By Bob Eckel
Physical access control, as its name suggests, is the process of securing who, when, and what can or should enter a facility. Traditionally, physical access control has relied on fobs and keycards—electronic systems that control the ability of people or vehicles to enter a protected area by means of a preauthorized physical method at access control points.
However, fobs and keycards aren’t perfect, foolproof systems as they are not bound to an individual. They can easily be lost, stolen or borrowed, allowing access to individuals not associated with the credential. They can also be troublesome for time and attendance systems, particularly when people use them for time card fraud (similar to the former practice of “buddy punching.)” In this instance, employees would ask a colleague to punch their machine-stamped card for them if they were running late. More recently, employees may ask a friend to run their keycard for them, in order to give their employer the impression that they were working when they actually were not.
These challenges can be readily overcome with the use of biometrics—the measurement and use of certain physiological characteristics like face, voice, and fingerprints. Using biometric authentication can get an organization to the next level of physical access control and workforce management by answering the question: is this really the authorized person? Here are some key questions for facilities to consider when evaluating if biometrics are right for their organizations:
Will using biometrics provide you with greater operational efficiency? An excellent example is high-security buildings that will no longer need a security guard 24/7 to ensure the identity of a person entering a building. This can be highly effective during off hours, but still provides the flexibility to add staff if you are worried about high traffic times. The opportunity to save money in this instance can be substantial.
Is it fundamental to your employee experience? Companies need to think about their employees, who want safety, convenience, and peace of mind above all else. According to one study, almost 70% of employees do not feel completely safe working in their employer’s buildings. It is vital to improve employees’ sense of safety by making sure that only authorized individuals are present, and that you can also do this with minimal additional friction. Biometrics can ensure that stolen fobs and keycards cannot be used by malicious individuals to fraudulently access buildings.
Is it necessary for compliance? In the government sector, many small and mid-sized defense contractors are taking note of the ever-growing security requirements being handed down by the Department of Defense. With new compliance regulations emerging in response to China, Russia, and other threats, some federal contractors may no longer be eligible to receive a government contract if they don’t have a beefed-up, fully modernized security system in place. Additionally, it can also provide compliance for areas that have limited need-to-know access.
Will it prevent fraud that you can no longer afford? As we noted with “buddy punching,” unworked time that employees may be getting paid for can quickly add up. Consider the case of paid overtime, when employees often get paid time and a half. For all the great work your employees do, the opportunity for time clock fraud still exists and employers need to stay one step ahead of any potential deception.
Biometrics are certainly a viable solution in any of these scenarios. It used to be that only large companies could offer biometrics because they were expensive and time-consuming to implement, often requiring an overhaul of existing infrastructures. Today, however, this is changing as biometric capabilities are now available in a cloud-based SaaS model, also known as Biometrics-as-a-Service (BaaS). Any size organization can now use biometrics as part of their physical access control offering—whether it’s a small organization securing a single door, office or closet, or a global enterprise with multiple buildings.
What You Need to Know
There are multiple factors facility executives need to consider when incorporating biometrics in facilities to create an ultra-modern physical access control system that perfectly balances security and experience:
First, and perhaps the best news, is that in many cases organizations don’t have to add new infrastructure (like cameras or readers) or replace existing infrastructure; they can leverage the equipment they already have along with the bring-your-own-device (BYOD) trend. Biometrics combined with BYOD automatically offers the superior security levels associated with multi-factor authentication (MFA), which is when an authentication process requires multiple factors—something a person has, something he or she knows (like a password) and/or something he or she is. In this case, something a person has (their device) is being combined with something he or she is (face, voice, or fingerprint), so biometrics with BYOD that is bound or associated with the individual can replace fobs and keycards entirely.
Second, with biometrics, organizations can determine and set access requirements based on risk assessment. The higher the risk and the more security that is required, the more stringent and thorough the authentication measures need to be. Step Up authentication options include face; voice; face and voice; face then voice; face, voice, and PIN as some options. These options, along with the current access control system, your device, as well as geolocation (geolocation can ensure someone attempting to open a door is actually present at the door or facility, so doors can’t be opened from afar) offer built-in multi-factor authentication so you control the security and friction.
Third, cloud-based biometrics can be paired with cloud-based physical access control systems for maximum benefit. One of the reasons that cloud-based physical access control systems are gaining in popularity is that they enable organizations to remotely control and manage doors and gates and access via an internet-connected device. In other words, administrators can remotely determine who can (and can’t) open doors into and throughout a building within their existing system linked and associated directly with the individual and their access device (BYOD). Also, in both the case of cloud-based physical access control and cloud-based biometrics, systems automatically get updated—there is no need for any intervention or ongoing extra maintenance. Together, these systems can deliver an all-in-one SaaS-based solution for the utmost convenience, easy maintenance, and affordability.
Finally, in our privacy-focused age, biometric functionality can be set up to maintain anonymity. More specifically, systems can be set up so they know an individual is authorized to enter a building or restricted area without knowing the person’s identity, focusing on authorized access business or compliance rules. There’s no “big brother” here— either the person in question (recognized through their biometric) is authorized to enter the space, or not. When offering biometrics, it’s important to note that employees are informed and it’s clear of the onboarding and opt-in process. When properly implemented and understood, convenience along with security will likely be improved with biometrics.
Physical access control systems as a concept are not new, but they’re becoming especially important as workers return to the office. It’s an ideal time for organizations to take security into their own hands and evaluate if fobs and keycards are still sufficient. If not, the good news is that new market advances are available that can leverage existing infrastructure investments while taking security to the next level through modern approaches such as biometrics.
Eckel has been Chief Executive Officer and President of Aware since September 2019. Mr. Eckel also serves on the board of directors for the International Biometrics + Identity Association (IBIA), and as a strategic advisory board member of Evolv Technology. Over his distinguished career, he has held many positions of note within the biometric and identity space.