Levels of Security: 5, Biometric Authentication

Welcome to the fifth, and final, installment in our series on Levels of Security! In this series we are investigating how different ID solutions fit different security needs. As we advise organizations on appropriate badge solutions, we find their needs fall into one of five levels of security. We’ve categorized these by the appropriate solutions: printed PVC cards, barcode & magnetic stripe cards, proximity access devices, contact and contactless RFID cards, and biometric authentication.

biometric authentication is the highest level of access control securityBiometric authentication uses a reader to scan and verify identity using a unique physical attribute. The most common are fingerprints, palm prints, facial scans, and iris scans. New technologies include scans of the shape of the skull and of the interior of the ear canal.

For access control, these methods of authentication are most often used with another method, playing on the security adage that the most secure “key” is “something you have, something you know, and something you are”.  An ID card (of any level) or key serve the purpose of being an exclusive item one has. Biometric markers, which are unique to the person seeking entry, is something they are. Often keypads or password encryption serve as “something you know”. Verifying identity through biometrics prevents security breaches based on theft of cards or other access devices or recreation of credentials using stolen data, as the person who uses the device is as important as the device itself.

Companies also use biometrics to help protect data and to provide appropriate access. Many devices use fingerprints instead of passwords as an unchanging piece of data that restricts access to the appropriate user. This technology provides the option for targeted, instead of widespread, use of biometric authentication. Some programs require the input of a password and verification of a user’s biometric data before allowing access to secure information. This solution can provide an incremental security increase, rather than outfitting an entire facility for biometric scanning.

Certain industries have also begun using biometric scans to store user data. For example, some hospitals have begun to use palm scans to ensure that medical records are accurate and secure. Many school systems have begun using thumbprint scanners to link student lunch accounts. These methods replaced use of a card (which students often lose) or student PIN-code (which students sometimes forget, and slows down the lunch line).

Concerns about Biometric Authentication

The use of biometrics is still controversial. Many people worry about someone stealing or hacking into this secure information, extending the privacy problems that plague technology companies. Companies address this concern in multiple ways. Many do not store biometric information. Instead, they use a computer algorithm to create a unique identifying number derived from the biometric scan. This number is then associated with the user. Others keep the biometric information stored on a device rather than in a database. Banks that use biometric authentication in mobile apps store the user’s information on the device rather than in a database. The same can be done with smart cards. The chip in a contact or contactless smart card has enough storage space to store the data required to verify the cardholder’s identity, which eliminates the need to keep information in a centrally controlled (and thus target-rich) access control database.

Thank you for following along with our series on access control security. As always, feel free to contact one of our experts for more information at +1 704.535.5200.

What is that fine white line on my ID card?

The Fine White Line

We often receive calls from clients whose printed ID cards include a fine white line. This line always appears in the same place on the card and does not vary (though one may not notice it if there is not a text, image, or background color in that area). This symptom indicates one of 3 problems with the printer’s printhead:

  1. A piece of dust, dirt or debris is stuck to the printhead;
  2. The printhead has physical damage (such as a scratch or a nick);
  3. The printhead has had one or more imaging pixels burn-out. This usually results from an electrical surge or lighting strike.

printhead

Solutions

A user can solve the first problem by manually cleaning the printhead with IPA alcohol wipes or swabs. (Find them here!)

The latter 2 problems are more common and require replacement of the printhead. Prior to purchasing a replacement, first check with your authorized dealer to see if the printhead is still under warranty. Virtually all top printer manufacturers’ warranties offer to replace a damaged printhead for a defined period of time following purchase of a new printer.

A word of caution: Please review your own printer’s warranty for any coverage requirements or restrictions. Many of these warranties require performing required cleanings on-schedule (usually about every 1,000 cards, but check your printer’s user manual for the exact number). Additionally, many warranties exclude damage caused by misuse, or use of sub-standard materials (i.e., cheap cards or non-brand ribbons).

For more support, or information about quality ID-card printers, parts and supplies, visit our web store, or contact one of our ID experts at +1 704.535.5200 or toll-free at +1 888.485.4696 (US & Canada).

Datacard SP25 Plus to be Discontinued

EntrustDatacard has announced the end of production for its SP25 Plus card printer. The printer has been replaced by the SD160 card printer, and will no longer be available for order after August 31, 2016. The printer will go out of support on August 31, 2021 (though this is subject to availability of parts and supplies).

To order either the SP25 Plus or SD160 or for more information about how this may impact your card printing, please contact one of our printer experts at +1 704.535.5200 or +1 888.485.4696.

Datacard SP25 Plus

The SP25 Plus will be discontinued 8/31/16.

Levels of Security: 4, Contact and Contactless Smart Cards

Welcome to the fourth installment in our series on Levels of Security! In this series we are investigating how different ID solutions fit different security needs. As we advise organizations on appropriate badge solutions, we find their needs fall into one of five levels of security. We’ve categorized these by the appropriate solutions: printed PVC cards, barcode & magnetic stripe cards, proximity access devices, contact and contactless RFID or smart cards, and biometric authentication.

Contactless Smart Cards

Contact and contactless smart cards are the second highest level of authenticationContactless smart cards use high-frequency radio frequency identification, or RFID, and afford stepped-up security (vs. standard proximity cards) by employing a memory chip that can store more information. These larger capacity chips allow users to store and encrypt more data than before, making it more secure. While typical applications use readers limited to 1 foot or less, the technology can read card data from as far as 30 feet. Like standard proximity devices, RFID credentials do not need a direct “line of sight” from the reader. As a result, readers can access these devices through clothing, and even packaging (such as in a box, pocket, wallet or purse).

A few examples of common applications for contactless RFID devices include:

  • use of RFID-enabled ID cards or fobs for access-control through secured doors or vehicle access to controlled parking areas;
  • storage of computer-network access credentials and authorization levels;
  • access to pharmaceutical cabinets and dispensaries;
  • medical and healthcare applications vary from tracking inventory and patients, to confirming correct medication dispensing, and out-of-bed/fall detection;
  • tracking of retail goods for stock/inventory control, and anti-theft systems;
  • contact-less payment systems, linked to your credit-card or bank-account (i.e. – Apple Pay(TM) )

If you are considering use of RFID credentials, be aware that there are privacy concerns regarding their data storage. Because these devices are compatible with long-range scanners, they are susceptible to reading without the holder’s knowledge. This opens the door (pardon the pun!) for duplication and for skimming of information that should remain private. As a result, some users wrap their cards in aluminum foil or use RFID blocking wallets to prevent unauthorized reading.

Contact Smart Cards

Contact-type smart cards carry a chip with exposed contacts, which a user must insert into a reader for data to be read or retrieved from the memory chip. This type of card is slightly more secure in that it prevents skimming in the manner described above. Access control applications can use these devices, but they are still more common in payment application. In fact, if you live in the United States and have bank-issued credit- or ATM-cards, you most likely now have a card of this type today, as all US institutions were required to adopt these more-secure cards within the past year.

Check back soon for our next post in the series, regarding the highest level of access control security: biometric authentication.

Levels of Security Series: 3, Proximity Access Devices

Welcome to the third installment in our series on Levels of Security! In this series we will be investigating how different ID solutions fit different security needs. As we advise organizations on appropriate badge solutions, we find their needs fall into one of five levels of security. We’ve categorized these by the appropriate solutions: printed PVC cards, barcode & magnetic stripe cards, proximity access devices, contact and contactless RFID cards, and biometric authentication.

Proximity Access Devices are a mid-level security measureClients whose facilities need a moderate degree of security may find their best solution in proximity access devices. Organizations issue these devices, which take the form of cards, key-fobs, or stick-on (adhesive) disks, to individual users. Each device includes a tiny computer chip that houses a small amount of data custom-programmed for a facility. These credentials allow an installed access control system to determine if the device holder has the required permission to access a facility.

Prior to the introduction of access-control systems, organizations would provide key copies to their employees, or have full-time receptionists, or employee security guards as ways to manage access.

Benefits of Using Proximity Access Devices

  • Unlike keys, access control systems can operate on schedules. For example, a key-card or fob can allow access to buildings only Monday thru Friday from 8:00am to 6:00pm. Other devices and individuals can have their own unique schedules.
  • Also unlike keys, with proximity access devices, you can immediately and remotely “turn off” or modify access areas and times. This means that if an organization needs to change an individual’s access, it can do so quickly, without affecting any other device holder. This includes restricting access to certain facilities or to certain days or times. In the “old days”, if  an employee’s access need to be changed, locks were changed and new keys issued. As you can imagine, this was a considerable expense!
  • If the proximity access device is a printable ISO card, it can double as the employee’s photo ID. This provides both a visual identity check and a physical access-control check, further enhancing security.
  • Proximity access device readers can work with optional modules, such as numeric key-pads, requiring input of a second-form of authentication. Often used on exterior doors, these combinations help to prevent unauthorized entry should someone find a lost credential.

As technology has developed, more secure options have been introduced which can store more data and are more difficult to be scanned and copied. We will explore those options in coming installments. But, for organizations with a need for flexible security controls, while maintaining relatively low or moderate costs, the access-control systems and proximity devices are the perfect solution.

 

Levels of Security Series: 2, Barcode and Magnetic Stripe Cards

Welcome to the second installment in our series on Levels of Security! In this series we are investigating how different ID solutions fit different security needs. As we advise organizations on appropriate badge solutions, we find their needs fall into one of five levels of security. We’ve categorized these by the appropriate solutions: printed PVC cards, barcode and magnetic stripe cards, proximity devices, contact and contactless RFID cards, and biometric authentication.

Barcode and Magnetic Stripe Cards are an easy way to add security elements to your IDsFacilities in need of a low-moderate security solution may find that ID cards printed with a bar-code, or with an encoded magnetic stripe, fill their needs. Like the previous level’s solution, these options are still relatively easy to implement and low cost. Facilities that do not require this level of security should refer to the first post in this series: Printed PVC Cards.

Often our clients can meet other needs by making enhancements to their regular ID cards. Some commonly available technologies allow for many uses of these enhanced cards.

  • Restaurants and factories, for example, often use time-clock applications. Employees clock in and out by “swiping” card through a reader connected to the payroll system.
  • Many schools, colleges and universities have moved to a “one-card” system. This system allows students to obtain meals in cafeterias, access a library, or make purchases by presenting an authorized card.
  • Medical service providers’ EHR (electronic health-record) systems often require dual-factor authentication to log in. By equipping system computers with readers for barcode and magnetic stripe cards and appropriate access control software, the employee’s ID card can double as the required second-factor authority.

Barcode Cards

The barcode category includes traditional “1D” bar-codes, “2D” bar-codes, or QR codes. These codes created by selecting a font that transforms an alphanumeric code into a lined or pixelated image. These images are printed onto the card and can be scanned by specialized readers or by smartphone applications. This solution requires a database of some kind that associates the unique graphical code with the pertinent information. A significant limitation here is that barcodes can be photocopied. This can result in unauthorized access if secondary security measures are not put in place.

Magnetic Stripe Cards

Magnetic Stripe CardsThe magnetic stripe card can store a very limited amount of information, such as an account, employee, or student ID number, dollar amount (or other financial balance), & other encoded information. These early versions of modern smart cards are less secure than newer options due to technological advances. The technology used in them makes these a slightly higher-cost option than “plain” PVC cards. In addition, they require specialized readers and a computer program to interpret and act on the stored data.

Customers who print larger quantities of cards or who would like to be able to issue cards immediately may find that an investment in a printer and supplies is beneficial. For small organizations or those who do not want to maintain cards themselves, our service bureau is able to print cards on demand for a reasonable fee.

Barcode and magnetic stripe cards are excellent solutions for organizations with modest functional needs and low to moderate security requirements. Both options provide a way for customers or patrons to recognize the authority of the person wearing the card. And all ID badge solutions add the benefit of a sense of visual cohesion in any work, school, or healthcare environment.

Levels of Security Series: 1, Printed PVC Cards

Printed PVC Cards are the first measure many business take in ID security.Welcome to the first installment in our series on Levels of Security! In this series we will be investigating how different ID solutions fit different security needs. As we advise organizations on appropriate badge solutions, we find their needs fall into one of five levels of security. We’ve categorized these by the appropriate solutions: printed PVC cards, barcode & magnetic stripe cards, proximity devices, contact and contactless RFID cards, and biometric authentication.

Facilities in need of a minimum security solution may find that a simple ID badge fills their needs. This solution is relatively easy to implement at low cost. This category contains two distinct levels of security: a non-photo card and a photo ID badge.

Non-Photo Printed PVC Cards

The non-photo card offers the lowest level of security, but still provides a quick method to identify a holder’s credentials. These cards can offer an organization’s seal or logo, card-holder’s name and/or title or position, or simply feature color coding. For example, a school or assisted living facility may issue a pink card to volunteers and blue cards to staff. This quickly allows staff, students, parents or residents to identify an authorized individual.

Photo IDs on Printed PVC Cards

Example of a Printed PVC CardThe photo ID badge can include any of the above elements, but then adds an additional security layer: a photo of the cardholder. This provides an additional confirmation that the person carrying a card is the person to whom it was issued. Photo IDs are commonly used for students, teachers, healthcare professionals, and employees at a variety of businesses & government entities.

Both of these entry-level ID solutions help the wearers and organizations project a professional appearance, giving confidence to clients. They help organizations meet minimal security guidelines required by regulators that are prevalent, for example, in the healthcare field.

The limitation of these simple ID solutions is that a person must confirm the identity of the cardholder, rather than an automated system of access control. For many organizations, however, they provide a cost-effective solution to their most basic needs.

Printed PVC Cards: A Low-Cost Solution

Whether the design includes a photo on an ID or not, printed PVC cards have similar, relatively low costs. For small organizations, or for those who do not want to design, maintain and issue cards themselves, our service bureau is able to offer professional design and printing of cards on demand, and for small relative fees. Customers who print larger quantities of cards or who would like to be able to issue cards in-house and immediately will find that an investment in a printer and supplies is beneficial.

Basic ID cards are an excellent solution for organizations that do not operate in access-controlled facilities. Either option for printed PVC cards provides a means by which clients or patrons can recognize the authority of the wearer, and can provide a sense of visual cohesion in any work, school, or healthcare environment.

Fargo Printer – Wrong Ribbon Error

We often receive calls from clients whose Fargo ID card printers display a “wrong ribbon” error. This error will appear on the printer’s LCD screen or on the user’s computer monitor and has a few potential causes.HID Fargo Printers - wrong ribbon error

Common Causes of the “Wrong Ribbon” Error:

Hardware Fault

Occasionally, we find that there is a hardware fault with the printer, particularly with the ribbon sensor or RFID-tag reader. After ruling out the other possible problems listed below, please call one of our experts if you still receive the “wrong ribbon” error.

Wrong Ribbon

You could, indeed, have the wrong ribbon for the printer. Many Fargo ribbon cartridges look identical, and there are no markings on the ribbon carriers to indicate which you have. For example, a YMCKO ribbon for the Fargo DTC1250e looks like the YMCKO ribbon for the DTC4250e, but they are not interchangeable. Each ribbon has an embedded RFID tag which includes a ribbon part-number. The printer’s corresponding firmware includes a list of all ribbons that are compatible with the printer. As a result, if your ribbon is not compatible with your printer, you will receive this message.

Bad Ribbon RFID Tag

Fargo ID-card printer ribbons are manufactured to include an RFID tag, which contains information about the ribbon itself (ribbon type, lot number, manufacturing site, etc.). On VERY rare occasions, this RFID tag is missing, or the data has been corrupted. This will prevent the printer from recognizing an otherwise good ribbon as valid. Try another ribbon if you have one available.

Out-of-Date Firmware

You could have out-of-date firmware on your printer. Periodically, Fargo will introduce new firmware to include updated manufacturing information. Once this new firmware is introduced, they will include new data on the encoded RFID tag affixed to the ribbon cartridge.  A printer with outdated firmware will be unable to validate ribbons that have this new encoding and reject them, returning a “wrong ribbon” error. Please see our separate blog post “Fargo Printers How-to: Update your Drivers and Firmware” for detailed instructions on updating firmware.

Incorrect Driver Setting

But most-likely, the error is the result of an incorrect print-driver setting. For example, you may have a full-color (YMCKO) ribbon, but a print driver set for a monochrome-black (K) ribbon. This mismatch between the actual ribbon loaded, and the ribbon the PC “thinks” should be loaded will result in a mismatch, and “wrong ribbon” error. For this scenario, follow the directions below to change the printer driver settings.

Choosing the Correct Driver Setting

Prior to beginning the instructions below, please verify that you have Windows administrator rights or have been granted Windows permissions by  your network administrator to change the driver functions on your computer. Without these elevated privileges, you will not be able to make these changes.

  1. Click the Windows “Start” icon (usually the lower-left corner of your screen);
  2. Select “Devices and Printers” (if not visible, enter this as a term in the search box);
  3. Locate your Fargo printer and right-click on it;
  4. Select and click on “Printing preferences” – a new window will open;
  5. Select the “Device Options” tab, then use the drop-down box to select your ribbon type;
  6. Click the “Apply” button in the lower-right, and then click “OK” to finish and close the Window.

Need more info?

Fargo ID-card printers are manufactured by HID Global. For information about Fargo printers, contact us for a free consultation toll-free at +1 888.485.4696 (US & Canada), or +1 704.535.5200 (elsewhere).

New Entrust Datacard Firmware

Entrust Datacard released new firmware for their SD, CD, and CE system printers today. In order to download this update, visit their support page.

The new firmware will provide your printers with a wide variety of enhancements. This summer, Entrust Datacard began sending out new RFID tags with enhanced encryption to ensure that you are receiving authentic Datacard® Certified Supplies that were designed specifically for optimum performance in their Datacard® system. This new firmware will enable the enhanced encryption to take place.

In addition to enabling the enhanced encryption, the new firmware will provide Datacard SD, CD, and CE systems with a wide variety of updates:

  • UV printing on all SD, CD and CE systems
  • Rewrite capability on SD260 and SD260s systems
  • Security enhancements to support PCI requirements
  • Mag stripe fix to help reduce errors when cards are not in position
  • Improved cleaning card on the multi-hopper
  • Other security and performance improvements

For more information about firmware and why it’s important to keep it updated, check out the post about it in our archives.

As always, if you have any questions or concerns, please contact one of our experts at +1 888.485.4696.

Value of High-Quality Consumables for ID Card Printers

Always use high-quality consumables, purchased from authorized dealers in your ID card printer. These supplies provide the best life and results from your machine. Safe-Card ID Services is one such dealer, but there are lots out there; find a dealer you trust!

But I saw cheaper consumables online…

Less reputable dealers may offer cards and ribbons that are “compatible” with your printer but are not certified. While you may find that they offer these at a discount, these savings may be an illusion. Recently, a local client ruined multiple print-heads by using sub-standard cards. Not only was this an inconvenience that interrupted their card production, it was costly. Printer manufacturers’ warranties do not cover print-head damage from poor-quality or non-genuine consumables.

What problems might low-quality consumables have?

Poor-quality cards may have foreign objects (dirt, dust, hair, and plastic particles), irregular sizing and thickness, and jagged-cut edges. In the best-case scenario, using these cards will require more frequent printer cleaning (to remove those foreign objects!). The worst-case scenario results in physical damage to the printer, specifically the expensive print-head.

Poor-quality ribbons may not be compatible with RFID sensors or printer firmware updates, leading to “no ribbon” or “unknown ribbon” errors, thus preventing their use. Non-genuine ribbons are often made with sub-standard materials. Use of these materials can lead to low-quality images, rendering of colors inconsistently, and ribbons tearing and sticking to card surfaces, all of which can also cause damage to the print-head.

Why are high-quality consumables such a big deal?

All printer manufacturers stipulate that the use of non-branded or low-quality materials can void printer and print-head warranties. While great online deals can be tempting, it is important to make sure that the materials are of high quality–both to preserve your device warranty and to ensure the best possible output.

The bottom line: be sure to inspect materials before using them. A broken printer costs more to replace or repair than you could ever save with aftermarket or “gray-market” supplies. Find a trustworthy, authorized dealer for your printer consumables and rest assured that your printer investment will be protected.