Form Meets Function

Apr 1, 2003 12:00 PM, By RANDY SOUTHERLAND

Corporations, governments and other organizations take them for granted. Employees regard them as nuisances to be worn around their neck like modern day collars. Some people might say the humble ID card doesn't get any respect.

The truth is, this little piece of plastic is playing a greater role than ever in securing facilities. These days the cards are made of better materials and they can be loaded with functions that were barely dreamed of a few years ago.

Thanks to advances in computer chips, radio frequency design and the linking of databases, cards have gotten “smart” these days. While the picture identifies who you are, the card itself can get you into your office, or onto your computer network, and it might just be carrying as much personal information about you as a small filing cabinet.

“Biometric attributers are being captured as part of defining you, and part of what is impregnated into the plastic ID card is either a 2D bar code representation of the fingerprint or hand geometry,” says Kevin Gillick, head of corporate marketing at Minnetonka, Minn.-based Datacard Group.

The picture of a face, fingerprint or hand can be stored on the card as a template or even as a unique number.

“So if someone steals your card and they substitute their picture for your picture, they still won't know how to generate that unique number,” agrees Dennis Kallelis, vice president of engineering at Bedford, N.H.-based Imaging Automation.

These new — and harder to duplicate — forms of identification can improve the card's ability to identify employees and anyone else requiring access.

Advances in technology have also made it possible for one card to serve double or even triple duty at an organization. Many of the requests for proposals coming into an integrator's office routinely ask for these multiple functions.

“There might be two chips and two antennas buried into a single card, including a mag-stripe and a bar code,” says Dennis Caulley at Ontario, Canada-based AccessID. “Convenience is still extremely important, especially if there's any type of gate-keeping going on where people have to pass their badge across a certain entrance to gain access.”

While mag-stripe technology certainly has not fallen by the wayside, some form of contactless technology — usually a chip and a radio frequency antenna system — is also being included.

“It's an excellent way to process people quickly through turnstiles and doorways,” Caulley says.

Cards can also facilitate varying levels of security throughout a building, or even between physical access to a facility and access to a computer and the company database.

“It may be easy to get into a building, but very demanding to get onto the network,” suggests Gillick.

More Durable Cards

Those in the ID card business say cards are not only doing more these days, they are much more advanced in their physical production. One of the primary changes came several years ago in the move from the instant film-type production dominated by Polaroid. Today, more than 98 percent of the U.S. marketplace has moved to desktop printers for photo images.

During this transition, the cards' materials have also evolved, from a polyester base to a PVC base.

“Early on in that transition, about four or six years ago, there were lots of complaints in the industry about cards not lasting as long because they were used to the old Polaroid laminate materials,” Caulley says.

To answer those complaints, cards were constructed of newer materials, including polyester and PVC blends. These tougher composites have increased the lifespan of cards, as have over-laminates.

“As far as how many companies actually implement those (materials), it depends on the technology they have,” Caulley says. “If they're using mag-stripe or barcode exclusively and they're in a high-abrasion environment, they'll usually get counseled by their ID supplier to use a printer that will add an over-laminate to the card.”

Complex cards like those with proximity technology can be prone to damage, says Bob Fontana, president of Boca Raton, Fla.-based Codebench.

“The break point seems to be in the bonding of the chip itself to the antenna,” he says.

Another major advance has come through the use of laser technology that can put photographic information and text information at a sub-surface level, according to Gillick.

“So the laser permeates the top layers (of the card) and actually creates the credential within the layers of the card itself,” he explains.

Processing technologies have also allowed for the use of “ghost images.” A top coating makes it much more difficult to alter the information on the card surface without damaging the card itself, he adds.

How Secure?

Card construction and printing methods have certainly made it more difficult to create fraudulent cards. Even though they are harder to duplicate, security experts readily admit that any of the technologies can be breached.

“I would be more concerned about the threat to security now that we know some of the more secure applications aren't that secure,” Fontana says.

General Motors Corp., for example, discovered that employees in its plants were creating copies of Wiegand cards. One worker could clock in another as if he had been present the entire day.

Barcodes can be copied on high-quality scanners, and data skimmers are easily purchased from Web sites that allow credit card information to be copied.

“We've seen everything counterfeited here, from military smart cards to INS documents to driver's licenses of all 50 states and 100 foreign countries,” says Captain David Myers, coordinator of Florida's nationally recognized Fraudulent ID Unit. His office regularly tests the validity of fraud resistance for all types of cards and documents.

Even contactless cards and optical memory cards are not invincible to tampering, he adds.

Making ID cards more secure is particularly important as they come to assume a greater role in identifying individuals moving between countries. Numerous news reports have detailed how easy it is for someone with a single fraudulent document to obtain a driver's license and then a whole series of other documents.

“The key is to stop those people who have fraudulent identities from getting genuine ones,” Kallelis says.

Making documents — and particularly cards such as driver's licenses — more secure, by manufacturing them at a secure central facility, can reduce the risk of fraud.

While many in the corporate and government worlds are aware of the weaknesses inherent in card technology, relatively few are taking the steps needed to make their cards truly secure. For many companies it is simply a business decision based on cost-benefit analysis — the cost of achieving a higher level of authentication isn't worth the potential risks. For others, it is easier to ignore the problem and hope their system is never tested.

“It depends on the degree to which they perceive business risk and how high they want to raise the bar to protect either intellectual property or people,” Gillick says.

For some organizations, striving for 100 percent validation of cardholders, and thus achieving a higher level of access control, is worth the effort.

“You must use a variety of technologies aimed at achieving that level of security as well as effectiveness,” says Thierry Lehartel, marketing manager at Datacard.

In addition to card access, it becomes necessary to include biometrics and perhaps the ability to access stored employee images on a computer screen to compare with the person presenting the card.

Another approach is to avoid becoming totally dependent on the information embedded in the card by achieving a better means of validating the authenticity of the card itself, says Myers.

“People don't necessarily try to counterfeit the access code,” he explains. “They just try to get access. The normal person, when going out a door, holds it for the next person.”

An individual with a card around his neck or clipped to a belt will often be allowed to pass through with no one intervening to demand a closer look. Even when a card obviously won't open a door, a guard may only be able to verify who the person is by comparing the name against a list.

In addition to micro printing directly onto the card surface, Myers says certain inks can be applied to the card that can only be detected under ultra-violet “black light” or a frequency-specific light that the security desk can use.

Don't Make It Harder

As companies have been busy ensuring cards are resistant to fraud and have continued to add applications, the guiding mandate has been to keep the complexity below the surface and out of sight of the customer, Gillick says.

Companies are capturing a wide array of data during the enrollment period when employees are issued their cards. All this information — whether name and photo or a handprint template — has to be incorporated into the database in a usable format.

“So their expectation is that we make it no more difficult for them operationally than what they are already doing,” Gillick says.

For many companies, that means building increasingly complex — but also increasingly user-friendly — software and other equipment. It also means new standards for technology and an evolution to better systems.

For the Record

ABOUT THE AUTHOR

Randy Southerland is an Atlanta-based writer and regular contributor to Access Control & Security Systems.

ABOUT THE COMPANIES

For information, circle the Reader Service number (listed below) or visit securitysolutions.com

AccessID	15
Codebench	16
Datacard Group	17
Imaging Automation	18

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue