Updating Obsolete Card Technologies

The need to replace cards and readers that are based on outdated technologies is becoming increasingly apparent. There are several reasons for this, the simplest being that credible manufacturers are offering these technologies only in hybrid form, combined with modern technologies. By doing so, the maintenance of outdated systems got harder and more expensive.

However, there is one stronger reason for the substitution, especially in the access control field: the lack of security of outdated technologies due to the increasing ease of copying such cards. If we are to expect any security from identification cards, copying them should not be easy nor cheap. Otherwise, we may expect copies of the cards to enter the circulation sooner or later.

Once the card is copied, the system can no longer tell it from the original. The system does not differentiate between transactions made by a copied card and transactions made by the original card. This means that for no transaction log in the system, for any recorded access, we can no longer tell whether it is authentic. Similarly, when clocking time, we can not know whether the clocking was done with an original or a copy. Such vulnerability compromises both the security of the access control and the integrity of the time & attendance records.

Which card technology is the most secure?

This is not an easy question. Anyway, when it comes to security, absolute claims are best avoided. Although manufacturers sometimes like to claim that some technology is »bulletproof«, this claim typically has a short life span. Then this technology becomes »hard to break« and with time easier and easier to break. This is due to the development of the digital security itself.

The solution is to replace the cards, but unfortunately this usually means replacing the readers also. Replacing all cards and readers can be a complex and costly affair. However, with the right mix of technologies, equipment and procedures this transition can be gradual and cost-effective. There are two types of solutions available:

1. HYBRID CARDS

The hybrid card combines two technologies, the old and the new one. In every other aspect this is a standard plastic card or a tag. It allows us to register with the old technology on some readers, and with the new technology on other readers. This gives us the possibility of gradually upgrading the system. For example, first replacing the old cards with hybrid cards, and then replacing readers.

2. HYBRID READERS

Similarly as a hybrid card, a hybrid reader too combines the two technologies, old and new. It allows us to read both old and new cards. This enables us to first gradually change readers with hybrids, and then update the cards.

Which of these two tactics to follow depends on each particular case. Contacting an access control expert should help to avoid unnecessary costs and disruptions.

When is a card outdated?

For a card or card technology, we can say with certainty that it is obsolete when the cost or complexity of copying (or hacking) is comparable to or even lower than the cost of copying a regular cylinder key. With modern technologies, the complexity and cost of copying is considerably higher – to the extent that copying cards in most cases simply does not pay off.

Time is of course a good indicator of obsolescence too. We can be sure that the older the technology is, the less safe it is. Note that this is not about how old the cards are, but about how old the embedded technology is. Cards can be found on the market long after they are outdated, typically produced by opportunistic, less credible, ‘no name’ manufacturers.

The migration awaits each card user sooner or later. For it to be as painless as possible, please keep your migration in mind and wait for the right opportunity. Just make sure you migrate before card copying becomes a serious risk.

March 14, 2019

OSDP Readers – Pros & Cons Spica’s Time&Space certified with SAP® ERP (Business Suite Integration)

Recent Posts