Campus ID News
Card, mobile credential, payment and security
FEATURED
PARTNERS

VERNON HILLS, Ill., Nov. 20 /PRNewswire-FirstCall/ – Zebra Technologies Corporation (Nasdaq: ZBRA) today announced that it has acquired all of the outstanding stock of Atlantek, Inc. Located in Wakefield, RI, Atlantek is a designer and manufacturer of thermal digital printers. Atlantek had net sales of approximately $16 million for its most recent fiscal year, which ended June 30, 2003. Terms of the cash transaction were not disclosed.

Zebra stated that the acquisition provides products and technology to serve the growing area of digital photo printing, as well as retransfer and security card printers. Atlantek’s products include a high-speed thermal printer jointly developed with and marketed by Eastman Kodak as the Kodak ML500 Professional Photo Printer.

Zebra Technologies Corporation delivers innovative and reliable on-demand printing solutions for business improvement and security applications in about 100 countries around the world. More than 90% of Fortune 500 companies use Zebra(R)-brand printers. A broad range of applications benefit from Zebra- brand thermal bar code, “smart” label and receipt printers, and card printers, resulting in enhanced security, increased productivity, improved quality, lower costs, and better customer service. The company has sold more than three million printers, including RFID printer/encoders and wireless mobile solutions, and also offers software, connectivity solutions, and printing supplies. Information about Zebra Technologies can be found at http://www.zebra.com.

As you will see in the article “Urban legend phenomenon strikes our hotel keys,” a widespread warning regarding credit card numbers stored on hotel key cards is sweeping the Internet. While completely without merit, the situation highlights a very valid issue that impacts all members of the identification technology community.

To spread, an urban legend must capitalize on real fears existing in the population. Fears of physical harm foster the growth of urban legends such as the ‘headlight murderers’ or the ‘kidney bandits.’ Similarly, a fear of personal privacy invasion and identity theft is fostering legends such as the hotel key threat.

This myth is spreading quickly because of the very real fear of identity theft that has taken hold. People are leery of identification and credentialing technologies. Why? I believe there are a number of reasons.

Further, as new technologies are added to cards the individual is forced to trust the issuer to an even greater extent. In the early days, the cardholder could see the personal data printed on the card. Today, barcodes, mag stripes, and computer chips contain data that the cardholder cannot see or even read on his own. He must trust that the card issuer is looking out for his interests. Add the Orwellian implications of biometrics and data transmitted via radio waves and the suspicion multiplies.

So what can be done? What are the lessons of the new urban legends and the rising mistrust of ID systems? For campus card programs, the best defense may be a good offense. Be proactive in telling your constituents just what information is stored on their card. Promote your privacy policies and use federally-mandated privacy controls along with campus-initiated privacy policies to ease concerns. Don’t make the mistake of thinking that by saying nothing you are avoiding the concern. It is already rampant in the general population and college students are no exception.

Chris Corum, Editor, [email protected]

In the past weeks, an email warning has been circulating describing alleged identity thefts occurring from information stored on hotel key cards. The warning claims that personal information stored on room keys can, if discarded improperly, enable a criminal to access your credit card number and use it for unauthorized charges. This is absolutely not true and is merely an “urban legend” spread via well meaning members of the Internet community.

Likely, you have received some version of the message. In an informal poll of CR80News staff members and contributors, we found that nearly every one had received the message at least once–one person reporting more than 15 occurrences.

Campuses have expressed concern regarding this reported threat as well because the same or a variation of the hotel style door locking systems are widely used for securing dormitory rooms and other campus facilities around the country. Let’s get to the facts.

To learn just what information is stored on the hotel keys and in the key creation system, CR80News spoke with Henry Fell, Technical Services Manager for Persona, a leader in the manufacture of these offline electronic locking systems. “This email warning is absolutely untrue–for our system and every other manufacturer’s system that we are aware of,” stresses Mr. Fell. “We store a numeric data string that tells the lock whether to accept or deny entry for that card. It is not based on any personally identifiable data.”

When pressed to find if there is any truth, any ‘under the covers’ type of data that might have led to this concern, again Mr. Fell is firm. It seems that the only part of the warning that has any substance is that some manufacturers use the date of checkout as a component in the numeric string stored on the card. Say Mr. Fell, “it is sometimes used to create the numeric code that tells the lock when to stop accepting a given card.”

Obviously, an unknown person’s checkout date would hardly facilitate an identity theft. Further, in cases where the checkout date is used as a part of the code, it is only one part of the equation and the resultant code is encrypted. Says Mr. Fell, “every company encrypts the data string. There may be a date or even a lock number involved but it is never a free read.” Thus, if someone were to read the card in a magnetic stripe reader, they would see only a meaningless string of characters and symbols.

Flashing back to the basics of magnetic stripe technology, remember that the key to most bankcard, campus card, and other card systems is standardization. By agreeing on a standardized character set, different cards can be read in different systems. But in the case of offline door locking systems, the goal is not standardization but rather security. Manufacturers don’t want their cards to be read in different systems. So the use of the standardized schemes
for encoding data onto cards is not required–or even desired. When a card is read via a standard magnetic stripe reader, the resulting string of zeros and ones (bits) do not necessarily even form recognizable alphanumeric characters.

Obviously, there is no security breach or cause for concern. There is no personal information tied to the checkout date and thus no problems with the card. Speaking on behalf of the industry, Mr. Fell confirms that he knows not a single provider of these systems that stores name, bankcard, or other personally identifiable data on the card.

Calls to several other manufacturers of this technology echo Mr. Fell’s comments. It seems that this is simply a rumor. Like the long-standing myth that the electric properties contained in eelskin wallets can damage magnetic stripe cards, the ‘hotel key identity theft myth’ can be added to the list of ID technology urban legends.


Sample of the ‘urban legend’ email
* Note: this message is inaccurate and presented only for background purposes. **

Southern California law enforcement professionals assigned to detect new threats to personal security issues, recently discovered what type of information is embedded in the credit card type hotel room keys used through-out the industry.

Although room keys differ from hotel to hotel, a key obtained from (a hotel) that was being used for a regional Identity Theft Presentation was found to contain the following the information: Customer name; Home address; Hotel room number; Check in/out dates; Credit card number and expiration date.

When you turn them in to the front desk your personal information is there for any employee to access by simply scanning the card in the hotel scanner. An employee can take a hand full of cards home and using a scanning device, access the information onto a laptop computer and go shopping at your expense.

Simply put, hotels do not erase these cards until an employee issues the card to the next hotel guest. It is usually kept in a drawer at the front desk with YOUR INFORMATION ON IT!!!! The bottom line is, keep the cards or destroy them! NEVER leave them behind and NEVER turn them in to the front desk when you check out of a room. They will not charge you for the card.


Special thanks go to Henry Fell and Persona for their assistance in the compilation of this article. Persona provides offline access control to the educational, corporate, and other markets, based on the Vingcard hotel locking system. Mr. Fell can be reached via email at [email protected].

The University of Central Florida (UCF) in Orlando doesn’t have a fancy name for its smart card. “We just call it the UCF Card,” says the University’s Card Services Manager, Tammy Kidder.

No matter. It’s not the name that counts, it’s what it does. And for UCF students, it does a lot; and it’s about to do more.

UCF, located about 20 miles northeast of Walt Disney World, has had its smart card for five years. With about 45,000 cards in use, the smart card was originally installed by former campus card system vendor Cybermark. It is now supported by the university itself, with help from Smart Centric Technologies International Ltd. based in Dublin, Ireland, and Vision Database Systems, of Jupiter, Florida.

It has truly come into its own this year says Ms. Kidder. “It is taking off unbelievably around our campus. We’ve grown by leaps and bounds.” And now the university is poised for the next step. In beta testing now, Smart Centric’s web revalue product is almost ready for prime time.

Web revalue allows a parent to reload a student’s ID card using any web-enabled computer. By logging onto a specific UCF web site and typing in the student’s 16-digit ISO number and last name, funds can be added to student’s UCF smart card remotely. Using the web revalue product in tandem with UCF’s existing e-Pay system, explained Ms. Kidder, the parent can use a credit card to transfer money to the smart card. The student is then notified, via email, of the available funds. The student can then visit one of a series of on-campus kiosks to complete the pin-protected transaction.

“The product is even flexible enough that a parent or student with a smart card reader at home can do it (reload the card) from the desktop,” says Smart Centric’s CEO Kieran Timmins. Although at UCF we are interfacing with their e-Pay system, web revalue can interface with any credit card payment system.”

UCF’s smart card has three different purses: one for vending with a $100 limit and no PIN protection; a PIN-protected purse for tuition and book store payments, and another PIN-protected purse for retail and restaurant usage.

“We’re looking at making the card available to off-campus vendors. We’ve gotten a lot of requests from both students and merchants,” says Ms. Kidder.

Smart Centric’s Smartcity Acquirer software allows a college to manage a merchant network on their own. “It collects transactions from the vendor remotely,” said Mr. Timmins. “This was the key piece of the puzzle needed for off-campus merchant acceptance. We’ve been testing the off-campus software on campus for some time now and are confident in its performance.”

Another key application for the UCF Card is eligibility tracking to control access to events and facilities. Vision Database Systems provides a software package that captures and processes data from the smart card to enable students to gain access to all sporting programs including football, soccer, volleyball, and others. Once a student enters the sporting event, he or she cannot leave, then re-enter.

Explained Ms. Kidder: when the card is first processed at the gate, a red or green screen pops up on the screen. The green screen shows the student has paid his activity fee and should be admitted. A red screen indicates that the student is no longer enrolled or has not paid the activity fee. In either case, the student cannot enter. It also prevents the student from entering, then passing his/her card to another student outside the gate, a process referred to as ‘anti-passback.’

The university also developed a loyalty program to encourage use of the card. If it is used at any sporting event 15 times, the student’s name goes into a pool for a free trip to the Billboard Music Awards.

“The student government heard what we were doing and wanted us to collect data during homecoming for each student based on his fraternity. The fraternity with the most members attending homecoming events will win an award,” she said. “The card is being used like crazy now.”

The campus has certainly invested in the system to give it the opportunity to succeed. To date, more than 550 unattended readers have been deployed for use in vending, copying, laundry, revalue, pay-for-print and door access environments. An additional 50 online point of sale readers are in use.

Students are responding, using the card for payment in a very big way. During the 2002-03 academic year, smart card purse payments at Barnes & Noble neared $350,000; the Aramark food service locations saw more than $200,000 in purse payments; and Subway topped $175,000.

As new applications continue rolling out via the efforts of the UCF Card’s on-campus and vendor support team, this success should only continue to rise.

Vendors are continuing to find innovative uses for campus cards and other advanced technologies in places as seemingly mundane as the dormitory laundry room. The latest wrinkle: washers and dryers that are not only activated by the student’s campus card – that not only automatically inject the proper amount of detergent and fabric softener – but that actually can be linked to the Internet so students don’t waste time trekking to the laundry room only to find all the washers full. They can check the status of each machine in advance, in real-time via the web.

Two companies-USA Technologies, Malvern, Penn., and Mac-Gray, Cambridge, Mass.- have operational systems doing things like those described above.

USA Technologies in conjunction with Unilever (makers of Wisk and Surf detergents) created an online laundry payment, operating, and service system known as eSuds aimed at the college laundry market.

From the laundry room, students activate the eSuds system at a control hub with a swipe of their student ID cards or by keying in a pin number. The system automatically injects a pre-measured amount of soap and fabric softener into each load at the correct time.

But with IBM as a collaborator, eSuds is also able to connect these washing machines and dryers to the Internet, giving students a virtual view of the laundry room. They can then check machine availability, pay with their student ID and choose to receive an email or be paged when their wash and dry cycles are complete. This system also allows laundry operators the ability to go online to monitor service conditions, usage, and sales.

“Together, we are introducing a new ‘pay injection’ laundry service to college students, providing them with a higher level of service and convenience,” said Erika Bender, USA Technologies’ vice president and channel manager.

According to Ms. Bender, eSuds was initially offered as a service for operators and students, but now “has become a complete end-to-end solution. We’re working with Unilever to integrate our equipment and systems to deliver a seamless eSuds system on campuses.”

Also working to incorporate new technologies into their laundry offerings is Mac-Gray, the nation’s largest laundry facilities contractor serving the college and university market. Its PrecisionWash system will automatically inject liquid detergent directly into the wash cycle. While it may not seem like a revolutionary idea, to students it can be just that. PrecisionWash means no more buying, storing and lugging detergent to the dorm laundry rooms. And no more late night trips to the market for supplies. Combine this convenience with campus card-based payments and a revolution really has occurred in the way students do their wash.

PrecisionWash is currently in use at four Massachusetts schools: Babson College, Babson Park; Endicott College, Beverly; the Massachusetts College of Liberal Arts, North Adams; and Tufts University, Medford.

At Endicott College, Lynne O’Toole, vice president of finance likes the fact that the students use their existing student card. “Working with Mac-Gray, we successfully made the transition from coin to card-operated laundry equipment last year. Now with just the push of a button our students can also purchase detergent in a cashless transaction. It’s very efficient and it integrates seamlessly with our existing campus card system, which made this an easy decision for us. We began working with Mac-Gray on this project in March of this year, and we were glad to test the first prototype of the system.”

Another selling point is that the system is environmental-friendly. Because the system uses just the recommended amount of detergent, there’s no wasted soap that can damage clothes or the environment. “These colleges are committed to environmental responsibility,” said Stewart MacDonald, Mac-Gray’s chairman and chief executive officer. “The ‘green’ focus at these schools will now extend to the washers and the detergent used with the PrecisionWash system.”

Mac-Gray has been integrating college laundry card-operated systems for nearly 15 years. “We’ve introduced several new card technologies, including smart card systems for resident convenience,” said Mr. MacDonald. “With the PrecisionWash product, we are charting new directions.”

Its newest direction, though, will be, like USA Technologies, connecting its washers and dryers to the Internet.

According to the company, future developments will include Internet-linked laundry rooms that enable students to check machine availability and allow administrators to have remote access to usage and financial information for every machine.

Mac-Gray contracts its laundry rooms under long-term leases with property owners, colleges and universities and government agencies. These leases typically grant Mac-Gray exclusive contract rights to laundry rooms on the lessor’s premise for a fixed term, which is generally seven to ten years, in exchange for a negotiated portion of the revenue collected. The company operates about 30,000 multiple-housing laundry rooms in 27 states in the Northeastern, Midwestern and Southeastern United States and the District of Columbia.

CIDN logo reversed
The only publication dedicated to the use of campus cards, mobile credentials, identity and security technology in the education market. CampusIDNews – formerly CR80News – has served more than 6,500 subscribers for more than two decades.
Twitter

Feb. 1 webinar explores how mobile ordering enhanced campus life, increased sales at UVA and Central Washington @Grubhub @CBORD

Join Jeff Koziol and Robert Gaulden from @AllegionUS as we explore how mobile credentials and proptech are changing on- and off-campus housing.

Load More...
Contact
CampusIDNews is published by AVISIAN Publishing
315 E. Georgia St.
Tallahassee, FL 32301
www.AVISIAN.com[email protected]
Use our contact form to submit tips, corrections, or questions to our team.
©2024 CampusIDNews. All rights reserved.