Can phones challenge the resilient plastic card?

Mobile access control will increasingly keep pace with modern mobile working, says Thomas Schulz, Director Marketing and Communications, Digital and Access Solutions at ASSA ABLOY EMEA

In a world where we never stop moving, it makes sense that mobile technology is everywhere. This includes almost all workplaces. By 2016, 94% of European large businesses were providing workers with connected mobile devices, according to official EU statistics. And they are using them for more than just email. Recent Criteo research suggests 39% of online travel agency bookings now come via a mobile phone. I could cite many similar statistics: The growth of “mobile-first” cuts across industries.

Yet there is a workplace function where mobile phones are the exception: access control. The technology exists, for sure. Mobile seems a natural fit for convenient security. The device you carry everywhere — the smartphone — can replace a separate RFID card. The mobile phone is at the centre of many exciting innovations in access control.

So why does the physical credential still reign supreme in offices and commercial buildings?

Lift-off for mobile?
As a new report on the access control industry identifies, mobile phones have not made predicted progress in replacing the plastic smart-card — at least, not yet.

According to the Wireless Access Control Report 2018: “Where access control is concerned, security departments have historically been tasked with fulfilling two major tasks as inexpensively as possible: tracking time and attendance; and preventing unauthorised entry.

“Rightly or wrongly, cards, fobs and keycodes are seen as fulfilling these jobs adequately. Security professionals are unwilling to jeopardise security by adopting innovations perceived as unproven.”

Research supports the notion of wary security managers. One European Commission Digital Transformation Monitor report suggests 51% of businesses with a BYOD policy believed they had suffered some kind of mobile security breach. Device manufacturers including Lenovo note the growth of CYOD as a potential remedy.

These reservations about mobile phone access are well rehearsed. Yet using a mobile phone instead of a smart-card also has advantages. How quickly would you notice if you lost your work access card? Everyone is more careful with their precious handset. And if a phone is stolen, password, pattern and fingerprint ID security can prevent a thief from gaining entry to premises, or even to the phone itself.

Student halls of residence, for example, can expect a significant uptick in site security from mobile phone credentials. Few students would instantly notice a missing smart-card; almost none survive for long without their mobile.

Phones can also be protected with biometrics much more cheaply than whole premises. “Rather than having to add biometric capture devices in or alongside readers, the phone itself can easily be used as a capture device for face or voice (or both), with comparison and matching done locally on the phone or centrally,” David Anthony Mahdi, research director at Gartner, said in 2017. “This approach also mitigates the risks from an attacker who gains possession of a person's phone.”

Phones open new possibilities for keeping credentials up-to-date without the need for separate readers or a return-to-base. To take one example, the new SMARTair Openow solution enables security managers and site users to manage virtual keys inside a secure app. If a security admin cancels a virtual key, it vanishes immediately from a user’s Openow app. These virtual keys can be created and sent from anywhere. Facility managers can check and amend every virtual key’s access rights whenever they want, and wherever they are.

Students and staff at the new $100 million Arkansas State University campus in Queretaro, Mexico, are already reaping the benefits of Openow. With no access cards to collect or validate, every user installs and validates their app and collects keys virtually. It’s secure and convenient.

Getting rid of physical credentials has these concrete advantages. It also helps to project a contemporary image for your business — perhaps why the SMARTair solution attracts major interest from the fast-growing, design-conscious co-working and shared office sector. When Openow-equipped phones replace plastic key-cards, there’s no need for a card activation terminal at reception. Access feels slicker.

Mobile solutions for mobile workers
These advantages foreshadow a brighter future for phone-based credentials. By 2020 Gartner predicts 20% of organisations will use smartphones for access, in place of plastic smart-cards. These same positives outweigh those surmountable issues with mobile access. Perhaps, too, they explain why mobile solutions keep winning industry awards. ASSA ABLOY’s mobile solution CLIQ Connect has been a winner at the Detektor International Awards, recognizing outstanding innovation in security alarms, access control and CCTV. It also won the Gold Trophy at France’s APS Awards and Protector & Wik’s Golden Protector Award 2018.

In many sectors, mobile credentials are now expected to spread fast. IHS Markit’s senior analyst Jim Dearing writes: “The end users most likely to transition to a full mobile credential-only system are those who have to deal with large numbers of temporary visitors or who experience exceptionally high card turnover rates. Examples include building sites at which contractors require access to varying locations, as well as universities and hotels where large numbers of cards have to be replaced each year.”

Solutions for mobile workers are amenable to smartphone-based access; this exact constituency is a focus for CLIQ Connect. With this mobile-first extension to the CLIQ mechatronic access control system, a key-holder no longer needs to update access rights physically in person. All they need is a smartphone and the CLIQ Connect app. To change a key-holder’s access permissions, an admin accesses the CLIQ Web Manager — from anywhere — and updates it. A key-holder makes an encrypted connection between their programmable Bluetooth key and the app to instantly update permissions from the cloud.

As well as saving companies’ administration costs, CLIQ Connect boosts security, because in the event of a lost key, access authorizations can be deleted instantly. Shorter (i.e. safer) access validity timeframes no longer disrupt everyone’s work.

Only mobile technology gives facility managers the ability to react at such speed. Hats off to the longevity of the RFID card. But the future’s brighter and faster... and mobile.

You can download the full “Wireless Access Control Report 2018” from https://campaigns.assaabloyopeningsolutions.eu/wacreport2018