The ultimate guide to choosing the right card technology for your business
Card technology has changed a lot over the past 25 years. Cards have been used to provide some sort of access to something and essentially make life easier for people.
The history of cards
There are currently 3 broad technologies on the market:
- Magnetic stripe technology
- Proximity cards (old technology)
- Smart cards (new technology).
Although there are a few differences between these types of cards, they all do the same thing. You present the card to the reader and access is either granted or denied - however, what happens behind the scenes is quite different.
Another key difference is the level of security that these cards hold. Understanding these differences is key to ensuring that your cards do not put your business at risk of theft.
We are here to help you choose the best card for your company based on all your needs.
Levels of security
Barcodes were invented in 1951 but were only commercially successful 20 years later when they were used to automate supermarket checkout systems. A task for which they have become universally renowned. They have become popular because of their fast solutions for businesses and relatively low costs.
How it works
Barcode technology involves a blank PVC card with a unique black barcode pattern printed on the surface. The barcode is translated into a series of codes of 1’s and 0’s.
The barcode is then scanned by a reader device that is hooked up to a computer system. Once the reader device scans the code, the code is recorded and linked to the computer that understands the code and records it. Granting access or denying it.
Barcodes are great for time and attendance:
The barcode technology is printed on an employee ID card. The barcode is scanned by the reader device that is hooked up to the computer system. The unique security access code or employee ID code is scanned and the employee is clocked in for work.
Unfortunately, nothing is so perfect, these barcodes can be copied and used fraudulently by others. Codes can easily be copied with a smartphone camera or a photocopier. Meaning that they can gain access to areas by simply waving the copied barcode at the reader.
If you use barcodes as your main source of access control it can be risky for your business. Therefore, these types of cards are mainly useful for low-risk access control needs.
These have recently been accepted into the world of access. They were developed in 1994 by Toyota to track automobile parts during the assembly process.
Once a QR code has been generated, it can be emailed or Whatsapped directly to the recipient (or cardholder) for them to display on their phone or print out if required.
This can then be presented to the QR code reader, which scans it and forwards the data to the access control system to confirm the access rights.
This quick process is great for businesses that need quick and secure access control.
The difference between QR codes and barcodes is the amount of information they can store. Barcodes can store about one hundred characters of data. QR codes can store several thousand which is more beneficial in the modern world.
QR codes are becoming available in the digital space very quickly. Meaning that they are becoming more secure.
The QR code is a static image, meaning that it cannot be changed once created.
However, this means that it is easy to replicate. Making it un-secure for high-level security demands from businesses.
A dynamic QR code is ideal. This is a QR code that is updated and changed even after being created and distributed. Allowing the code to change multiple times and preventing any criminals from copying it.
A dynamic QR code prevents anyone from taking a video, picture or printing it out because the code is constantly changing.
By combining the dynamic QR code with a multi-factor authentication solution, such as a PIN. It will further increase the security level of the QR code-based access control solution.
Allowing your business to have a cheaper solution and enhanced security control.
Transitioning from your businesses reader to QR code readers
This is a relatively simple process. For example. If you have a proximity card access control system. You can slowly start to change some of the readers and cards over to the dynamic QR access control system. This will be necessary for employees who need access to important rooms that need to be secure.
Those employees that do not need access to important rooms can stay on the proximity cards until you are ready to move them over to the dynamic QR code phase.
Eventually, you will have moved all your employees over to a more secure and cheaper solution.
The great thing about this is that you do not have to change everything all at once, you can have time to slowly change and save money.
Magnetic stripe cards
Created in the late 1960s, the magnetic stripe is the technology behind public transportation tickets, ID badges, driver’s licenses, credit and debit cards.
This standard black strip at the back of your PVC card contains three magnetic tracks that are used to store the card's data (users name, address, ID number). Just like the barcode.
The card is then presented to the reader by swiping or inserting it by the user. The cards data is then read by a magnetic head that captures all the necessary information. Allowing the user to gain access or not.
There are two types of magstripe cards
- Low coercivity (LoCo)
- High coercivity (HiCo)
The difference is how secure and durable they are.
HiCo is more secure and keeps data stored on the card for longer. They are extremely popular for credit/debit cards, access control, employee IDs and time & attendance.
Whereas LoCo cards are less secure and cannot store data for long. They are ideal for short-term uses and are perfect for gift cards, membership and loyalty cards, transport passes, hotel room keys, theme park passes, grocery club cards, and more.
The LoCo stripes have a brownish magstripe whereas HiCo stripes are black in colour.
Many corporates use mag stripe technology to make photo ID cards for door access, parking, cafeteria meals and attendance.
A common area that they are used in is where door access is restricted to only a few members. Preventing any unauthorized people from entering that office space etc.
This technology is inexpensive and available to all industries making it the most widely used card of its time.
This technology has a number of flaws including
You have to manually take out your card to swipe the reader. This wastes valuable time.
- Huge wear and tear
If the magnetic stripe becomes:
The card may not work. Making it expensive to keep on replacing and a pure inconvenience.
Magnetic stripe cards have been targets for fraud since their introduction.
Data thieves can use cloning devices that are capable of skimming and copying the data in the stripe. That information is used to create duplicate cards that can access the data stored on the user's card. Therefore, gaining access to their personal important information/accounts.
These cloning devices are easily accessible anywhere in the world, making them accessible to anyone.
In some businesses, people moved to a two-factor authentication model where employees would have to swipe their magstripe and enter a code. But that soon became easy to replicate as the code was easily memorised and the cards easily cloned.
The ease to replicate these cards has led to the development of new ways to permit access.
It was these disadvantages that led to the development of contactless proximity technology, allowing cards to be read without having to swipe or insert your card into the reader.
The prox card was created in 1977. Also known as a key card or contactless smart card. It can be held within proximity of the reader without inserting it into a device. Hence the name proximity card :).
Because they don't require a swipe, they can be left in a wallet or purse and still allow you to gain access from afar.
Prox cards use a low 125 kHz radio frequency code to transmit to a door access reader. When a proximity card comes within range of this frequency, the chip embedded within the card is powered up (like a battery) and the chip sends a unique card number back to the reader.
Once the card number is read and matches the code on the reader, access is granted.
Proximity cards can only be read up to a range of 50cm and cannot store or hold any more data than a magnetic stripe card.
Prox cards are commonly used as access control cards and are also used in security, identification, ticketing, toll, and other applications that require fast processing speeds.
There are two types of proximity cards
- Passive proximity cards
These have a limited range because of the small battery inserted in the chip. This means that the card needs to be held closer to the reader to be read. They have a reading range of around 10cm. Good enough for users to wave, present or swipe their cards in the general direction of the reader to get a successful read.
They are used for access control systems, library cards, contactless payment systems and public transport cards.
- Active proximity cards
These chips have powerful lithium batteries. Meaning that they can have a greater range up to 2m from the reader and still be read. These are perfect for tolls or security gates where the vehicle approaches the gate.
Embedded in both proximity cards is a metallic antenna coil that stores the cardholder’s data. Data is stored on a proximity card or a key tag.
The passive proximity cars have a shorter reading range, meaning that it can be difficult and frustrating to use your card.
- Low security
The important data on your card is not encrypted (an added extra layer of security). The data is always the same.
Meaning that almost anyone can hack a proximity card with a device easily bought online. This can be replicated and used to gain access where data thieves can collect your important information.
Contactless smart cards
These were first used as ticketing solutions in transportation in 1995. The Mifare cards were also introduced to solve the issues that the proximity cards had.
Ever since contactless smart cards have been increasingly popular for their speed and convenience.
They are mainly found in these sectors
- Education (universities and schools)
- Ticketing for public transport
These new cards use radio frequency identification technology (RFID). Meaning that these cards can wirelessly communicate with the reader at 13.56kHz frequency. Once the card reaches the reader on the same frequency, a secure connection is made with encryption.
These cards are more secure because of the higher frequency, encryption (extra layer of security) and technology embedded in them.
Whoa, that is a lot of information... Let us slow it down.
These are not too different to how proximity cards work. They just have an extra layer of security on them, making the connection more secure so that criminals can not copy your card.
Types of smart cards
- Mifare & DESfire
- iCLASS SEOS
Mifare and DESfire cards
Mifare and DESFire were introduced in 2002. Later on, HID created more secure and encrypted cards including the EV3 cards which were developed in 2008. They are popularly used in:
- Access control
- Public transport
- Corporate offices
Mifare DESfire is the newest and most secure card on the market. An additional layer of encryption is added on the card known as DES or AES encryption which reduces the risk of cloning or copying cards.
EV3 (evolution 3) is a combo card (Mifare and DESfire). Meaning that it is more secure and has a greater reading range.
It does come with a lower reading range meaning that you will have to tap your card on the reader before gaining access. Waving or swiping your card in the general direction will not give a successful read.
But if anything this is great for your business. It gives the cloners less range to read your card.
Transitioning from proximity cards to Mifare DESfire cards
Moving from your well-known proximity cards and readers may seem daunting - but it does not need to be. An upgrade can be performed either by using dual technology cards (both proximity and DESfire) or multi-technology readers (iCLASS readers) allowing you to transition to smart technology (mobile) at your own pace.
Dual cards have both high and low frequencies (proximity and DESfire), allowing your business to take time to change completely to a new reader for DESfire to take over.
Only people who need access to high-security rooms could upgrade their readers and cards to DESfire card technology. Your remaining staff can continue to use their old proximity cards until all the other readers are upgraded.
Of course, if you do not need your staff to access certain areas and just want them to stay on their current cards, you have no need to upgrade the readers and your cards.
This means that you do not need to replace all your cards and readers upfront, saving your business time and money. Allowing for a gradual replacement of your employee's cards.
Once all of your employees are eventually moved over to the DESfire cards, the old proximity cards can be disabled.
iCLASS SEOS cards
ICLASS cards were invented in 2002. They are ideal access control solutions for people who need high-level security in their businesses.
- Better security - data is encrypted onto these cards. Meaning that it is impossible to access the card's data without the encryption key which is an extra layer of security on the card.
- Rewritable technology - allowing you to store and write data multiple times on a single card.
- Storage - it has a good storage size of up to 8K -16K of memory. Much larger than the 125kHz cards.
The iCLASS SEOS is the newest on the market and has the strongest encryption available. Similar to the DESFire EV3, it has advanced security to prevent criminals from accessing the user's data.
Best of all the iCLASS SEOS reader can connect to any contactless device on the same frequency (13.56kHz) including smart cards, key fobs and mobile phones.
These cards are mainly used for
- Access control
- PC logon
- Biometric verification
- Time and attendance
- Cashless evening
- Public transportation
- Airline ticketing
- Customer loyalty
Transitioning from proximity cards to SEOS cards
SEOS has much higher security than any card on the market. We believe that changing over to this card will make it much easier for your company in the future if they decide to move onto mobile.
All you will need to do is slowly start moving from proximity cards to SEOS cards like stated above with DESfire.
If you already have proximity readers in place, we would suggest slowly changing them to iCLASS readers. Only those employees that require special access to important rooms will need to upgrade.
Not everyone needs to change over but it is advised as then you can connect to mobile devices in the future when the technology is there.
This also means that you would have saved yourself money. Instead of jumping straight into mobile access which would cost a lot of money to upgrade to, small upgrades can be made to the iCLASS readers. Something that does not break the bank.
This table may make it easier for you to know which card to choose for your unique business.
Type of card
Basic ID photo card with a barcode.
No information was stored. Blank PVC card with a printed barcode.
Barcode is secure but there is limited security to prevent copying.
Memory is less than 1k. A small amount of data is stored on the card.
Limited security, as they can be easily cloned. Better to have two types of security (e.g. magstripe & keypad).
Same amount as a magnetic stripe card.
Can be easily cloned. Better to have two security features (prox card and keypad).
Contactless smart card
4K-8K of memory. Meaning that a lot more can be stored on the card.
Can still be cloned but extra security features like encryption make it more secure. The Mifare DESfire combo card EV3 is the most secure on the market with the ICLASS SEOS also more secure.
Even though proximity cards (125kHz technology) are still used after nearly 3 decades, many companies are not aware of the risks that these low-security cards pose on their businesses.
These proximity cards are rather appealing because of their low prices but as a business owner, there are important decisions to make.
What is more important to you? The cost of access control or your security?
If you are looking for a higher level of security and better opportunities for the future of your company, DESfire and iCLASS SEOS are more suitable.
If you want an access control system that offers you serious protection, then Mifare DESfire and SEOS iCLASS should be on the top of your list. If you know that there is potential for growth in your business, it will be worth it to invest in a more flexible access system.
Alternatives like a more affordable dynamic QR code system is something you could consider. Providing just as much security as the more expensive solutions at a much more affordable price.
There are many factors that your business needs to consider before moving over to a more advanced card or reader system. But the decisions become much easier when you have a framework like this to work with.
If you have any more questions, you can always seek our professional advice. We have been in the access control industry for 30 years. We aim to make sure that our solutions best fit your businesses needs.
For more information please contact us.