Convergence Q&A: The Facility Code Vulnerability

Be sure to close this potential loophole in your access control

It is important to understand what card format your organization uses and determine whether Facility Code mode is enabled for any readers. If a review of access transactions shows that access has been granted or denied to someone who claims not to have presented a card at that time, realize that the transaction may be from an outsider’s card with duplicate card data. Disable access for that card (but continue tracking its use) and reissue a new card in its place.


Write to Ray about this column at Ray Bernard, PSP, CHS-III is the principal consultant for Ray Bernard Consulting Services (RBCS), a firm that provides security consulting services for public and private facilities. For more information about Ray Bernard and RBCS go to or call 949-831-6788. Follow him on Twitter: @RayBernardRBCS.