Smartphone Access Is Accelerating the Transition Away from Cards and Fobs

July 17, 2019
Mobile access technology enables other use cases that aren’t possible with today’s keycards

When you enter the lobby of the recently opened Salesforce Tower in San Francisco, the tallest building west of the Mississippi River, things look a little different from the typical commercial property. Tenants and visitors breeze through the turnstiles, swiping smartphones to gain access. At elevator dispatches, people tap their phones to call an elevator to their floor. And upstairs, people seamlessly access secure doors using their mobile devices. If this scene is any indication, it’s time to plan for the advancing tide of smartphone access technologies.

What’s Driving Smartphone Access Adoption

The iPhone was released 12 years ago this summer and Bluetooth-enabled phones have been around even longer. But it’s only recently that this technology has matured enough to use in mission-critical physical security applications. Today, the technology is ready, and adoption is accelerating due to the confluence of three interconnected trends.

First, enterprises and property owners are looking to make access control easier to manage. The average company loses 2.6 cards/fobs for every 10 employees every year. For larger organizations, replacing thousands of cards each year creates an enormous amount of manual work removing the old cards from the access system, adding the new cards to the system, and physically delivering the cards to employees all over the world. Moving to mobile access significantly reduces the manual effort of security personnel to respond to a loss incident. Employees are also far less likely to lose their phone, which they own, and report the loss sooner and that reduces the risk of someone gaining access with a stolen phone.

Another key driver of smartphone access is that it offers a better end user experience. One of the primary complaints office workers have about access cards (45.4% of people surveyed) is that you always must carry it with you. Put another way, people are more likely to leave their card at their desk than their smartphone. Another common end user complaint is that they need to carry more than one card because their landlord’s access system doesn’t interoperate with their company’s system, or because they visit multiple office locations that use different access technology. Mobile access consolidates multiple cards into an electronic wallet that lives on the device so there’s no reason to fumble with multiple plastic cards again.

Because access cards live electronically on the device, it’s no longer necessary to physically deliver a card or badge to someone to give them access. That can have a big impact on the experience of visitors to the office. Previously, visitors have had to wait in line at the security desk in the lobby to sign in and receive a temporary badge or QR code to go upstairs. Now, hosts can send their visitors a temporary access card directly to their phone. When the visitor arrives, they simply tap their phone to access the turnstile and meet their host upstairs on their floor. These access cards expire after a specific amount of time and can provide only the access the visitor needs--say, to go from the curb to the 37th floor one time but nowhere else.

Finally, and this shouldn’t come as too much of a surprise, the encryption and tokenization capabilities of software running on the supercomputers people carry in their pockets trumps RFID cards. Many card formats can be easily cloned and others that are more secure are cost prohibitive, especially when you consider how frequently employees lose cards. Smartphone access technology makes it more challenging to execute a replay attack to gain access. And the technology opens novel new security options like biometric authentication using the facial recognition or fingerprint recognition technology on many smartphones today that can ensure the user holding the device is in fact the person who has access to the building.

Beyond the Door: Other Common Use Cases

Mobile access technology enables other use cases that aren’t possible with today’s keycards. One of the most exciting new applications of the technology is automated tailgating technology. It works by sensing the signal of authorized devices passing through secured doors, even if the user forgets to swipe their phone by the reader when following someone through the door. If the number of people passing through the door--as measured by an automated people counter--is higher than the number of signals, an alert can be triggered and sent to the security team to follow up using the company’s incident response process.

Mobile access also opens new possibilities that go beyond access control. Consider the potential to integrate this technology into your calendar system for booking meeting rooms. If no one shows up to a meeting on the calendar for 10 minutes, the system can automatically remove the hold on the room and open it up for someone else to book during that time. Or if the room isn’t booked and people jump inside for a quick meeting, it can sense their signals and automatically book the room, so others know it’s not available. This is just the start of many exciting new use cases that range from quickly accounting for workers during an emergency to providing real estate teams with occupancy analytics for making the most of office floor plans.

Keys to Making a Mobile Access Project Successful

Smartphone access technology has been around for several years and some organizations that were early adopters of the technology found it difficult to make it work for them. Early attempts at smartphone access proved unreliable in the field, which is a showstopper for a critical function like access.  Another issue with early attempts was that they sometimes required the customer to replace their control panels or access control software. That’s a deal breaker for many organizations due to the significant investments they have in these technologies, along with workflows they have built on top of them and integrations between these technologies and other systems. For example, controllers often interface with other building systems beyond electronic locks.

To make full use of smartphone access and its possibilities for smart building use cases, the technology must be able to integrate to other systems in an intelligent API-driven way. With a set of open and documented APIs, a customer or integrator can build any integration they want to other systems, whether other access technologies, conference room software, visitor management, emergency response software, or anything else the customer can imagine. Open APIs also ensure that the technology does not lock you into a proprietary ecosystem and is future proof for use cases or technology integrations you may not be able to foresee today.

Lastly, moving from physical key cards to electronic key cards is causing a radical shift in the economics of access control. Vendors charging customers per-credential pricing made some sense when credentials were tied to a physical key card. Now that user credentials are 100% software it’s possible to create thousands or millions of credentials in seconds and pricing models for access control need to adapt. What that means is that customers should be wary of paying for smartphone-based credentials and increasingly should favor pricing models that give them unlimited, free credentials so they can provide access to all their employees, contractors, and visitors without incurring any additional fees.

About the author: Kellen Duke is the Head of Deployments and Security with Proxy. Before Proxy, Kellen worked on the Global Security teams for both Uber and WeWork. Prior to his work in the private sector, Kellen managed security programs for Sandia National Laboratories and United States Investigative Services. Kellen is a certified Crisis Negotiator and CPR/First Aid instructor and has a degree from Saginaw Valley State University.