card data from as far as 30 feet. Like standard proximity devices, RFID credentials do not need a direct “line of sight” from the reader. As a result, readers can access these devices through clothing, and even packaging (such as in a box, pocket, wallet or purse).

A few examples of common applications for contactless RFID devices include:

  • use of RFID-enabled ID cards or fobs for access-control through secured doors or vehicle access to controlled parking areas;
  • storage of computer-network access credentials and authorization levels;
  • access to pharmaceutical cabinets and dispensaries;
  • medical and healthcare applications vary from tracking inventory and patients, to confirming correct medication dispensing, and out-of-bed/fall detection;
  • tracking of retail goods for stock/inventory control, and anti-theft systems;
  • contact-less payment systems, linked to your credit-card or bank-account (i.e. – Apple Pay(TM) )

If you are considering use of RFID credentials, be aware that there are privacy concerns regarding their data storage. Because these devices are compatible with long-range scanners, they are susceptible to reading without the holder’s knowledge. This opens the door (pardon the pun!) for duplication and for skimming of information that should remain private. As a result, some users wrap their cards in aluminum foil or use RFID blocking wallets to prevent unauthorized reading.

Contact Smart Cards

Contact-type smart cards carry a chip with exposed contacts, which a user must insert into a reader for data to be read or retrieved from the memory chip. This type of card is slightly more secure in that it prevents skimming in the manner described above. Access control applications can use these devices, but they are still more common in payment application. In fact, if you live in the United States and have bank-issued credit- or ATM-cards, you most likely now have a card of this type today, as all US institutions were required to adopt these more-secure cards within the past year.

Check back soon for our next post in the series, regarding the highest level of access control security: biometric authentication.