How to Choose the Best Access Card Reader

From HID Global’s perspective, the fundamental best-practices concept is that an effective security system uses a layered and versatile approach to security.

At the same time, organisations must be able to future-proof their access control infrastructures, using products based on open standards and interoperability, while meeting the growing demand to protect the privacy of user data.

In this blog, I get down to the nuts and bolts of best-practice access control and begin by looking at how to choose the best access card reader for your organisation.

With a wide variety of reader technologies available in the market, it is important to make sure that the correct technology is chosen to match the desired level of access control security.

Using a good/better/best grading system will help make the correct choice easier. Recognising that there are many legacy card technologies still in use, considering these best-practices will raise the level of security of an installation regardless of the card technology employed.

Tamper detection functionality

First and foremost, buy readers with a tamper detect mechanism that provides a signal when the reader has been removed from the wall.

Almost every panel manufacturer provides the ability to monitor this alarm signal and report when a reader is tampered with. If the panel supports ‘supervision’, another method that can be used by installers is to include an additional pair of wires that are connected together through a resistor at the reader. This loop can be monitored by the panel using the supervision technique that can detect when the wires are cut, shortened, or other changes in the electrical characteristics of the wires are made.

Immediately investigate tamper alarms, even if they are momentary and return to normal.

You might detect the perpetrator in action or find that a foreign device has been installed in an attempt to monitor and/or modify the communications between a reader and the upstream device. If the reader is controlling a sensitive location, such as a perimeter door, have it and the door monitored by CCTV.

Some access control systems can automatically switch the viewing monitor to the door with the tamper alarm, as well as tag the video history log with the event for later review. And, if you are using your own company-specific cryptographic keys that are stored in a reader, realise that a reader that has been removed from the wall might have had the cryptographic keys extracted from it, which compromises the entire security of your installation.

On a side note, if offered a choice, select readers that protect their master keys from being easily extracted.

Monitoring the reader heartbeat for the health of your organisation

Look for reader manufacturers that can send ‘health’ messages — also referred to as ‘heartbeat’ or ‘I am Alive’ messages — on a periodic basis to the upstream device.

This functionality can also be used to detect when the wires are cut and does not require any additional wires to get this protection. Monitoring health messages also provides additional benefits since they will detect reader malfunctions. It is better to know when a reader is not working before somebody complains — usually in the middle of the night when they can’t get in the door!

For converged physical and logical access control systems, geographic monitoring is available in many modern readers.

For example, if a person has just entered a door in London but is trying to log into his computer in Sheffield, there is obviously a problem.

Another benefit of converged systems is the ability to deny a person login rights to his computer if he hasn’t used his access card at a perimeter reader. This simple concept will get people to change their behaviour and not ‘tailgate’ when they are denied access during the computer login process.

Secure entry

This leads nicely into another important best-practice element: prevention using anti-passback measures.

Programming the access control host software to refuse granting access to a cardholder who is already inside the facility will prevent a duplicate card from entering the premises. However, it is important to note that this feature requires two readers at the door — an ‘in’ reader and an ‘out’ reader.

One additional benefit of using anti-passback is that it also prevents a user from using her card with others following through an open door — i.e., tailgating.

Paying close attention to the different levels of the security system will result in a robust and comprehensive access control system.