For several years now, the access control industry has waited for the hype surrounding smart cards to bear fruit.After all, the transition to smart cards represents the next logical step in the evolution of access control, tracing back to the old-fashioned key systems that still do the job for a great many companies today.
Gradually, key-based systems were replaced in larger facilities by the mag stripe cards that individuals could swipe through a reader. Then, “contactless” proximity cards came to fruition that eliminated the need for a physical interface and allowed “speed pass” access into facilities.
That market will be further advanced by the January 1, 2005 deadline for completion of the Europay, MasterCard and Visa (EMV) migration, a process that requires point-of-sale terminals at banks and other financial institutions to be upgraded to accept credit card and debit smart cards lest retailers face the liability of card fraud.
The potential benefits of smart cards have been universally recognized, with most interested parties identifying areas such as:
Physical and logical access control: The most fundamental use when it comes to deploying the smart card within the physical plant - the ability to bring physical door/entranceways access and IT user identification on to a single authentication point - will significantly streamline the costs and potential security concerns associated with credentialing employees.
Vending: Whether it is recreational snack purchases or business-related supplies, companies can now centralize the purchases made in on-site vending machines.
Time and attendance: Access control information stored on a smart card can be routed into human resources databases, allowing employers to track the attendance habits of their employees in a more structured manner, allowing for greater enforcement of company policies.
Closed-loop cashless purchases: Mirroring the vending machine model, companies can now allow their employees to make purchases (meals, supplies, etc.) on a cashless basis.
Projections for the market remain strong. Recent research from Frost & Sullivan, for example, found that the combination of EMV migration and competitive pressures evolving in the financial services market has led to smart card revenues totaling $453.3 million for that sector in 2003, a number that is expected to reach $1.2 billion in 2008.
On the access control side, however, advancement has been slower. To date, the greatest push for smart card adoption has come from the government, where a report released by the U.S. General Accounting Office (GAO) in 2003 found that 18 federal agencies had initiated 62 smart card projects, though most were of a somewhat smaller scale.
Currently, the largest smart card deployment in the U.S. government is the Department of Defense’s Common Access Card (CAC) program, which provides identification and access to both physical and logical systems for more than 4 million military and civilian personnel employed by the DoD, a number that the Department reportedly hopes to expand to more than 18 million in the future, potentially integrating biometric technology into the cards.
Interestingly, the GAO report listed five challenges that the government had faced and would continue to face in terms of advancing smart card adoption:
- Sustaining executive-level commitment
- Maintaining the security of smart card systems and privacy of personal information
- Integrating physical and logical security practices across organizations
- Recognizing resource requirements
- Achieving interoperability among smart card systems
The list is reflective of both the cultural and technological barriers to wide-scale smart card adoption, yet the report adds that it is the cost prohibitive nature of upgrading to smart cards that has presented the biggest roadblock. This is the sentiment that rings truest in the corporate world as well. Putting aside potential concerns around information security and privacy or altering existing security and credentialing practices, the single biggest hindrance to wider smart card adoption has been the lack of interoperability among cards and readers.
The coming year will be one of change as the barriers toward interoperability come down following the arrival of the “universal” reader.
Universal readers are open standard, multi-protocol readers that combine both proximity and smart cards. Fully ISO 15693 and 14443A/B compliant, this new breed of readers can process smart card protocols such as iCLASS® and MiFare® and simultaneously read card technologies such as 125 KHz HID®, Deister SmartFrame™, Mifare® (Serial Number & Sector), DESFire® (S/N), ISO 15693 (Serial Number, Sector and Encrypted Sector), ISO 14443 (Type A & Type B) at both 125 KHz and 13.56 MHz.
This multi-frequency, multi-protocol and multi-modulation approach allows customers – until now locked into proprietary reader/card technology and frightened by excessive infrastructure upgrade costs – to use their current proximity cards as they transition to a smart card system and gives them greater overall flexibility when choosing new, more advanced smart cards.
Ideally, the arrival of universal readers will have the same galvanizing affect on the access control market that the DoD has had in government and the EMV movement has had in banking and financial services.
No longer should the costs of a smart card migration/upgrade be either daunting or immediate as companies will have the option of executing a more “graceful ascension” now that their existing proximity cards can coexist with the incoming smart cards.With that in mind, dealers must begin to make the case – and set expectations – for their customers about smart card migration.
Following is a list of five helpful tips dealers should keep in mind when advising their customers on executing a smooth migration to smart cards:
The world doesn’t change overnight: As stated above, one of the primary reasons smart cards have not truly taken hold was the cost prohibitive nature of making wholesale change, not to mention the logistical challenges it presents in terms of accepted work processes. With smoother migration now possible, don’t try to force the issue.
Before you rewrite the rules, first learn to read: With the advent of universal reader technology, any smart card migration has to start with the readers. Only true interoperability with existing proximity cards and new smart cards will allow companies to gradually make the transition.
Assess your security needs and start big: This may sound like an opposing viewpoint to the above but what it really means is that, in order to establish smart cards as a presence in the enterprise and one that will gradually become pervasive, it needs to begin with mission-critical security areas. This will automatically build its use into core processes and establish its relevance from the outset.
Don’t get too cute too soon: Avoid bringing too much information or alternative functionality onto the smart card too soon. Individuals may resist change if they think that their accepted means of access to every information point or service has been altered.
Develop proper training/education: As with any transition or migration process, the easiest way to ensure success is to provide as much information as possible. Often, the greatest pitfall to these processes is the social barriers. Individuals by nature resist fundamental changes to their work processes. Only by educating them to the enormous benefits of a smart card environment will they come around more quickly.
No comments:
Post a Comment