Mobile vs physical access credentials – a tough battle

0
797

According to the latest IHS Markit market insight on the access control sector, mobile credentials globally have experienced nearly 150% growth between 2017 and 2018. Over four million new mobile credentials were downloaded in 2018 and are the fastest growing product type in access control systems. However, research analyst Bryan Montany suggests that in spite of this dynamic growth, mobile credentials will not replace the continued use of physical cards to enter a majority of facilities worldwide in the next decade.

Over the past decade, access control vendors have promoted the introduction of mobile credentials as a revolutionary technology that will accelerate the adoption rates of cutting-edge equipment in facilities worldwide. Mobile credentials consist of virtual data that are downloaded onto smartphones, and they can be utilised as alternatives to traditional physical credentials such as ID cards and badges. This credential data can then be delivered by the user’s smartphone to a mobile-capable reader through Near-Field Communication (NFC), Bluetooth, Wifi, or cellular transmissions.

Over the next five years, IHS predicts that mobile credential downloads will grow at over a 100 percent compound annual growth rate (CAGR) worldwide. Over 120 million mobile credentials are projected to be downloaded by end-users in 2023, which will represent nearly fifteen percent of all new credentials entering the market that year.

The use of mobile credentials offers numerous compelling benefits for both facility owners and occupants. The ubiquity of smartphones ensures that the use of mobile credentials can be readily facilitated. Furthermore, building entrants frequently lose or misplace their physical credentials, which building owners must then replace.

Access control systems have been among the last to embrace the capabilities of mobile technologies. Security professionals have generally been more cautious to embrace new trends, as any unforeseen complications introduced by new products could threaten to introduce critical security vulnerabilities.

However, there are signs that the market for mobile credentials has finally gained traction. In 2018, growth rates for worldwide annual downloads of mobile credentials surpassed 150%, and the market size grew to nearly 4.1 million downloads. By 2023, mobile credentials will grow from 1% of all credentials issued annually to 14% and will be introduced as a prominent alternative to physical credentials across the globe. IHS Markit projects that annual downloads of mobile credentials will reach over 9.8 million in 2019, over 20 million in 2020 and over 120 million by 2023.

Through 2023, the private commercial sector (including hotels and office buildings) will continue to dominate the market for mobile credentials with over a 90% share of the total market size. Universities and other educational facilities will represent over half the remainder of the market, and penetration rates will remain relatively low in other vertical markets. A more notable transition will occur regionally, as the Asia Pacific region will replace North America as the largest regional market for mobile credentials by 2023. China and India will spark this shift with their massive populations and rapidly growing economies. The Chinese market for mobile credentials alone will constitute nearly 75% of the Asia Pacific region’s total annual downloads of mobile credentials by the year 2023. Meanwhile, India is one of the few remaining global markets where smartphone sales are expected to experience robust growth, with the market size expected to nearly double to over 800 million users by 2022.

This anticipated market shift has led many vendors to redirect their focus to introduce new hardware and software products that are compatible with mobile credentials. Global unit shipments of mobile-capable readers, such as I-class Seos and Mifare Desfire readers, increased nearly 20% between 2017 and 2018. Manufacturers are also offering inexpensive Bluetooth modules that can be installed to add mobile technology compatibility to older models of access control readers.

Cyber security and privacy concerns have limited the wide scale adoption opportunities for mobile credentials according to IHS Markit. A vast majority of organisations do not provide building occupants with approved smartphone devices, and entrants are expected to download mobile credentialing applications onto their own personal devices. The use of an entrant’s personal smartphone introduces a cyber security risk to the building owner, as unapproved third-party devices could introduce viruses to an organisation’s IT infrastructure. An even greater concern is that a hacker or another malignant actor (such as a disgruntled employee) could exploit network vulnerabilities through their own unsecured and unmonitored devices.

Meanwhile, building tenants have expressed concerns that organisations may utilise mobile credential applications to track behaviour and collect personal data stored on their smartphones. Many occupants have preferred to retain their physical credentials to avoid possible exposure of personal information, in spite of assurances from mobile credentialing application providers that this information would be protected.

Many access control vendors have addressed these concerns by encouraging hybridised mobile and physical credential use through bundled packages where physical and mobile credentials are offered together. Other vendors, such as Allegion, have offered mobile credentials for free but have charged for software and cloud services associated with creating and issuing the credentials. In 2018, an increasing percentage of mobile access vendors have also experimented with license fee and subscription business models for selling mobile credentials. The monetisation of mobile credentials is another potential market barrier for vendors as most building owners have been unwilling to pay extra to provide entrants with the option to forgo a badge and enter with their phones.