Are Keycards Still Sufficient to Protect Your Campus?

Growing safety concerns about keycards and fobs are leading many organizations to reconsider their legacy access control systems.
Published: November 22, 2023

According to a new survey, 40 percent of workers say they are more concerned about personal safety at work than they were just a year ago.

Safety concerns are leading many organizations to reconsider their physical access control systems – specifically, understanding if they are still sufficient or effective as they are currently implemented.

As most of us know, a physical access control system allows organizations to manage who enters a physical space. Doors and locks are the most basic form of physical access control.

Traditionally, these have relied on keycards and fobs incorporated into electronic systems, which then allow designated people to enter protected areas at specific access control points.

——Article Continues Below——

Get the latest industry news and research delivered directly to your inbox.

However, keycards and fobs aren’t perfect, dupe-proof systems, due to the fact that they’re not bound to an individual. It is all too easy for someone to give or loan their keycard or fob to someone else, or for this type of credential to be stolen, allowing access to unauthorized individuals

Fobs and keycards can also present problems for time and attendance systems when people use them for timecard fraud. For example, employees may ask a friend to run their keycard for them, so their employer is falsely under the impression they were at work (when in fact they weren’t). This is a practice known as “buddy punching.”

Biometrics – or, unique individual traits such as fingerprints, facial scans or speaker recognition that can be used to verify an individual’s identity – can be the key to overcoming these challenges.

Biometric authentication can ensure organizational security is effective or get these organizations to the next level of physical access control and workforce management by answering the question – is this really the authorized person?

Here are four questions you should ask if you’re wondering if keycards or fobs are still sufficient to protect your enterprise customers, or if you need to be offering more:

Does your organization have a resource constraint associated with using keycards and fobs that is making them lose operational efficiency?

Think of high security buildings that need a security guard 24×7 to ensure that only authorized people are able to access the building. Implementing biometrics can enable the building to save a lot of money in this instance.

Are keycards and fobs sufficient for the security measures your campus community demands and expects?

It’s vital for your campus to demonstrate their commitment and assurance to workplace and campus safety. At the same time, your organization needs to make sure any additional security measures implemented do not add unnecessary friction as employees, students, patients, and visitors come and go.

Does your campus have any necessary compliance requirements that may necessitate something more?

The Department of Defense has been handing down increased security requirements in response to threats from China, Russia, and others. In fact, many small- and mid-sized contractors may no longer be eligible to receive a government contract if they don’t have a fully modernized and in some cases an auditable security system in place.

Has your organization had any fraud events or do they see potential for future fraud events?

As noted with the “buddy punching” example, unworked time recorded by employees can quickly add up. Unfortunately, new statistics demonstrate the prevalence of such practices, with 19% of workers admitting they participate in timecard/timesheet fraud by helping coworkers clock in and out of work.

Maybe the answer to one or more of these questions is “no,” and you determine that fobs and keycards are still sufficient for your organization. But if you find yourself needing to offer additional assurances or more advanced security, alternatives like biometrics can provide a modern solution in any of these situations.

It used to be that only large organizations could offer biometrics because they required an overhaul of existing infrastructures, and were expensive and time-consuming to implement.

The first bit of good news is that most organizations won’t have to add new infrastructure (like cameras or readers) or replace existing infrastructure; they can leverage the equipment they already have along with the bring-your-own-device (BYOD) trend.

Biometrics Offer Many Benefits

Biometrics combined with BYOD automatically offers the superior security levels associated with multi-factor authentication (MFA), which is when an authentication process requires multiple factors – something a person has, something he or she knows (like a password) and/or something he or she is.

In this case, something a person has (their device) is being combined with something he or she is (face, voice, or fingerprint). Leveraging existing equipment and investments, enterprise customers can create an ultra-modern physical access control system that perfectly balances security and experience.

Consider that in the air travel industry, airports using biometric boarding have been shown to load flights in less than half the time it takes with standard documents.

The second piece of good news is that biometric capabilities or workflows are now available in a cloud-based SaaS model. This means any size enterprise customer can now use biometrics as part of their physical access control offering – whether it’s a small organization securing a single door, office or closet, or a global enterprise with multiple buildings with various security levels needed.

Any organization can quickly get up and running with minimal upfront investment of time and resources.

In recent years, many security integrators have put the majority of their enterprise customer focus on cyber elements like routers and firewalls. This is of course beneficial, but you shouldn’t pursue this limited approach without placing equal emphasis on the physical perimeter.

Given the critical need for security and safety, the time is right for schools, institutions of higher education, and healthcare facilities to evaluate if fobs and keycards are still sufficient. Perhaps they are.

But if not, new market advances offer the ability to leverage existing infrastructure investments and fortify physical access control practices more quickly and effectively than ever before.


Bob Eckel is the CEO of Aware. This article originally appeared in CS sister publication Security Sales & Integration and has been edited.

ADVERTISEMENT
ADVERTISEMENT
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series