Mobile phones challenge plastic cards

0
1230

In a world where we never stop moving, it makes sense that mobile technology is everywhere. This includes almost all workplaces. By 2016, 94% of European large businesses were providing workers with connected mobile devices, according to official EU statistics. And they are using them for more than just email. Recent Criteo research suggests 39% of online travel agency bookings now come via a mobile phone.

The growth of “mobile-first” cuts across industries. “Mobile access control will increasingly keep pace with modern mobile working,” says Thomas Schulz, Director Marketing and Communications, Digital and Access Solutions at Assa Abloy EMEA. Yet there is a workplace function where mobile phones are the exception: access control. The technology exists, for sure. Mobile seems a natural fit for convenient security. The device you carry everywhere — the smartphone — can replace a separate RFID card. The mobile phone is at the centre of many exciting innovations in access control.

According to the Wireless Access Control Report 2018: “Where access control is concerned, security departments have historically been tasked with fulfilling two major tasks as inexpensively as possible: tracking time and attendance; and preventing unauthorised entry. Rightly or wrongly, cards, fobs and keycodes are seen as fulfilling these jobs adequately. Security professionals are unwilling to jeopardise security by adopting innovations perceived as unproven.”

Research supports the notion of wary security managers. One European Commission Digital Transformation Monitor report suggests 51% of businesses with a BYOD (Bring Your Own Device) policy believed they had suffered some kind of mobile security breach. Device manufacturers including Lenovo, according to Schulz, note the growth of CYOD (Choose Your Own Device) as a potential remedy.

These reservations about mobile phone access are well rehearsed. Yet using a mobile phone instead of a smart-card also has advantages. How quickly would you notice if you lost your work access card? Everyone is more careful with their precious handset. And if a phone is stolen, password, pattern and fingerprint ID security can prevent a thief from gaining entry to premises, or even to the phone itself. Student halls of residence, for example, can expect a significant uptick in site security from mobile phone credentials. Few students would instantly notice a missing smart-card; almost none survive for long without their mobile.
Phones can also be protected with biometrics much more cheaply than whole premises. “Rather than having to add biometric capture devices in or alongside readers, the phone itself can easily be used as a capture device for face or voice (or both), with comparison and matching done locally on the phone or centrally,” David Anthony Mahdi, research director at Gartner, said in 2017. “This approach also mitigates the risks from an attacker who gains possession of a person’s phone.”

Phones open new possibilities for keeping credentials up-to-date without the need for separate readers or a return-to-base. To take one example, the new Smartair Openow solution enables security managers and site users to manage virtual keys inside a secure app. If a security admin cancels a virtual key, it vanishes immediately from a user’s Openow app. These virtual keys can be created and sent from anywhere. Facility managers can check and amend every virtual key’s access rights whenever they want, and wherever they are.

Getting rid of physical credentials has these concrete advantages and it can also help to project a contemporary image for businesses. These advantages foreshadow a brighter future for phone-based credentials. By 2020 Gartner predicts 20% of organisations will use smartphones for access, in place of plastic smart-cards. These same positives outweigh those surmountable issues with mobile access.

In many sectors, mobile credentials are now expected to spread fast. IHS Markit’s senior analyst Jim Dearing writes: “The end users most likely to transition to a full mobile credential-only system are those who have to deal with large numbers of temporary visitors or who experience exceptionally high card turnover rates. Examples include building sites at which contractors require access to varying locations, as well as universities and hotels where large numbers of cards have to be replaced each year.” Solutions for mobile workers are amenable to smartphone-based access; this exact constituency is a focus for Cliq Connect with its Mobile-First extension, a key-holder no longer needs to update access rights physically in person. All they need is a smartphone and the Cliq Connect app.
“Only mobile technology gives facility managers the ability to react at such speed. Hats off to the longevity of the RFID card. But the future’s brighter and faster… and mobile.” predicts Thomas Schulz.