Access control cards may all look the same, but ‘under the hood’ the technologies driving them vary considerably. Different card systems have very different strengths, weaknesses, and price tags.
Choosing the card technology that best fits your business was already going to be challenging. But gone are the days when buying a security system meant that you only had to think about that one system. In our era of universal connectivity it’s essential to consider how a card system integrates with the rest of your security environment.
In this article we’ll take a look at the leading card technologies on the market today. We’ll also highlight some of the access control platforms that Real Time Networks products can integrate with. Our RTNHub management system was designed from the ground up to work smoothly with all of them, and other major business and security platforms, like Verizon Connect fleet management, Windows Active Directory, C-Cure, and S2 Security.
We’ll start with the more simple systems better suited for lower security environments, and then move up to more advanced RFID card systems.
Think scanning items at the grocery store. For access control, barcodes on access cards contain user credentials, which are scanned by card readers at control points. While cards and readers are inexpensive, they’re not very secure. They literally can be duplicated in 10 seconds at the office photocopier. They’re only applicable in very low risk security environments.
These cards use the same technology as credit cards. The magnetic stripe holds credentials as a simple binary code that’s read when the card is swiped. The bad news is that magstripe card copying equipment is readily available online. So this is also best treated as an ‘entry level’ access control method for low risk settings.
Our technology partner Lenel sells magstripe systems for such a need, compatible with their Lenel OnGuard platform, in addition to their wider range of RFID card systems (More on those, below).
This technology exploits a quirk in the behavior of magnetic fields around twisted metal wire to encode information. In access control, ‘Wiegand wires’ are embedded in plastic cards and magnetically encoded with unique credentials. These cards became popular in the 80s as a more secure upgrade to barcode and magstripe cards. Since credentials are encoded at manufacture, Wiegand cards cannot be reprogrammed or erased, and they’re harder to duplicate. While they’re still in use today, generally they’ve been made obsolete by more modern technology, namely…
Radio Frequency Identification (RFID) Cards
RFID cards transmit their credentials via binary computer code over the air. A card does not need to make physical contact with a reader to communicate. They contain small computer chips programmed to hold credentials to specific facilities. Cards receive wireless power when they’re in close proximity to readers. Credentials can also be encrypted in some versions, greatly enhancing security and making the cards much harder to duplicate.
RFID cards are currently the most common access control card type on the market. Two types dominate, each with different advantages.
Low Frequency RFID ‘Prox’ Cards
This is the most common RFID format. Prox is short for ‘proximity.’ These cards send credential information one way: from the card to the reader. The 26-bit version is an open format used by many manufacturers. Blank cards in that format are readily available and inexpensive.
You may have already guessed that this makes illicit duplicating easier. Which it does. Duplicating tools, and even online services, are very easy to come by. And the duplicates are difficult to identify and trace. That said, proximity cards are quite popular at low-to-mid levels of enterprise security. Especially in stable security environments, where needs don’t change year to year. They’re require no contact, which is good for usability and—we’ve found—means less maintenance.
Both AMAG Technologies and Lenel offer a variety of prox card options. Real Time Networks products easily integrate with both of their management platforms.
High Frequency RFID ‘Smart’ Cards
Smart cards were developed with the express purpose of being difficult to duplicate. Equipped with on-board processors, they’re essentially single-function computers, which—thanks to advanced encryption— authenticate the carrier with a unique code generated new for each individual transaction. Because they use two-way communication to authenticate, smart cards are much harder to duplicate. There’s also potential for connecting them to card payment systems and other personal identity-based tools.
AMAG, Lenel, and Genetec are all major carriers of smart card access control systems.
So How Do You Choose?
As with most security technology decisions there’s no one one-size-fits-all answer. Identifying the correct access control card system for you requires consideration of budget, desired security level, and future business directions. Smart cards are highly secure and adaptable if needs change, but are more expensive. They may not be the right fit if your goal for the next 10 years is just to regulate access to one university lecture hall, for example. On the other hand, if your university were investigating chip payment cards that might be able to run on the same standard, then it might make sense.
One specific question we hear a lot is what to do if you have a large install base of older cards. Replacing hundreds or even thousands of access cards in one fell swoop is going to be expensive, not to mention a logistical challenge. In this instance, we generally recommend first replacing legacy card readers with newer, multi-format readers that can accommodate both your legacy system and the new one. Then cards can be replaced simply through attrition. As new cards need to be issued, or old cards replaced, the newer proximity or smart cards are issued instead.
Hopefully now you’re in a good place to start the conversation with your business’s leadership and security providers about the best access control option for your needs. But if you’re looking for further help selecting the right integrated security systems, feel free to contact Real Time Networks today for help.
Editor's Note: This post was originally published on August 28, 2017, and has been updated for accuracy and comprehensiveness.