top of page

Evolving Access Control Systems

According to an ASIS study from 2023, nearly 93% of organizations have methods to control access to their physical and digital property. To secure offices, most use an access control system that is connected to their IT network. When an employee presents their credential, the technology reads and validates their identity, and then unlocks doors to allow them to enter areas that they have permission to access.


Over the past decades the type of credentialing companies use has become more and more sophisticated; moving from access cards or keypads to phone apps. Typically, credentials rely on something you have (e.g., access card or phone) and / or something you know (e.g., keypad pin or  phone password). And while these credentialing methods are scalable and offer greater security in certain instances such as terminations, there are vulnerabilities when keycards and key fobs are lost or stolen. Also, the radio frequency technology used in some credentials can be vulnerable to hacking and cloning.

Biometric credentials, which rely on something you are including unique physical, physiological, or behavioral characteristics; fingerprints, voice, facial images, eye iris, stride or gait, etc. While biometric credentials provide more security because they can’t be lost or hacked, they come with concerns about privacy violations that come from data misuse or breach.

Taking cues from the General Data Protection Regulation (GDPR) adopted throughout the E.U. and U.K., where biometrics are "special categories of personal data" and the law has strict requirements for user permission and data handling, companies have been restrained from using biometric credentials in their access control systems. Typically, in corporate settings, identifying data for access control systems is stored on company servers and privacy policies require express employee consent to use biometric data and extra strong security measures to protect it.

Emerging technologies are hitting the market that allow facial recognition to be used as a mobile credential. The sensitive information created from facial recognition will only ever be stored on an employee’s phone. When an employee’s face is scanned and they present their phone to the credential reader, a Bluetooth connection enables it to read the data and validate that the face it is seeing matches the stored biometric information on the phone. This advancement may open up wider application of biometric credentialing in access control systems for global companies.


bottom of page