Terry Sallas, Director of Major Projects at Chubb Fire & Security, explains why businesses are increasingly moving towards biometric-secured mobile credentials as their preferred access control method
Access control is one of the cornerstones of effective facilities security management. For years, radio-frequency identification (RFID) access cards have allowed businesses to restrict entry to employees or approved guests and improve the protection of people, property, and assets. Irregular entry patterns – a consequence of hybrid working arrangements following the COVID-19 pandemic – have increased the importance of access safeguards even further, and businesses have questioned the suitability of access cards to meet heightened access control requirements whilst providing a seamless experience for the user and limiting environmental costs.
Cards can easily be misplaced or stolen, putting sensitive areas at risk. Replacing lost cards incurs financial and environmental costs, and many employees find carrying around an extra item solely for access control inconvenient.
Leveraging user familiarity with mobile biometric security, businesses are increasingly moving toward biometric-protected near-field communication (NFC) mobile credentials as their preferred access control method and taking advantage of some key benefits compared to RFID access cards.
REDUCED RISK
We are all aware of the problem of lost access cards. They are easily forgettable and often misplaced, and employees regularly request replacement cards. Each lost card creates a security risk – any person finding the card immediately inherits all the access rights of the original owner, so a lost card exposes a significant vulnerability in the access control system.
Employees are naturally more protective of their phones than access cards. But even when a phone is lost, a person finding it cannot easily access it. With mobile credentials stored securely on smartphones, protected by PINs or biometrics, the risk of unauthorised access is significantly reduced.
The environmental costs of lost cards and additional plastic manufacturing are also worth considering. Replacing access cards with mobile credentials can significantly decrease the production and disposal of plastic cards and eliminate the associated expenditure.
LEVERAGING EXISTING NFC TECHNOLOGY
One of the main advantages of mobile access control is its seamless integration with existing smartphones. Nearly everyone today carries an NFC-enabled smartphone, and leveraging this capability eliminates the need for additional equipment and encourages participation from users who are already comfortable using their phones for contactless payments.
As mobile credentials have become an increasingly popular method of controlling access, Apple and Google have added support to their iOS and Android mobile wallets, which are both protected by biometric security. Their endorsement adds further trust and reliability to the mobile credential system, and the security features of Apple Wallet and Google Wallet far exceed anything achievable with access cards alone.
SEAMLESS USER EXPERIENCE
Contactless payments are now second nature to most of us, so accessing facilities and unlocking doors using the same approach requires minimal additional effort or thought. FM teams don’t need to worry about training employees to use the access points; they only need to refer to an already familiar and convenient process.
SUBSCRIPTION MODELS
Many mobile access control systems operate on a subscription model—employing a flexible approach to access rights deployment with regular costs that are easy to build into budget planning. Subscriptions tend to be per 100 or 1000 users, and when an employee leaves the company, the security team can immediately revoke the credentials and assign them to a new user. Without the requirement of a physical object, security teams can deploy credentials to new users remotely, saving the delivery of an access card and allowing occasional office visitors to register for multiple sites on the day their contract starts.
BEFORE SWITCHING TO MOBILE CREDENTIALS
While mobile access controls offer numerous advantages over access cards, they do not mitigate all vulnerabilities. Employee engagement and responsibility remain crucial, and all staff must still exercise caution when holding the door for others, for example. They should also, of course, never share their mobile devices or grant access to unauthorised individuals.
Access cards are traditionally held on lanyards printed with company branding and offer a visible cue to employees regarding who is and who isn’t permitted to be on the premises, so removing them may lead to uncertainty when new colleagues appear in the building. However, branded cards and lanyards create a risk by identifying the building a found card can access. On balance, it is better for staff to ask questions than to assume an individual is welcome just because they have a coloured ribbon around their neck.
Effective communication and training can address any minor issues arising from the shift to mobile credentials. They certainly shouldn’t detract from the improvements to security, user experience, sustainability, and employee onboarding made possible by biometric-secured mobile credentials.
FMs not already utilising this technology should seriously consider the opportunity to do so in their upcoming projects.