Hot Topics

Facilities
Assignments and Billing
Summer Conferences
Technology

Supervision
Administrative Info
Crisis Intervention
Personal and Professional Development
Selection and Training
Housing Pro List Serve

Leadership Development and Advising
Programming

Ask the Experts
RD Blog: The Training Cafe
Fun in the Workplace

Students and Parents
Search Reslife.net

Sign up for the Reslife.Net Email Newsletter!
Follow Us On Twitter














An Overview of Card Access Systems

By Tony Cecere
Associate Dean of Students/Director of Housing
Shippensburg University

As we face the need for offering increased safety to our University Community there are various measures that we may take. One of the areas of safety that many campus communities have focused on during the past few years is Access Control. Access Control may be the restricting of keys to a location, using a push button combination lock, or electronic access devices. As we review access to an area, we must think about the application being used. Keys are low cost, but when a key is lost, does the core get changed and new keys re-issued? The combination to a combination lock can be used without authorization. Electronic devices are more costly but can provide some increased safety in several ways.

Things to consider before selecting an access control system

The first step before selecting an access control system is to survey the needs of the campus for limiting access. It is important to consider various application devices needed for different types of locations and services.

  • Do you wish the individual to have free access going and coming?
  • Do you wish to restrict access but not exiting, such as at a side exit door?
  • Do you wish to restrict entering and exiting, such as at a service door?
  • Review the usage of the location and determine if this is a low or heavy traffic location.
  • Examine the door hardware to determine what type of device would be best in the location.
  • Are there any state or local regulations regarding restricting access at these locations, such as fire doors, panic hardware, stairwells, etc.?
  • Because cost can vary greatly from a simple lock to an electronic device, is the cost of the application a factor?
  • Who will respond to individuals denied access or services?
  • Is feedback, positive or negative, from the individuals using the location a factor in continuing use of an access control system?
  • How will individuals outside the location community, such as Administration, parents, safety officers, delivery personnel, etc. be affected?
  • Who will manage and maintain the system?
  • Is there a long-term budget commitment to the project?

When doing the survey of an area it is important to take into account all those who may be impacted. There may be individuals who do not use this location, but are impacted through management of the system, maintenance, budget, etc.

Electronic Devices

The use of an electronic access device has been around for many years. Most campuses have used this system for access to campus dining services. Installing electronic access control in areas to restrict access to locations, such as residence hall doors, is another application. Devices can be used for laundry, vending, campus elections, employee’s time clock, lab and facility use, and transportation.

You will need to consider the physical elements of the location when reviewing a facility for which type of access control system to implement. Can the door support the device? Would it have to be replaced? Are there door alarms if the door is opened without authorization or left ajar? Is there power available to support a device? What type of battery backup is in place in case of power outages? What doors are to remain secure during power loss (inside rooms such as resource, computer rooms)? Do exit doors open automatically but have the key lock in place with panic hardware for safety? Is there fire alarm integration to the system?

The devices, usually called a reader, can be installed either on-line or off-line in most locations. On-line readers are connected directly to a controller, which communicates to a software program on a computer via wire, by a modem, or fiber. Off-line readers store information at the site in the reader and operate independently. Many campuses use their institution’s ID card as the item being read by the reader for access. There are several types of readers that can be used to read various forms of ID cards.

ID cards:

The type of ID card being used on the campus is an important item in determining which devices can be used in various locations. The types of card on your campus will most likely either be magnetic, proximity, smart cards, or a combination.

The Magnetic Card has magnetic areas behind the face of the card that allow data to be stored in magnetic fields. There will be a large dark stripe, which has three tracks in the stripe. Each track can hold specific data to be read depending on the application. Most on-line magnetic access systems use Track 2 for storage of information. Some off-line systems use this track. (On-line and off-line will be further defined later in this article.) Several other off-line systems use track 3 to store their data for their readers. Sometimes a campus will have two magnetic stripes on the back of one card. One may be used for the campus and the other for a banking application. The Track 2 card usually conforms to a standard called ABS (American Banking Standard). This allows companies to know the standard data format of the card for their applications. This is important if the card is going to be used in a financial transaction.

A thin line stripe on the back of the card is called the Junk Stripe, which allows information to be placed on it for an off-line application. This area is used often for value-added applications such as off-line copiers, laundry, or vending.

One can add value to this junk stripe or magnetic stripe by different means depending on the
card system being used. A value added machine can do this by imputing currency ($1, $5, $10) into the machine and the machine updates that value on the card. Funds placed on a junk stripe are only stored on the card. If you lose the card, damage the card, or de-magnetize the junk stripe you most likely will lose the value stored in this area since it’s an off-line system. On-line systems will place the funds in a database stored in a computer. The on-line reader communicates with the computer regarding transactions or balances. Therefore, if the card is lost, damaged or de-magnetized the funds can be replaced since the information is stored off the card.

Proximity cards operate on a small frequency that can be heard by the reader. The card does not have direct contact with the reader to operate the reader. This application provides increased ease to those who have physical challenges. The card is not as flexible and is more costly than the magnetic card.

The Smart (chip) card is technology that can store data on the programmable chip. The card can be used to store an individual’s health history, banking, access control, credit card, and value $ at one time. This card presently is not being widely used by institutions or industry. It is rapidly being considered as the possible card of the future. The credit card companies are working with financial institutions to promote this card as the card of choice. They feel it will save millions of dollars by decreasing fraud. The cost of this card is higher in comparison to other cards. As the card is accepted in more applications and with advancements in technology reducing the cost of manufacturing this chip card, it may be the future campus ID card.

On-Line Access Control Systems:

As stated earlier, on-line systems communicate to a host computer via a modem or fiber, which allows direct information to be received by the reading device.

Some of the advantages to this system are:

  • Instant communication
  • Direct updates (lost card, authorization of access quickly)
  • Usually greater number of users & schedules
  • Remote opening or locking a location which has an electronic lock
  • Review of the status of the system by making sure all is operating properly
  • Remote software updates and diagnostics
  • Multiple administrative users having direct access
    (Dining, Housing, System Administrator, Safety/security office)
  • Share database and updates
  • Remote notification – Alarm to police, residence life staff, vending firms, etc.

Some Disadvantages are:

  • COST (wiring, hardware, installation, software, and maintenance)
  • If communication from the host to the reader is lost, the reader may not operate properly.

On-line systems can support their own system’s off-line readers. These readers may be used in various locations such on a bus or at remote sporting events where wiring is not available. These readers are programmed on-line, and then used off-line at the site. Later the reader’s data can be down loaded to the computer for storage (number of riders, attendance at event, etc).

An on-line system can have notification and alerts applied to the location or to a user.

Examples:

  • Notify vendor of a vending machine inventory to get it re-stocked quicker.
  • Notify a copier company that the copier needs service.
  • Notify someone if a lost/stolen card is being used and where.
  • Notify someone that a door is open (forced or ajar) when there is restricted access.
  • Notify necessary office if there is problem with the reader, controller off-line.
  • Notify user of an emergency if the reader has an LED display.
  • Notify user he/she is the winner of a contest being the xxth customer that day if the reader has an LED display.

The on-line system usually offers more types of applications due to the size of the computer and software. This may be a greater number of users in the database, increased number of scheduling applications, more criteria to select for query options, etc. The daily data from the total system is easier to backup with direct access to all locations.

Off-line Access Control System:

The Off-line Access system offers access in an independent fashion.

Some of the advantages of the off-line system are:

  • The cost is usually less expensive to install than on-line systems because it does not require the purchase of larger computers, modems, phone lines, etc.
  • Installation is easier because you do not have to wire to/from locations.
  • An ID card or a portable computer can update stored information in the reader.
  • The reader operates independently and is not affected by a communication problem or host computer problem.

Some disadvantages are:

  • Do not have direct communication with the reader from your host site.
  • To change some data, you must physically go to the reader.
  • If several different off-line software applications are used, you are not sharing the database with other off-line users and run the risk of encoding your system's information over information already used by others on the same track, thus erasing that encoded information.
    (EX: Housing updating an off-line user’s card for residence hall room access process vs. another department updating the same track for their access process.)
  • You do not know the lost card number has been changed by another department using a card encoder since databases are not directly shared.
  • Usually off-line readers have a limited number of users & timetables available to each site.

In order to set-up an off-line reader it has to be plugged into a computer to download the information. Updating the reader is done by re-connecting a computer (i.e. laptop or palmtop) or by inserting a control ID card that permits the administrator to enter changes on a keypad. Some off-line readers have the ability to recognize when a patron has a new ID card and will automatically update the lost card counter at the reader. The lost card indicator is usually the last two digits attached to the end of the individual’s ID number. This allows the reader to cancel the old lost card indicator and use the new one, denying access to the old card. Therefore, the reader is updated from the user rather than the administrator going out with a computer to do the update.

Some off-line systems now use Track 3 for communication on the magnetic stripe. This would mean that there has to be a separate process and database to maintain this track. Thus, if you have the ID card number and lost card indicator being maintained by an ID office on Track 2, the user has to have Track 3 data updated as well.

The off-line reader is a way to provide controlled access in areas at very low cost. Possible applications for this reader may be a door to the resource room or a chemical supply closet in an academic building. This can be done for less than $400 to have an increased control of access to the area. These systems can control access, determine when one has access (date/time) and provide a list of individuals gaining access with some restrictions of memory. This type of reader is also one to be considered in residence hall rooms. The cost needs to be considered compared to re-coring locks, cutting keys, and security risks with keys.

The off-line system does have its limits in the number of users it can store and the number of possible program schedules it offers for access.

Implementing Access Systems: Reviewing policies and procedures that affect access

After you work through the physical aspects of access control, you should also review policies and procedures that affect access. As you work with the system administrator, review your vision regarding access to particular areas. Try to reduce access to those who need access only. If possible, avoid large general access groups such as physical plant with 24-hour access. Be as specific as the system will allow. Break the groups down to areas such as housekeeping, trades, mail clerk, vendors, residents, desk staff, RAs, etc. This will allow you to control access for the group to a specific area. You can assign the group a schedule (time & date) for access without giving others access.

The schedule is the day and time you wish to authorize access. (Example: Residents would have 24-hour access, but housekeeping would need only 7am to 4pm.) Each schedule number should be established for either people or doors. Avoid using the same schedule number for both people and doors, even though they may have the same information (day & time). If the schedule numbers are the same for two groups or locations, you may intend to adjust one and not realize that the other is affected. (Example: 24 hour / 7 access can be used on Schedule A-1 for residents, on Schedule A-2 for residence life staff, and on Schedule A-3 exit doors are locked. If you use different schedule numbers, changing the access on A-1 would not affect A-3.)

System Administration

A system administrator oversees the daily operation of your system. This individual may be in your area or in another department. It is important to have some understanding about the level of access to the system each department has. The system administrator may control the total database or your department may be responsible for access control that affects its individual department.

Closing Thoughts

At times access devices provide a false impression of safety. This safety is lost when we hold a door open to a restricted area for someone (i.e. delivery person). When we fail to make sure that the door is secure after entering the area, security is also decreased. Educating individuals about safety is the main focus a community should provide. Our community members’ behavior should be second nature in regard to personal safety for the well being of others. Having safety as part of orientation for new members of the community (employees or students) is the first step. Providing individuals the information regarding safety and who to contact for assistance is another important step. There are many resources we have on our campuses that are willing to assist in this topic: Police, Safety/Fire Officers, Crisis centers, residence life staff, etc.

Reviewing the campus environment in regard to access control is something that should be done on a regular basis. Issuing keys to individuals, retaining extra keys in offices, authorizing the use of a master key are areas that need to be evaluated annually.

The Future

The future of access control is advancing with technology beyond our current visions. What we watched on the TV cartoon "The Jetson" is becoming reality each day. The readers that can read biological characteristic such as your eye, fingerprint or handprint are providing advanced security to communities. Those using the key or ID card would be limited. These applications are presently in place in academic, government, and private sectors.

About the Author

Tony Cecere is the Associate Dean of Students/Director of Housing at Shippensburg University. He has a B.S. from Findlay College and a M.S. from Ball State University. Tony has worked in Student Life for 27 years, and has been at Shippensburg University since 1974. Tony is a member of ACUHO-I, MACUHO, ACUTA (Association of College Univ. Telecommunication Administrator), and NACCU (National Association of Campus Card Users). While at Shippensburg he has worked as the Project Manager for the University’s PBX Phone system, System Administrator of Campus Television systems, and System Administrator for the ICAM System (Diebold’s - Integrated Campus Access Management).

Personally Tony is involved with the Lions Club, where he is a past President and a Melvin Jones Fellow, and has spent 15 years as a PIAA Swimming official. He served for 10 years on the Shippensburg Big Brother & Sisters Executive Board, and is a member of Our Lady Visitation Church & Parish Council Tony is married with two adult children.