Regarding smartcards, customers should be informed about MIFARE, which is based on NXP semiconductor’s technology. MIFARE is available on all smartcards sold in North America, regardless of manufacturer, as it is the security standard. Specifiers have a choice of a MIFARE-protected card or not, however, for security, one should choose smartcards with MIFARE.
There are a series of MIFARE security levels. Manufacturers can provide a quick run-through so the right level of security is specified for customers. Typically, to minimize costs, security contractors will choose a relatively inexpensive smartcard and concentrate security efforts in the back office.
Additional encryption on the card, transaction counters, and other methods known in cryptography are then employed to make cloned cards useless or enable the back office to detect a fraudulent card and put it on a blacklist. It is important to remember systems working solely with online readers (i.e. devices with a permanent link to the back office) are easier to protect than systems with offline readers, since real-time checks are not possible and blacklists cannot be updated as frequently with offline systems.
Another precaution that can be taken involves the aforementioned security handshake between the smartcard and reader. This adaption works exactly the same with smartcard solutions as it does with proximity systems.
A card validation option can also be employed. In this enhancement, the cards and readers are programmed with a fraudulent data detection system. The reader will scan through the credential’s data in search of discrepancies in the encrypted data, which normally occurs during credential cloning. Such a validation feature is an additional layer of protection.
Conclusion
When designing secure spaces, the doors, hardware, and access control systems are paramount. However, this framework is only acceptable when steps are taken to prevent hacking. As an electronic security contractor, a concern is the security of customer’s contactless card access control systems as they are. When planning a new system, it is imperative all aspects of customers’ security and safety are examined.
Scott Lindley is a 25-year veteran of the contactless card access control provider industry. Since 2003, he has been president of Farpointe Data, a DORMA Group company, which has become a global partner for premium radio frequency identification (RFID) systems, including proximity, smart, and long-range solutions for access control professionals around the world. Lindley was previously director of RFID products at Keri Systems and sales manager, North America, for Motorola Indala. He can be contacted by e-mail at scottl@farpointedata.com.
