If you tried to enter Baghdad’s heavily fortified Green Zone, you would fully expect to have your ID badge thoroughly examined before being granted access. Of course, given the high stakes of a war zone, you would probably be happy to comply with the added delays and nuisances related to a security measure requiring people to verify that your ID badge is legit—and that you are its rightful owner.
But in your everyday life here in the U.S., the situation isn’t always so cut and dry in regard to ID badges. For instance, should your local schools have an ID badge system? What about local businesses? Obviously, the answers to these questions depend on the type of schools or businesses and where they are located.
For you, the security dealer, the market for secure ID badges is growing and provides an opportunity for recurring revenues. Knowing how to help your clients assess their threat levels and identify which badges best fit their environment could boost your profit margins and enable you to better provide clients the “complete package” of security.
The Importance of Authorizing Access PROPERLY
“Your two typical uses [for ID badges] are both physical and logical access—to give someone access to a location or access to information,” says Shane Cunningham, Inside Sales and Marketing, Digital Identification Solutions. The company offers EDIsecure XID printers which can print on multiple card materials.
Anytime you have people getting unauthorized access to areas or information, the chance for a significant breach in security is increased. Therefore, it makes sense that a better badge system can better keep people where they belong. It is less likely there will be a breach in security. Securing the badge, itself, helps secure the building.
Naturally, the more security features put into the badge’s material, the more secure it will be; however, initial costs will also be increased. As such, clients have to make their own decisions regarding a badge system. But sometimes getting them to even think it through is the biggest obstacle.
“When you’re looking at corporations, if somebody has access to employee data, customer data, intellectual property that they shouldn’t have access to, what kind of harm could that potentially cause your organization?” says Kathleen Phillips, vice president of sales and marketing, Fargo Electronics.
If people on a college campus have access to personalization equipment and are creating fraudulent badges, then they’ve got access to dorms and that could be somebody’s son or daughter who’s violated, adds Phillips. “Or take day care for example. A lot of times they’ll use badges to identify which [relatives] have access to pick up that child. If you’ve got a badge where all of the sudden a parent who doesn’t have custody can take and produce a fraudulent badge, you’ve got a missing child case.”
“A lot of it is about managing risk,” says Connell Smith, vice president of ID solutions, Datacard Group, “and part of it is going back to understanding what the customer’s needs are.”
Securing Today’s Badges
Last September, federal agents apprehended a military contractor who had just landed at Dulles International Airport in Washington, D.C. His charge? Conspiracy to defraud the United States and possession of military badges with the intent to defraud; or put more bluntly, while he was working in Iraq, he gave unauthorized people access to the Green Zone.
On one hand, it might be depressing to think that if the Green Zone’s badge system could be compromised, any badge system could. However, keep in mind that as technology advances, it is becoming harder for external or internal people to falsify a state-of-the-art ID badge; and if they do succeed at creating the false badge, they are finding it increasingly difficult to get away with it.
Many security features are available today to embed in a badge’s material, making the badge harder to tamper with or replicate. Today’s printers and software used to make badges also can enhance the badge’s security by limiting who can print them, when they can be printed, and logging the history (which could be useful if it’s discovered that unauthorized badges had been made using the legitimate equipment).
“You should approach securing a credential the same way you would approach securing a physical building,” says Chris Sincock, vice president of business development, AccessID. For instance, he reasons that you would not rely solely on magnetic contacts to secure a building, so you shouldn’t rely on one method to secure a badge either.
“When we manufacture a card, we do it in layers,” continues Sincock. AccessID puts its RF electronics in the middle sandwiched between two layers of PVC, he explains. They then can do printing with the ability to use multiple technologies, such as UV color ink, microtext, and guilloche (see “Key Terms” on page 72 for definitions).
Magicard printers can print a watermark using the standard dye film overcoat panel through a patented process trademarked Holokote, says Deborah Olson, general manager, Ultra Electronics Magicard. “Typically the customer’s logo is ‘etched’ in a grid pattern across the face of the card in the clear overcoat. The background card design, photo and text on the card are clearly visible, yet there is a subtle watermark-like layer that authenticates the card,” she says.
“The logo is stored on an encryption Holokote key that plugs into a special port on the printer,” Olson explains further. “The keys must be programmed by the factory which provides an extra level of security. The Holokote key can be removed and locked away in a safe to prevent unauthorized printing. When the key is not present, the printer can print cards but without the secure Holokote watermark.”
It’s one thing to have a security badge loaded with secure features embedded in its material, but that only goes so far if somebody who has access to the equipment can make legit badges for people who aren’t supposed to have them. That is why it can be beneficial to have software that tracks when, where, and by whom badges were made. Not only can such software act as a deterrent, but it can help catch someone who is abusing the system.
Smith notes that Datacard offers the full range of products for badge materials, printers, and software. “The card is part of it, but what’s also really important is not just the security of the card, but making sure that only the right cards are in fact made,” he adds. “We have software that allows you to capture and control the production of the cards—and that’s password protected and controlled. We can provide a secure link between the printer and the PC so the two are linked and you can’t print cards off of anything other than that PC.”
Phillips agrees that secure badges require secure printers, secure software, and secure materials all working together. Among Fargo’s products dedicated to these goals, its Print Security Suite software performs a myriad of functions to secure the process of making badges, including the ability to send a text message to the security manager if badges are being made outside of normal business hours.
Another scenario to consider is when a badge is legitimately created for a legitimate person and purpose, but is only good for a temporary period of time, such as for a visitor for one day only. Temtec’s TEMPbadge features “expiring badge” technology, says Dana Milkie, general manager, Brady People ID.
“The expiring technology allows security personnel to issue badges with specific time durations for visitors, contractors and temporary employees,” comments Milkie. “These secure expiring badges incorporate migrating ink technology that changes color over an expected time frame to provide instant visual indication of a visitor’s status.”
Badge Business is Blooming
Smith describes the secure badge market as “rapidly growing,” and he encourages dealers who aren’t in it to strongly consider it. He reminds dealers that anytime you can sell a wider variety of security solutions to your customers, the more they will rely on you for advice and come back for repeat business. Besides, the supplies in a badge system produce recurring revenue and an opportunity to stay in regular contact with the customer.
Dealer integrators are also astutely aware however, that just because a market is growing and potentially lucrative doesn’t mean there aren’t pitfalls. Certainly, curious customers will want to know what can go wrong before they commit their money.
If you look at the process of making a secure badge, distributing it to its rightful owner, and then keeping it secure for the duration of its proper use, which part would you think is most vulnerable to exploitation? In other words, what’s the weakest link in the chain of events that make and keep a badge secure? Unfortunately, the most common answer to this question is “people.” It could be something as simple as leaving a password out in plain view or forgetting to lock up badge materials during off hours. It could also be more deliberate such as not taking the badge system seriously and not enforcing the standards that are already in place (like not confronting a person who isn’t wearing a badge).
“The security dealer is often the consultant to the customer,” says Olson. “It is in your best interest to give the customer a fully secure solution, and explain the vulnerabilities of any system you install.”
Microtext – Font that can’t be seen without a magnifying glass. Font this small can’t be produced without a commercial-grade printer.
Guilloche (“gee-oh-sh”) – A series of wavy lines generated by complex mathematical formulas. A guilloche cannot be copied or recreated without knowing the specific formula. (Look closely at one of the bills in your wallet, you’ll see guilloche patterns.)
UV ink – This ink is invisible unless viewed under UV (ultraviolet) light. There is also infrared ink which performs in a similar manner.
Overlaminate – A clear, plastic coating typically applied by heat and pressure which protects the badge.
Optically variable device (OVD) – Material that changes appearance when viewed from different angles.
Hologram – A hologram is an OVD. It is difficult to tamper with the layers of a badge without visibly damaging the hologram. There are two types of holograms: surface-mounted and embedded. (An embedded hologram is more secure than a surface-mounted one.)
Counterfeiting Made Easy
While counterfeiting state-of-the-art ID badges is becoming increasingly difficult, it is becoming easier to counterfeit the techniques of yesteryear’s best badges. Plus, there are a bunch of websites, many of which are offshore, that will produce counterfeited badges for you (such as ID badges specifically for large, well-known U.S. corporations). Of course, with the widespread use of scanners, laser printers, photo software, and the ability to buy almost anything on eBay, many people simply make their own counterfeits.
Five or six years ago, holograms would have been one of the most secure features to put on a badge, says Phillips. “Today that’s probably one of the least secure. Believe it or not, with just photo software like PhotoShop or CorelDraw, and a little nail polish, you can create a pretty cool hologram—it’s scary!”