The Growing Mobile Revolution in Access Control

July 11, 2022
Mobile credentials are slowly but surely becoming the next technology disrupter in access control

This article originally appeared in Access Control Trends & Technology, an annual bonus publication to Security Business magazine and Security Technology Executive magazine.

In an increasingly technology-dependent society, individuals are looking to leverage their smartphones as much as possible, and mobile credentials can be helpful for both operational and security purposes. Mobile credentials can offer numerous advantages over traditional keys, cards or badges, and can often serve as a more secure and convenient alternative.

With COVID-19 still generating uncertainty in businesses reopening, and employees returning to the office, mobile credentials are a touchless, cost-effective, and convenient option for organizations looking to streamline their security while saving costs on hardware. However, it's important to note that COVID-19 is not the only reason so many eyes are fixated on this emerging trend in access control.

More people are using their smartphones now more than ever to open doors. And 2022 is likely to be a significant year for mobile credentials, whose market size and deployment are expected to reach entirely new heights. According to Gartner, Inc., by 2022, 70% of organizations adopting biometric authentication for access in the workforce will execute it via smartphone apps, regardless of the endpoint device being utilized. Considering this figure was fewer than 5% in 2018, you can see how drastically things are changing.

In access control and identity management, individuals receive authentication from three varied factors, what they carry with them (keys, cards, and badges), their knowledge (pins or passwords), and what makes you, you (biometrics). In terms of the "what you carry with you" factor, smart readers, keys, and badges have been in use for a lengthy amount of time, whereby the user either taps their key, card, or badge on the reader or brings the card close to it.

However, mobile credentials, or the user's credentials stored in the user's smartphone, which can interact with the smart reader, have become a prevalent concept and are increasingly being deployed in numerous end-user organizations such as businesses, college campuses, hotels, and healthcare facilities.

What are some of the driving forces behind the adoption of mobile credentials?

Convenience

Can you remember the last time you left for work without your cell phone? With how dependent everyone is on their devices, there's a pretty slim chance it will be forgotten at home. Unlike an additional key card or badge, utilizing mobile credentials means one less item that a student, staff, or employee needs to bring with them each day. Smartphones also allow for a much simpler process in assigning credentials. Typically, when generating credentials in an organizational setting, whether, through keys, badges, or cards, each option requires workers or students to be physically present in an office to receive their credentials. This is not the case; users don't need to be physically present or even in the same building to have credentials assigned.

Additionally, as mobile devices have multi-factor authentication, like fingerprints, passwords, and facial recognition built-in, there is an added layer of security without the need for new hardware. Smartphones also incorporate location services, alleviating the need to scan a physical badge and allowing proximity servers to identify when an individual is near the door they have access to.

Security and Identity Protection

Because smartphones have become so intertwined with daily life, most individuals tend to notice if their phone is no longer within reach within just a few minutes. This fact is ideal for maintaining secure premises. Physical badges, keys, or ID cards that sit in a purse or pocket all day without a second thought could take hours or even days for that individual to realize it's lost.

This gap in time creates an opportunity for someone to enter a building improperly, and when accessed, the system wouldn't recognize that the individual is not who they say they are. However, mobile access control creates a different timeline of events. When individuals notice their phone is missing, they can report it, and the credential can immediately be revoked to prevent a security event. It's also important to note that the mobile credential is not accessible until the access control app is launched, meaning the digital badge will not be on display for the imposter to use.

In addition to quick response times and the remote revoking of credentials, smartphones typically store identifying information behind password-protected screens. For example, if an individual's ID badge, card, or the key gets lost, anyone who picks it up will know what that individual looks like, where they are located, and where they work or attend school. Suppose password protection is vital to your organization's needs; in addition to the first layer of password protection, you can require an additional password to access the credentials app on the smartphone as a preventative security measure.

Cost

Mobile credentials can significantly reduce the expenses associated with physical badges, keys, or cards by eliminating the process of rekeying or key duplication. Not only can this be a sizable saving for larger organizations like hotels or college campuses that must replace keys regularly, but it serves as a flexible, sustainable, and scalable solution for many institutions. A mobile credential also won't end up in a landfill at the end of its life, meaning it's a greener option as well.

In addition to being more convenient and cost-effective to the organization, mobile credentials are a genuinely suitable option for end-users. Much like cards, keys, or other physical access control forms can be tied into any closed-loop payment system (commonly found at healthcare, hotels, and campus environments), mobile credentials can be as well. This feature serves as a convenient solution for users who want to combine their access control with multiple functions such as dining payments, library privileges, or room charges.

Sustained or Temporary Access

Mobile credentials can serve as a long-term solution for an individual or as a quick and convenient option for contractors, visitors, guests, and anyone who would need temporary access inside an organization. As long as the visitors have the app-enabled on their smartphone, the proper administrators can digitally issue keys before their arrival and revoke them just as quickly.

Potential Mobile Credential Barriers

Similar to contactless payment via debit cards and phones, mobile credentials are still an emerging technology that is continuing to be evaluated by early adopters. While it can serve as an incredibly convenient and scalable solution for an organization, it's important to consider the percentage of the organization's population that uses smartphones and ensure that they are Near Field Communication (NFC) enabled. As a side note, if this is a concern, there are the options of refitting older models with a special NFC phone case to bring them up to standards.

Before completely adopting mobile credentials as the new form of access control, it might be beneficial to test the solutions with a target group to study the results first. However, if most of the population already uses smartphones, adopting mobile credentials would be ideal for pooling all-access credentials into one simple application.

Access Control of the Future

Mobile credentials are slowly but surely becoming the next revolution in access control. Whether your organization is looking to switch immediately or in the near future, it's vital to keep a watchful eye on your security infrastructure now.

If your organization is currently overhauling its access control system, and even if mobile access isn't entirely on your radar at the moment, select options that will allow you to migrate to mobile and NFC-enabled devices in the future. Selecting an open and flexible system will ensure smooth adaptation for smart devices for future use.

Also, it's essential to search for smart readers that can identify several types of credentials. Using an open-architecture solution that verifies multiple sources of contactless credentials and encryption is vital if biometrics are necessary to your organization. With all of this being said, the question that begs to ask is whether or not mobile credentials will replace all physical keys and cards?

The answer depends on the specific organization's budget, comfort level, and population of employees, staff, or students that carry smartphones. In conclusion, if your organization is searching for a new access control solution or is on the fence about mobile credentials, make sure to search for manufacturers who offer scalable, flexible, and open-architecture solutions that can support mobile credentials. This proactive step will create a future-proof security solution that will serve your organization for many years to come.

About the author: Jeff Bransfield has been with RS2 Technologies, an ACRE brand, for more than eight years, currently serving as Vice President of Business Development. Jeff has been instrumental in elevating the RS2 brand to a leader in providing smart access control solutions, with double-digit sale percentage increases every year since 2009. After his first experience with the security industry working with DH Pace Systems Integration, he spent a year doing outside sales with Anixter, which helped him close the loop on the networking aspect of the industry.