Avatar photo

Author Bio ▼

With over 15 years of experience in the security and smart card industries, Radstaak has a wealth of strategic sales and business development experience and has a long-standing career in the security and smart card industries.
April 9, 2013

Sign up to free email newsletters

Download

Whitepaper: Enhancing security, resilience and efficiency across a range of industries

How to Choose the Best Access Card Reader

From HID Global’s perspective, the fundamental best-practices concept is that an effective security system uses a layered and versatile approach to security.

At the same time, organisations must be able to future-proof their access control infrastructures, using products based on open standards and interoperability, while meeting the growing demand to protect the privacy of user data.

In this blog, I get down to the nuts and bolts of best-practice access control and begin by looking at how to choose the best access card reader for your organisation.

With a wide variety of reader technologies available in the market, it is important to make sure that the correct technology is chosen to match the desired level of access control security.

Using a good/better/best grading system will help make the correct choice easier. Recognising that there are many legacy card technologies still in use, considering these best-practices will raise the level of security of an installation regardless of the card technology employed.

Tamper detection functionality

First and foremost, buy readers with a tamper detect mechanism that provides a signal when the reader has been removed from the wall.

Almost every panel manufacturer provides the ability to monitor this alarm signal and report when a reader is tampered with. If the panel supports ‘supervision’, another method that can be used by installers is to include an additional pair of wires that are connected together through a resistor at the reader. This loop can be monitored by the panel using the supervision technique that can detect when the wires are cut, shortened, or other changes in the electrical characteristics of the wires are made.

Immediately investigate tamper alarms, even if they are momentary and return to normal.

You might detect the perpetrator in action or find that a foreign device has been installed in an attempt to monitor and/or modify the communications between a reader and the upstream device. If the reader is controlling a sensitive location, such as a perimeter door, have it and the door monitored by CCTV.

Some access control systems can automatically switch the viewing monitor to the door with the tamper alarm, as well as tag the video history log with the event for later review. And, if you are using your own company-specific cryptographic keys that are stored in a reader, realise that a reader that has been removed from the wall might have had the cryptographic keys extracted from it, which compromises the entire security of your installation.

On a side note, if offered a choice, select readers that protect their master keys from being easily extracted.

Monitoring the reader heartbeat for the health of your organisation

Look for reader manufacturers that can send ‘health’ messages — also referred to as ‘heartbeat’ or ‘I am Alive’ messages — on a periodic basis to the upstream device.

This functionality can also be used to detect when the wires are cut and does not require any additional wires to get this protection. Monitoring health messages also provides additional benefits since they will detect reader malfunctions. It is better to know when a reader is not working before somebody complains — usually in the middle of the night when they can’t get in the door!

For converged physical and logical access control systems, geographic monitoring is available in many modern readers.

For example, if a person has just entered a door in London but is trying to log into his computer in Sheffield, there is obviously a problem.

Another benefit of converged systems is the ability to deny a person login rights to his computer if he hasn’t used his access card at a perimeter reader. This simple concept will get people to change their behaviour and not ‘tailgate’ when they are denied access during the computer login process.

Secure entry

This leads nicely into another important best-practice element: prevention using anti-passback measures.

Programming the access control host software to refuse granting access to a cardholder who is already inside the facility will prevent a duplicate card from entering the premises. However, it is important to note that this feature requires two readers at the door — an ‘in’ reader and an ‘out’ reader.

One additional benefit of using anti-passback is that it also prevents a user from using her card with others following through an open door — i.e., tailgating.

Paying close attention to the different levels of the security system will result in a robust and comprehensive access control system.

Subscribe to the IFSEC Insider weekly newsletters

Enjoy the latest fire and security news, updates and expert opinions sent straight to your inbox with IFSEC Insider's essential weekly newsletters. Subscribe today to make sure you're never left behind by the fast-evolving industry landscape.

Sign up now!

man reading a tablet, probably the IFSEC Global newsletter

Related Topics

Subscribe
Notify of
guest
8 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Rob Ratcliff
Rob Ratcliff
April 10, 2013 1:33 pm

Harm, thanks for this post. I really love the sound of geo-monitored access credentials, something only possible in a converged system. I’d be interested to see this in action, as I’ve certainly not yet. Or maybe that’s because I haven’t been a victim of access card theft yet!

batye
batye
April 12, 2013 1:37 am
Reply to  Rob Ratcliff

yes, some Co. already using it… and I trust we would see it more and more in the future….

Rob Ratcliff
Rob Ratcliff
April 12, 2013 10:11 am
Reply to  batye

There’s an element of ‘being watched’ to these geo-adaptive systems that I can imagine makes some people feel uncomfortable, but the benefits, when explained, are self-evident.

batye
batye
April 12, 2013 10:34 am
Reply to  Rob Ratcliff

it all depends what people want to hide… but from security point of view it a good solution, how I see it…

Tony Dobson
Tony Dobson
April 15, 2013 6:55 am
Reply to  batye

Integrating the CCTV system into alarms generated by your access and intruder system is essential as is a sensible way of monitoring and responding to these alarms. All this talk of PSIM and I’ve been using PC-based integrated access, intruder and CCTV systems for over 15 years!
I’ve used “timed” anti-passback before if doubling up readers is too costly, i.e. once used on a reader, a card won’t work on that reader again for a specific timeframe, not good if somebody is distracted after they have used the card but before they have entered!

Rob Ratcliff
Rob Ratcliff
April 16, 2013 10:02 am
Reply to  Tony Dobson

Yeah, I’ve definitely come a-cropper with timed anti-passback measures when swiping in, then dropping something and swiping in again once I’d picked it up! What’s the best time limit on this from your experience?

Tony Dobson
Tony Dobson
April 16, 2013 11:16 am
Reply to  Rob Ratcliff

10 minutes is usually enough to stop people passing their card back to somebody to use straight after them. Depends if you have any people who may be going in and out and back in again within the timescale you determine (10 mins) where 2 or 3 minutes may be enough. Goes back to the Operational Requirement of the customer/users, if you don’t get it right people will wedge the door to make sure they can get back in if the timed passback period is too long.

Rob Ratcliff
Rob Ratcliff
April 16, 2013 11:17 am
Reply to  Tony Dobson

…introducing an added fire hazard as well as security.