Securing Keys, Assets & People - Blog

Access Control Card Technology: Choose the Right One for Your Business

Written by Jay Palter | Nov 13, 2020

One of the core security needs for any business is to control who can access the business’s buildings and assets. Card readers are one of the most popular choices for conducting access control. Formerly only within the reach of enterprise security budgets, new, lower-cost access control systems are increasingly the preferred choice for businesses of all sizes.

However, there are many different card reader systems on the market. This makes it challenging to identify the system that best matches your company’s needs. Here, we explore your access control card reader options and see how you can make an informed purchasing decision that will best fit your needs.

What Are the Advantages of Using Access Control Card Readers?

Using live security officers for access control is typically only cost-effective on a short-term basis, such as for special events that will have a temporary perimeter. In more stable business settings, putting a human security officer at every access point is usually too expensive and actually would be more prone to produce errors.

A security officer will eventually make a mistake. Someone will accidentally be waved through, or a keyring might go missing. And if that lost key is a master or submaster, the rekeying costs stemming from that one simple mistake will stack up quickly.

Compared to human staffing and manual forms of access control, using card readers to authenticate personnel offers many advantages:

Automated Control

Electronic card readers never get tired. Unlike human security officers, they never mistakenly hand out the wrong access credentials, lose a key, or succumb to social engineering attacks.

Data Gathering

Access control card readers collect access data that can reveal trends or irregularities. For example, is there a reason one of your front office workers is signing in and out of your warehouse five minutes before the end of their shift every few days? Do those sign-ins line up with the dates of inventory shrinkage you’re seeing?

Access control logs also come in handy for different kinds of reporting. These logs can help demonstrate regulatory compliance. They can also provide valuable forensic data if theft or other crime occurs on-site.

Remote Management

Because access control card readers are electronic and linked to a central database, many systems can be managed remotely over secure network connections. This is especially useful when you need to manage multiple work sites or when you have security managers working off-site.

Scalability

The cost of provisioning a new access card is very low. It would include just the cost of the new card and the few minutes of labor needed to provide user access.

High volume access card management tasks, such as changing access for a whole building or for a whole team, are even more efficient. Compared to the cost of cutting dozens of new keys or rekeying an entire facility, changing card access permissions is trivially inexpensive.

Integration with Other Security Systems

Many of the leading access card systems on the market—like those produced by our partners, AMAG, Lenel, and Genetec—are designed to integrate with other security and management systems. Integrating systems enables you to run everything on a single management platform, rather than juggling multiple user databases and management portals.

How to Choose the Right Access Control Card Reader: Know Your Options

A variety of different access card technologies are currently available. We’ll review the leading options here, starting with simpler, lower security card types and working our way up to more advanced options better suited for complex or higher security workplaces.

Barcode & QR Code Cards

Barcodes and QR code cards are very similar. Both types of cards are scanned by access control points with an infrared beam of light. The attached computer system translates the code into user access credentials and authenticates the user. 

These two types of cards differ primarily in how much information each can store. Barcodes can store about one hundred characters of data. QR codes can store several thousand.

Code cards are inexpensive, but also low security. The codes can easily be copied with a smartphone camera or photocopier. If an access reader is unattended, a criminal could simply wave a copied barcode at it to gain access. Therefore, these types of cards are only useful for low-risk access control needs.

Magstripe Cards

These are also called swipe cards. They use the same technology as traditional credit cards, where credentials are encoded on a magnetic strip embedded in a plastic card.

Magstripe cards are more secure than barcodes, but only by a small degree. Magstripe duplicators and writers are readily available online. They allow anyone, including criminals, to copy or overwrite any card they get a hold of.

Magstripe cards are appropriate for low-risk access control where card loss or theft will not present an urgent liability to the resource you’re protecting. Real Time Networks’ technology partner Lenel sells magstripe systems as part of its OnGuard platform.

Wiegand Cards

A unique credential number is encoded as a magnetic pattern onto a metal wire embedded within a card. Wiegand cards first became popular in the 1980s as a more secure alternative to the barcode and magstripe cards available at the time. The unique credential codes are encoded at the time of manufacture, which means cards can’t be reprogrammed or easily erased.

Wiegand cards are still commonly used today in medium-security settings. But their security advantage has recently been made obsolete by newer wireless technology, like RFID.

Radio Frequency Identification (RFID) Cards

RFID computer chips may be small enough to fit onto an access card, but they can store up to 32 kilobytes of data, or roughly the same amount as 32 QR codes. 

More importantly, RFID chips can be encrypted, which makes them incredibly hard to duplicate or forge. Data can be modified or overwritten by authorized security personnel, so RFID cards are also more customizable than older alternatives.

RFID access cards transmit their credentials via a short-range wireless signal. Because they are non-contact, these cards are more sanitary than their alternatives, and they are less prone to wear.

Two different kinds of RFID cards currently dominate the market, each with their own advantages:

RFID Prox Cards

Prox cards perform a simple, one-way transmission of credentials from a card to a reader. Because they send information wirelessly, they only need to be in close proximity to a reader, hence the nickname prox card.

Both AMAG and Lenel offer low-cost prox card access control systems. Real Time Networks solutions easily integrate with the prox cards offered by both vendors.

RFID Smart Cards

Smart cards are designed to provide both secure and fast access control. They have built-in processors, meaning cards are essentially miniature single-purpose computers.

Unlike prox cards, smart cards are able to communicate back and forth with card readers, which allows for much more advanced encryption. Each time an RFID smart card is read at an access control point, it authenticates the user with a single-use encrypted code. Attackers can’t simply copy the same encrypted signal and resend it, because that code will no longer work.

Smart cards are incredibly hard to duplicate, which makes them suitable for high-security environments.

Alternate Solutions

These systems don’t use cards but are often considered as alternative options for access control.

  • Biometrics: Biometric access control readers scan and compare a unique, physical characteristic of a user and authenticate it against a stored record. Fingerprints and eye irises are common features used for biometric authentication. Biometric readers are reliable and highly secure, but come at a higher price point.
  • PIN codes: PIN code keypads can be the right level of access control in low-security settings. Access is restricted to anyone who knows a code, but there is no way to verify an individual’s identity.
  • Smartphones: Now that they’re ubiquitous, smartphones with a secure authentication app are increasingly used for access control. This turns a smartphone into a kind of digital key ring.

With so many different access control options on the market, how do businesses choose the one right for their needs?

Making an Informed Purchase Decision 

You will need a reliable framework to evaluate different access control card readers. Choosing the right card type for your organization involves identifying which technology best aligns with several different criteria. For most businesses, those criteria will be your:

Desired Balance Between Security and Cost

As we’ve discussed, the tools for criminals to exploit access card technology are more readily available for less expensive systems. In some low-risk settings, those less secure access control methods are good enough. If your risk of access breaches is high or the potential damage of a breach is high, then you will need to consider more rigorous, but more expensive options, like RFID smart cards.

Future Business Directions

If you know there will be growth, downsizing, or other changes in your business model in the coming years, it might be worth investing in a more flexible access control system today. For example, will your business open an R&D department housing prototype products and business secrets that you need to protect?

Existing Infrastructure

If your organization is currently using legacy card reader technology, you will want to select a multi-card reader system that can accommodate older cards. That will make migrating to the new system easier, because you can just replace legacy cards location by location, or through attrition with newer smart cards as staff turn over.

If you’re already using RFID badges for another system, such as personnel safety tracking, then you might be able to leverage that existing technology and integrate a compatible RFID access control system with that infrastructure.

Regulatory Requirements

Some regulatory standards require specific types of access control. Simpler systems, like PIN codes or barcode cards, may not offer sufficient security or identity verification to comply with those standards. More rigorous forms of authentication with prox or smart cards may be necessary for compliance.

Security and Business Management Solutions That Fit Your Needs

There are many factors you need to consider when selecting a new access control system. But the decisions involved get much simpler when you have a reliable framework, like the one we proposed here, to evaluate different systems.

When in doubt, you should always seek out expert advice. For over 30 years, Real Time Networks security experts have helped organizations of all sizes deploy security and business management solutions that fit their needs.