Home » Are Smart Cards Right for You?

Are Smart Cards Right for You?

March 1, 2005

Building Access – By using smart cards as the employee badge, end users can add new capabilities like computer security as well as corporate cafeteria and vending payments. Photo courtesy: Axalto

Smart cards are rapidly becoming the most effective way to secure buildings while incorporating key functions such as cashless purchasing, securing assets and storing biometric identifiers for highly secure facilities. Smart card benefits are widely understood and continually validated but until recently, most organizations were hesitant to consider using these systems. Various barriers including high costs, complexity of transitions, limited knowledge of potential uses and waiting for a single standard to be adopted were holding up widespread smart card adoption.

Recently, these barriers were eliminated with the introduction of new reader technology, and security executives can now consider adopting this valuable technology. The next generation of access control readers, unveiled in late 2004, simultaneously read both smart and proximity cards from different vendors to allow for simpler transitions. They also leave room for future advances in card technology to protect investments over time.

While exciting for the security market, these new readers may not be for every business. Smart cards are designed to address certain market needs; however other access control technologies such as proximity and magnetic stripe have their place in the market. The question then presents itself: How do decision-makers within an organization determine whether or not adopting smart card technology is right for their business?

Consider these 10 points to help determine whether or not your company should adopt smart card technology.

USB Token – Some smart cards provide a convenient way to secure PC and network access, replacing the highly vulnerable user ID/password approach.

1. Physical and logical access control for employees:

When it comes to deploying smart cards, the most fundamental use is the ability to bring physical access and IT user identification onto a single authentication point. Smart cards have the ability to hold more memory, which means multiple applications can be addressed with a single card – something other access control technologies such as proximity are unable to do. By using one card for both physical and logical access, both costs and potential security concerns associated with credentialing employees are reduced.

2. Provisioning of access to databases and locations:

When an organization requires advanced authentication from certain users and not others, smart cards allow for simple, secure provisioning of cardholders to ensure that only the employees authorized to reach certain IT and physical locations in a company attain those areas. Smart cards alleviate the need for complicated tracking of multiple users and instead impart a simple method of user provisioning.

Duplication and corruption-resistance:

Smart cards, unlike other secure credentialing technologies, are difficult to duplicate. In the past, the only option to ensure that cards were not duplicated was to adopt a proprietary technology, which, unfortunately, meant higher costs. In today’s environment, smart cards are highly secure and very difficult to corrupt or duplicate.

Simple upgrade:

Security managers have long avoided moving to new card and reader systems because, in order to do so, old cards needed to be re-issued and old readers needed to be ripped out and replaced overnight. With new reader technology, current proximity cards can be used with new reader technology and cardholders can be re-badged over time.

5. Multiple standards:

Many organizations would like to upgrade to smart cards but are confused by the many standards that exist. Security managers are waiting to see which standard will be adopted and are not willing to risk guessing on selecting one over the other. Today, with new reader technology, multiple standards are met with a single reader to avoid the guessing game and ensure that investments chosen today are protected. There is no longer a need to wait for a standard to be adopted. Smart cards can be implemented now.

6. Cashless purchases and vending:

Companies can now have a single unified token for purchases made in on-site dining, vending or transportation services at the company or university. Organizations can avoid spending huge dollars to link disparate systems while employees avoid carrying cash.

7. Using biometrics:

Highly secure facilities such as government buildings and data centers need to have more than a single token of authentication. They often choose to use biometrics to ensure only the right people have access to protected areas of a facility. Unfortunately, biometric templates stored in a centralized database can take some time for the authentication process. As such, the best approach is using a smart card with the template stored directly on it; this offers the fastest retrieval and processing of cardholders.

8. Simple tracking of contract employees.

In organizations where there are a number of contract employees, issuing credentials to these employees and provisioning their access to physical locations as well as IT assets is essential to maintaining security. Smart cards, with their ability to hold information on both physical and logical security, make this an easier process for the security and IT departments to manage

9. Time and attendance:

Access control information stored on a smart card can be routed into human resources databases, allowing employers to track the attendance habits of their employees in a more structured manner.

10. Controlled spending:

Organ-izations can exercise better control over the allocation of budgeted dollars by allotting a set amount of money to certain individuals or departments, much like a pre-paid calling card. For example, the human resources department can be allotted a certain amount of dollars for an employee reward program. The currency allotted for this program can be allotted on a smart card.

The incorporation of smart cards won’t be immediate; but over the next year the industry will experience the beginnings of a true paradigm shift. The advent of new multi-technology readers opens up many new options in terms of access control. In corporate climates where security is of the utmost importance, many organizations are eager to take advantage of the technology. Businesses this year will undoubtedly reap a multitude of benefits through the implementation of smart card technology, and the adoption of new open solutions like multi-technology readers.

I want to hear from you. Tell me how we can improve.

BNP Media Owner & Co-CEO, Tagg Henderson

You must login or register in order to post a comment.

Chad Schermerhorn, Security Expert at Brivo, will discuss how your physical security stack should be an operational asset. It should be based on the strongest, and most-up-to-date smart security that can protect you today and adapt for unexpected threats that may come.

DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.