Card, mobile credential, payment and security
Physical security workhorse begins giving way to contactless as price cuts and multi-technology readers eliminate hurdles
By Chris Corum, Executive Editor, AVISIAN Publishing
You can do more – and you can do it more securely – with contactless than you can with proximity. Few would argue with this statement, yet each year proximity technology continues to outsell contactless in the North American security markets. But new products, attractive pricing, and better market education are turning this tide, making contactless the technology of choice for many professionals charged with securing their physical and logical enterprise.
Contactless technologies use the 13.56 MHz frequency to communicate data between the card and reader while proximity technology uses the lower 125 KHz frequency. Contactless can enable read-write and processing capabilities that become increasingly important as additional applications are desired. Proximity cards are traditionally a read-only technology, where a simple identification number is encoded to the card prior to issuance and that data remains static for life. It is this difference that opens up the possibility for a more robust utilization of the contactless card.
According to Erik Larsen, Product Manager of Identity Solutions for Lenel Systems International, smart card technology enables a host of opportunities. “Post-issuance ID number changes and additions, electronic purse and cashless payment functions, biometric storage and authentication, network access and security, and more,” he explains are all made possible.
The processing capabilities of contactless technologies enable the card to ‘participate’ in the security process, authenticating itself to the reader and protecting its owner’s data until it has verified that the reader is legitimate. “On-board processing also secures key components of biometric identification, cashless transactions, and a wide range of other applications,” adds Mr. Larsen.
So why does prox still dominate in some markets?
With all these inherent advantages of contactless, why do so many security officers and card system managers still opt for proximity solutions? Until now, there have been a number of legitimate reasons for such a decision, though many suggest this is changing.
Price
There has been the issue of price. “Originally it was cost of cards and readers,” says Mr. Larsen, “but those have been addressed.” In fact, in one well-publicized promotion, HID Corp. began offering its contactless cards and readers for the same end-user pricing as its prox offering. According to HID’s product manager for High Frequency Products, Jack Bubany, “the cost for contactless smart cards and readers is comparable with prox and we are working hard to get this word out to the North American market.”
Infrastructure
So if the technology is superior and the price is comparable, what else could be the holdup? As is often the case with new technologies, legacy infrastructure has been a major deterrent for many buyers. The cost and disruption involved with changing out card readers throughout a facility and re-badging the cardholder population has delayed or dismissed many potential migrations during recent years. Says Mr. Larsen, “customers that have a current system in place want to know what is the cost for reissuance and when will the ROI make sense.”
With prior generation equipment, the answer to this question was often met with dismay. But multi-technology readers capable of communicating with both contactless and prox technology are changing the landscape.
Many of the leading security companies are now offering a multi-technology reader. It can significantly ease a transition from prox to contactless by eliminating the need for a mass re-badging effort. New employee cards, replacement cards, and those with need for added security or functionality can be issued the contactless card beginning day one, while other cards are phased in over time or simply allowed to churn via the normal cycle of employee and card turnover.
“Even if a company has not made a conscious decision toward a particular contactless smart technology it’s only a matter of time before someone from the IT department asks the security group about their smart card plan,” says Jon Menzel, President and CEO of reader manufacturer XceedID. “If a company has been purchasing Multi-tech readers over time (and used them as simple prox readers) then they will have already invested a substantial amount toward the smart card upgrade without allocating special funds to do so. This greatly reduces the follow on investment to move all cards and readers to contactless technology.”
But these multi-technology readers are proving to have an important role beyond just a transition-enabler. “Your entire population may not need to go (contactless) smart cards,” explains Mr. Larsen, “or they may not need to go on a first phase deployment. Look at a multi-technology reader for the common areas where both populations need access and then use the 13.56 only at the secure doors.”
“Many large companies are content with their current card populations but have disparate technologies in multiple locations (i.e. HID prox in New York, GE/Casi prox in Los Angeles, and Mifare in London),” explains Mr. Menzel. “… Multi-technology readers function with all of these cards simultaneously saving significant investment dollars required to transition to one card.”
In the past, HID helped clients address the migration from prox to contactless with cards that combined the two technologies, but a new reader provides another alternative. Says Mr. Bubany, “some may see the card as the best migration point and some may see the reader. It depends on the client’s specific environment and needs.”
Education
With the obstacles of price and infrastructure seemingly all but eliminated, what else could delay the move to contactless technology? According to Mr. Larsen, the final hurdle is market education. It seems that while the vendor community has made the transition relatively painless, the buzz has not yet caught up. Say Mr. Larsen, “the general population is thinking it is still too expensive.” Additionally there remains a distinct level of confusion as to the capabilities of contactless technology.
But the end user is not the only community in need of education. “The security reseller and integrator segments need thorough education to ensure they can best help their customers,” adds Mr. Larsen.
Any salesperson will tell you that it is generally easier to sell something you have sold before and know well. This existing comfort level with proximity technology is perhaps the last major hurdle to increased market presence for 13.56 MHz. “The key customer-facing component of this industry is the integrator layer,” says Mr. Menzel, “and they must buy-in to both the benefits of contactless technology and see a reward for selling it over other solutions.”
“At HID we conduct workshops in major cities,” says Mr. Bubany, “one for dealers and one for end users to help them understand what smart card technology offers them. The goal is to give them a level of comfort so that they can feel safe selling the newer technology to clients or implementing it in their organization.”
Next steps
Many suppliers of security components are actively working with resellers and integrators to educate them of the new environment surrounding contactless. As these programs disseminate the information on improved technology, comparable pricing, and stronger security, it seems likely that North America will trend toward contactless technologies … joining the rest of the world’s security markets.
In the next installment of our physical security corner, we will continue this examination of contactless and proximity technologies. Part two of this article focuses on issuance, contrasting the challenges and opportunities that the divergent technologies present to the issuing organization.
Lenel OpenCard Readers are now compliant with U.S. Government FIPS 201 Medium Level Assurance requirements, and also support backward compatibility with Lenel Prox cards, thanks to its private label OEM agreement that now allows XceedID multi-technology readers to be produced under the Lenel name.
Golden, CO and Rochester, NY– XceedID Corp. and Lenel Systems International announced that Lenel OpenCard Readers now contain additional functionality that will benefit Lenel customers in both government and commercial markets.
Lenel, a leading provider of software and integrated security management systems, and XceedID, a pioneer in the development of contactless RFID products, previously entered into a private-label OEM agreement to offer XceedID ISO-X multi-technology readers under the Lenel brand as the Lenel OpenCard Reader series. With the new functional enhancements, Lenel OpenCard Readers are now compliant with U.S. Government FIPS 201 Medium Level Assurance requirements, and also support backward compatibility with Lenel Prox cards.
FIPS 201 is a Federal Information Processing Standard developed by the National Institute of Standards and Technology to satisfy the requirements of HSPD-12, a Homeland Security Presidential Directive. FIPS 201 seeks to improve identification and authentication of Federal employees and contractors for access to Federal facilities and information systems. The compatibility of Lenel OpenCard Readers with FIPS 201 Medium Level Assurance enables a customer in the government sector to implement a more secure identity solution that some agencies require. It ensures that the ID card the employee or contractor presents to the reader was issued by the trusted application, and that the card itself can be trusted.
XceedID and Lenel have partnered to further customize the versatile ISO-X multi-technology readers for use with the Lenel OnGuard security platform. The result is a reader platform that provides unprecedented functionality. Using OnGuard OpenCard, Lenel’s smart card encoded information standard, the Lenel OpenCard Readers now support Lenel Prox and Low and Medium Level Assurance under FIPS 201, in addition to HID proximity, GE/CASI ProxLite , , Infineon my-dr, MIFAREr, MIFARE DESFirer, HID iCLASST and XceedID ISO-X. The devices can read proximity numbers, smart card serial numbers and the secure data application areas of contactless smart cards.
“Once again, XceedID has worked closely with Lenel to deliver unparalleled card compatibility in our reader products. This latest feature set provides compatibility to Lenel’s substantial installed base of Lenel Prox readers. Furthermore, it allows Lenel to offer the OpenCard Readers with FIPS 201 Medium Assurance security to its vast network of U.S. government end customers,” said John Menzel, XceedID President and CEO.
“Lenel is very pleased with the efforts that XceedID has made to meet our requirements for these new reader feature enhancements. This is just one of many examples that demonstrate XceedID’s level of commitment to Lenel,” said Erik Larsen, Product Manager of Identity Solutions for Lenel.
About Lenel
Lenel Systems International, Inc. is a global leader in the development and delivery of scalable, integrated systems for the commercial security market, with more than 12,600 system installations in 75 countries. Lenel is headquartered in Rochester, New York, with sales and support coverage in all major world markets. Lenel is a subsidiary of UTC Fire & Security (www.utcfireandsecurity.com), which is a business unit of United Technologies Corporation. More information can be found on Lenel’s web site at www.lenel.com.
About XceedID Corporation
Based in Golden, Colorado, XceedID is a privately held company dedicated to the design, development and supply of advanced contactless RFID products. XceedID pioneered development of multi-technology readers which combine traditional proximity and advanced contactless smart technology in one reader. XceedID products are sold through industry leading access control manufacturers. For additional information about XceedID Corporation please visit www.XceedID.com.
Compare FIPS 201 Products
By Chris Corum, Executive Editor, AVISIAN Publications
A newly-issued patent covering the movement of funds between accounts via the web is hitting close to home with campus card systems. No surprise as the patent was originally conceived to cover these transfers from a bank account to a campus card account.
In November 2005, United States Patent 6,963,857 was issued to JSA Technologies, a familiar name in campus card circles. JSA has been supplying value transfer solutions to colleges and universities since the late 90s. The technology enables web-revalue of campus card declining balance and other accounts.
“We had a working product late 1998,” says Jon Gear, Vice President of JSA, “and the patent was filed in 1999.“ More than six years elapsed between initial application and final approval, a timeframe that is not uncommon in the patent application process.
“It covers the transfer of funds between networks via the Internet,” says Mr. Gear. He stresses that the patent in no way impacts typical bank to bank transactions as these utilize a common financial processing network. It is when transfers occur from this traditional financial processing network into another network that the patent’s coverage seems to begin.
The opening salvo
In recent weeks, letters were sent from JSA to a number of companies and institutions that have developed systems that, according to Mr. Gear, may infringe on the patent. He adds, “we have not told any institution or organization that they are infringing. All we have done to date is (begin) to notify the market that we have this patent.”
Though the actual number of letters was not provided, it was suggested that there was between 10 and 20 parties notified. Campuses using systems supplied by vendors were not contacted, as the vendor would be the point of contact in these instances. “Schools only received the letter if they had a homegrown system,” said Mr. Gear.
What was the purpose of the letter? The intent can be found in the first line of the press release issued March 16, 2006, “Recently JSA Technologies contacted numerous private companies and several institutions of higher education regarding the licensing of a patent invented and commercialized by our company.“
JSA is seeking to license its patented technology. “We don’t want to shut anybody down,” says Mr. Gear, “if you are happy with what you are doing, we don’t want to stop you from doing it. We will just talk about licensing.“
When asked about the fees sought, Mr. Gear told CR80News that they were not yet determined. “It is premature to know what kind of fees would be expected and they will likely be determined on a case-by-case basis. The license fee will probably be negligible in the grand scheme of things.”
According to a company press release issued March 16, 2006, campuses with homegrown systems were contacted because, “we want to grant them licenses to our patent so they may continue their operations.” When asked by CR80News if campuses with in-house solutions developed for their own use prior to the issuance of the patent will be charged license fees, JSA officials stated that they would need a license if they developed the system after 1998 when the patent was filed.
That JSA is seeking license fees should come as no surprise nor should it be met with scorn. The fabric of an entrepreneurial and capitalist society requires protection of intellectual property. The patent is a hard-earned acknowledgement and legal proclamation of intellectual property. And patents are also not cheap. According to the release, JSA has “spent considerable time and resources developing and commercializing its patented software.”
Implications beyond campus cards
Reading the text of the patent, it seems likely that the reach may extend well beyond campus cards. Other financial systems that operate outside of the traditional banking network, but rely on it for revaluing or replenishment, may well be impacted.
Would gift cards architectures that operate within standalone or closed loop networks yet enable web-based value transfers from bank or card accounts be viewed as infringing? What about peer-to-peer payment networks like Paypal that rely on value transfers from bank accounts to fund their online payment service?
Mr. Gear said it was not something he was prepared to comment on suggesting only that, “we would have to have discussions to determine the extent to which these things may apply.”
Dissecting the patent into layman’s terms
We have done our best to translate the morass of ‘patent-speak’ into language that the average non-attorney can understand. The following translation is for the abstract of the JSA patent.
Actual language: The present invention is directed to methods of, and systems for, allowing an account participant to add value via a wide-area network to a first account from a second account. A first account server coupled to a wide-area network supports the first account. In a preferred embodiment the wide-area-network-accessible value transfer station (VTS) includes a central processing unit for executing instructions, and a memory unit. The memory unit includes an operating system, software for receiving from a participant via the network a) second account identification information, and b) a value that the participant desires to transfer to the first account from the second account, second account verification software for receiving the second account identification number from said receiving software and for verifying that the second account authorizes the transfer of the specified value, and value transfer software for receiving a value from the receiving software, for receiving a verification from the verification software, and for transferring the specified value to the first account from the second account if the verification is received. The wide-area-network-accessible VTS further includes conductive interconnects connecting the central processing unit and the memory unit to allow portions of the wide-area-network-accessible value transfer station to communicate and to allow the central processing unit to execute the software in the memory unit.
Translation: The patent is for a system that enables an account holder to transfer funds (or value) from one account to another account via the Internet (or wide area network). The first account operates on a specific network. A value transfer station (VTS) is a computer or similar device with connectivity to that network. The VTS runs software to accept (for the account holder) a second account number and a dollar (or value) amount to be transferred into the first account. The software also (1) verifies that the second account authorizes the transfer (e.g. that sufficient funds or credit are available), (2) receives the electronic transfer of the funds, and (3) adds that value into the second account. The VTS’ CPU and memory are connected such that the CPU can execute the software contained in the memory.
Text of the press release issued by JSA on March 16, 2006:
Recently JSA Technologies contacted numerous private companies and several institutions of higher education regarding the licensing of a patent invented and commercialized by our company. Since that time there has been much debate about the implications of the patent. It is my hope that this communication will address these issues and clarify our intentions regarding the enforcement of the patent.
JSA has been in business since 1998 and has spent considerable time and resources developing and commercializing its patented software. The patent was obtained to protect the business and intellectual property rights of JSA Technologies. Without the patent, companies with greater capital resources could use our invention for their financial gain and attempt to drive JSA Technologies out of business. That is why we sent communications to college and universities who have developed solutions that may infringe upon the patent. We want to grant them licenses to our patent so they may continue their operations.
JSA Technologies was founded on the principal that colleges and universities should be given the opportunity to choose their own path. No one company should be able to dictate what solution is used to satisfy a business objective. We spoke with many institutions frustrated with the limited offerings from their card system provider and developed our unique WebVTS™, StudentLink™ and MerchantLink™ products to address their needs.
We champion the concept of unique solutions and custom designs. That is why it is so important that everyone know our intentions regarding the patent. If JSA cannot meet the business requirements of a given college or university, we do not want to prohibit the institution from finding a solution that does. If, however, the solution uses our patented technology, we will request an appropriate licensing agreement.
We want you to choose JSA Technologies based on the quality of our product and not because we have a patent.
I encourage you to contact JSA if you have any questions or concerns about our patent.
David Johnson
President/CEO
JSA Technologies
(877) 572-8324 x2200
[email protected]
Additional resources:
To visit JSA online, click here.
To read the full text of the patent online, click here.
By Andy Williams, Contributing Editor, AVISIAN Publishing
Shackled by an outdated card program and its proprietary operating system, Nova Southeastern University (NSU) went looking for something bigger and better and, more importantly, a campus card that would enable the university to keep pace with technology.
With its 27,000 students, NSU, located in Fort Lauderdale, Florida, is the largest independent higher education institution in the southeast and the seventh largest in the U.S. Founded in 1964, the not-for-profit university has branch campuses in Miami and Dania Beach, with the Dania location housing the Oceanographic Institute, and what NSU calls “student educational centers” in Tampa, Orlando, Miami, West Palm Beach, and Jacksonville, Florida, Las Vegas, Nevada, the Bahamas, Jamaica, and Puerto Rico.
John K. Brueck, Jr., Nova’s director of Campus Card Services, said it was a “pretty elementary decision” to seek a new card program. “We were handcuffed with our current program. We can’t develop new applications or get new equipment because it’s a proprietary operating system, and it was getting more and more expensive to operate.”
Nova’s current campus card would not have appeared to “outdated” to many observers. It was a smart card with a 1k and 4k chip as well as proximity capability and a magnetic stripe. The system offers physical access to buildings and parking lots on campus, acts as a library card, and functions for a host of payments. “Through the smart chip in a contact environment, users can pay at POS stations, use copiers, pay for print, laundry and vending,” said Mr. Brueck.
Replacing the existing smart card system in pursuit of better functionality
But administrators felt constrained by the current system as they found it impossible to add functionality. In addition, they have several different cards –five in all – that are utilized for different functions. That was another reason the college needed change. Administrators wanted a single card – a true one card system.
He said the university “wanted to offer our students superior service. We needed to have a partner that could develop new applications and new opportunities, something that would ease the student experience and positively affect the way students move about campus. It made sense, then, to move to a larger card system that would offer more functionality.”
The college tasked Siemens Corporation, to start exploring what was available and what would work. “Siemens was already established providing infrastructure on our campus,” said Mr. Brueck. That included the college’s security system, including access control and cameras.
“We looked at various vendors based on where we wanted to go with our card program. Siemens identified SmartCentric Technologies International Ltd. as the best fit and reached agreement with the company to provide the smart card system.”
SmartCentric Technologies, based in Ireland, has successfully installed campus card programs, based on its SmartCity system, at about 15 universities, mostly in the U.S., including schools in Orlando and Tallahassee, Florida. SmartCity is a multi-application smart card-based system that includes stored value, loyalty, gift cards, logical access, physical access, biometrics, car parking and ticketing.
“Nova wanted a system that would give them the flexibility to grow their programs,” said SmartCentric’s CEO, Kieran Timmins. “They’re not just buying for today, but tomorrow.”
The partners – Siemens and SmartCentric – also had to take into consideration the university’s “complex requirements,” said Mr. Timmins. “Nova has very diverse campuses … the main one in Fort Lauderdale, one in the Carribean, etc.”
We are working very closely with Siemens,” said Mr. Timmins. “Siemens is on the ground doing project management, requirements analysis, and working with Nova to make sure the networks … the technical architecture is in place.”
Big plans for the new system
Every student – whether at the main campus, in the Bahamas, or in Orlando – receives a student ID card from NSU. However, it depends on what’s available at the specific campus as to what else the card can be used for, said Mr. Brueck.
“The ultimate goal is to take the applications on our south Florida campus, such as pay for print, and grow the applications, where prudent, to extend them to our other campuses,” Mr. Brueck added. “There might not be a need for a meal plan at Las Vegas but you might have web revalue. One of the other things is to have the ability to grow our program outside North America, to be able to do business in different currencies at the cash value stations. For example, the cash revalue stations in Jamaica would accept Jamaican dollars. If we open a campus in Europe, it would accept euros.”
This parallels with what Mr. Timmins says is “the concept behind SmartCity … not every card holder has to have the same profile or even the same size card. In the old days of smart cards, everyone had the same card. Now we can select very precisely who will need what.”
The SmartCity One Card., utilizes both contact and contactless technologies, Nova’s phase one applications will include student, faculty, and staff ID cards; cashless purchases at POS, vending machines, pay for print, meal plans; a web-based card revalue and card holder portal; and access control. The access control portion will incorporate both physical and logical applications and will use biometrics where needed.
The biometric portions, said Mr. Timmins, will be match-on-card. “When you do biometric authentication, you’re authenticating against the card, not a database.”
Mr. Timmins said the new system is planned for early 2007. “There is a significant amount of work that needs to be done, not the least of which is support for the Siemens Card operating system.” Siemens will be supplying the chip and the card, he added, “with SmartCentric supplying the software.”
The card will be a combi-card with prox and an embedded 64 k contact chip from Siemens on the card. “Biometrics (for physical access) can go on either the contact or contactless portion. The contactless portion of the card will support prox technology so the existing investment in prox readers will be maintained,” he added. “We’ll be taking out existing readers on laundry and vending and replacing with our own readers. In the initial phase we’re aiming to replace what they have today: vending, laundry, POS, pay for print.
Moving to the future
Web-based revalue will allow cardholders to look at the value on the card and where it was used. There are also plans for logical access, but I’m not sure which phase this will fit into. Next will be e-ticketing and off-campus use. Digital certificates (the ability to digitally sign documents) is also on the list of possibilities.”
“We want to go with single sign on and digital certificates, but whether we move in that direction or not, we’re currently evaluating,” added Mr. Brueck. The card-based digital certificate program would primarily be used at the university’s health care center.
As to moving off campus, it will come, but not right away. “We know we’re going off campus,” said Mr. Brueck. “There’s a lot of interest from retail food establishments with what we’re doing and students want to be able to pay for services off campus. Web revalue will help with that functionality.” That’s one of the reasons the college is planning to place up to four purses on the card.
In the e-ticketing phase, NSU cardholders will be able to pay for event tickets over the Internet and load the ticket to their NSU card, making entry to NSU’s University Center (opening in August) easier on the patron, said Mr. Timmins.
The initial rollout will be 30,000 cards. “We’re going through workshops with them at the moment to determine what will be in phases 1, 2, 3, etc.”
“We’re looking at doing what’s right,” said Mr. Brueck. “We’re taking baby steps. We’re being methodical and not growing beyond our britches too quickly. We feel very comfortable with Siemens and SmartCentric. We look at this as a partnership but also as a family because we’re going to be working very closely with them.”
Additional resources:
To visit the NSU card program on the web, click here.
To visit SmartCentric on the web, click here.
A Colorado-based manufacturer of contactless security readers has significantly strengthened its market position with a major announcement in the physical security space. XCeedID’s multi-technology readers - capable of reading prox plus an array of contactless card flavors (e.g. Mifare, DESFire, iCLASS, my-d) - have been selected by Lenel for private-labeling.
Lenel Privately-Labels XceedID Multi-Tech Readers
GOLDEN, COLORADO – February 9, 2006 – XceedID Corp. recently entered into a private-label OEM agreement with Lenel Systems International, the leading provider of software and integrated security management systems. XceedID Corporation’s innovative line of ISO-X™ Multi-Technology readers will now be available under the Lenel brand as the Lenel OpenCard™ Reader series.
XceedID and Lenel worked together to customize the versatile ISO-X Multi-Technology reader for use with the Lenel OnGuard® security platform, creating a unit with unprecedented functionality. Using OnGuard OpenCard™, Lenel’s smart card encoded information standard, the Lenel OpenCard Readers support HID® proximity, GE/CASI® ProxLite®, my-d®, MIFARE®, MIFARE DESFire®, HID iCLASS™, XceedID ISO-X and other technologies. The devices can read proximity numbers, smart card serial numbers and the data application areas of contactless smart cards.
“XceedID is pleased to be working closely with Lenel to deliver innovative reader solutions to the market. We expect our threaded partnership with Lenel to grow with current and future products and we anticipate that our combined offering will be a significant value-add for the Lenel customer base.” said John Menzel, XceedID President and CEO.
“Lenel is very pleased to now offer flexible, competitively-priced readers that support multiple card technologies with an open standard,” said Erik Larsen, Product Manager of Identity Solutions for Lenel Systems International. “The Lenel OpenCard Reader series provides a viable solution for customers who are transitioning from one card technology to a newer standard, or for those who require multiple card technologies in a complex access control environment.”
The Lenel OpenCard Reader series includes a mullion-mount reader, a mid-range reader and a mid-range reader with a keypad.
About Lenel
Lenel Systems International, Inc. is a global leader in the development and delivery of scalable, integrated systems for the commercial security market, with more than 12,600 system implementations in 75 countries. Lenel is headquartered in Rochester, New York, with sales and support coverage in all major world markets. Lenel is a subsidiary of UTC Fire & Security, which is a business unit of United Technologies Corporation (NYSE:UTX). More information about Lenel and its products can be found on the company’s web site at www.lenel.com.
By David Wyld, Contributing Editor, AVISIAN Publications
When visitors step up to the gates of the four Disney World theme parks, the Magic Kingdom, Epcot, Animal Kingdom, or the MGM Studios, they will encounter something unexpected and largely foreign to them. Disney has embarked on a program to use an established biometric technology – finger geometry – to secure its valuable passes. Ostensibly, this new security is for the benefit of the pass owner. However, it is also being implemented to secure Disney’s pricing structure and marketing strategy. It has not come without controversy – and at least a bit of confusion.
What is Finger Geometry?
Hand geometry has been aptly described as “the ‘granddaddy’ of all biometric technology devices.” It is essentially based on the fact that virtually every individual’s hand is shaped differently than another individual’s hand, and over the course of time, the shape of the person’s hand does not significantly change. Operationally, finger or hand scanning systems capture the physical, geometric characteristics of an individual’s hand – with most systems having the capacity to do so in less than a second. From these measurements, a profile or “template” is constructed which will be used to compare against subsequent readings by the user. Finger and hand geometry are considered somewhat interchangeable terms. However, hand geometry evaluates the person’s entire hand form as a biometric identifier, while finger geometry looks only at a subset of the five fingers to form the identifier. In either case, such geometry does not entail the taking of a person’s fingerprints. In a recent study, the National Academies of Science of Science found that while a person’s finger geometry is indeed far less distinctive than his/her fingerprints, hand or figure biometrics is indeed suitable as an identifier for a wide variety of circumstances, where one in a thousand uniqueness is sufficient.
Finger geometry has been used successfully since its commercial introduction in 1975, when it was brought to Wall Street for security purposes by the investment firm of Shearson Hamill. Over the years, it has been utilized to provide secure access and verify one’s identity in a wide variety of settings, including:
Probably the widest use of finger or hand scanning is in the corporate realm, where such scanning is used in complement with employee badges, passes, and ID cards to prevent payroll fraud, a seemingly intransigent problem which has been estimated to cost employers in the U.S. alone hundreds of millions of dollars each year. While other forms of biometrics may be growing more rapidly, there is still substantial growth potential for hand and finger scanning, In fact, according to Biometrics Info, hand geometry revenues have been forecast to reach $97.4 million in 2007, which represents an almost 400% growth in the market since 2002.
Giving Disney Your Fingers
Disney has moved over the past decade to use automatic identification in various forms. In 1996, the company moved away from a hard plastic laminated pass for all holders of multiday or annual passes, which contained both a bar code identifier and a photo of the passholder. In its place, Disney began issuing mylar paper passes. These new passes had no photo identifier, and indeed, contained only minimal visual evidence of ownership, basically only the guest’s name and the expiration date of the pass. Beginning in June 2005, all Walt Disney World parks began using finger scanning at its park entrances to complement the security measures embedded in its mylar passes. When a Disney guest presents his pass at the turnstile, he is asked to insert the pass into a reader, and after doing so, to make a “peace sign” with his index and middle fingers and insert those fingers into a scanning area. During the scan, a camera takes a picture of several points on each person’s index and middle fingers and assigns a numerical value to the image. The scan – which is accomplished in less than a second – measures the length and width of the individual’s two fingers and the spread distance between the digits. Once the scan is taken – and all adults are required to do so - the pass is returned to the guest.
For a number of years now, Disney’s marketing approach has been to shrewdly push the sale of multi-day and annual passes to its theme parks that comprise the Disney World complex (Disney passes are not interchangeable between its parks in Anaheim, California and Orlando, Florida). The pricing structure at Disney World’s is transparently meant to encourage its visitors to buy passes for longer stays at its Orlando properties. In fact, the daily price of a Disney park visit drops significantly as longer-lasting park passes are purchased – by half at the 7-day mark and by almost two-thirds at the ten day market. To put it quite simply, Disney makes about $200 more by selling five separate two-day tickets than by selling a single ten-day pass. So, to protect its revenue stream, Disney does not allow its annual or multi-day passes to be shared or transferred. They don’t want people to buy a ten-day pass, use it for two days, and then resell the pass to a buyer to use the remaining days.
Not only do longer stays mean that families visiting Disney World will have more opportunities to spend more money on food and beverages, souvenirs and trinkets, and other experiences, such as breakfast with Cinderella, while on Disney property. Perhaps even more importantly, the passes serve to “lock-in” guests to focus their Orlando visits on Disney parks, rather than spending their time – and money – at the competitor’s parks and other entertainment experiences available in this burgeoning family resort area.
A mixed reaction
From Disney’s perspective, the ticket tag is a necessary security measure that does not violate its customers’ privacy. According to Disney spokeswoman Kim Prunty, contrary to some reports, “We’re not keeping a database of fingerprints.” In fact, the company does not maintain a permanent database of scans, as the information is purged from its systems after the individual’s pass expires. Disney has also not disclosed the vendor for its biometric system.
However, Disney’s move to finger scanning has generated some degree of controversy since its implementation. Since Disney defines an “adult” park guest as being 10 or older, many minors are being subjected to finger scanning. Leading privacy groups have also attacked Disney’s move. The American Civil Liberties Union recently called the addition of biometric technology “a step in the wrong direction.” EPIC – the Electronic Privacy Information Center – recently issued a blistering attack on Disney for its use of finger scanning. It called the practice a “a gross violation of privacy rights,” as there is little notice given to consumers as to why their biometric information is being collected, how it will be used, and the protection afforded to the data. EPIC also criticized Disney’s move based on the legal principle known as “the proportionality test,” which can be encapsulized as whether the amount and type of information being collected equals the level of security being sought? To date however, there have been no lawsuits filed against Disney over its use of finger scanning technology.
Surprisingly, both at ticket sales’ locations and at the actual park entry points, Disney has not seen fit to post information on exactly what is being done when the park patrons are asked to make the peace sign and insert their digits into the reading machine. Most patrons – and even some public interest groups and media covering the developments at Disney - have assumed that the company is fingerprinting park visitors and matching the passholder’s print to the pass – and perhaps even other databases, such as criminal records, sex offender registries, and terror watch lists. This has led some industry observers to criticize Disney for having a corporate communications problem in not explaining the “why’s” for the use of the technology to its patrons, while others have seen fit to call upon Disney to find creative ways to leverage the technology - and the data it collects – beyond gate security to provide better in-park customer experiences for its guests.
Good technology often makes good business sense
What is certain is that we will see more such applications of finger geometry in the future, as Disney is by no means alone in exploring how this established technology in the theme park industry. Indeed, according to a report from The Orlando Sentinel, several of the company’s principal competitors are looking to implement similar pass protection technology to their valuable tickets and passes in 2006, including:
From the perspective of Dennis Speigel, President of International Theme Park Services in Cincinnati, such biometric scanning may be a necessary tool for the entire theme park industry. He recently observed that: “Tickets are very expensive for these facilities. If you can hand them off, it costs the parks money. The introduction (of this type of solution) will be used more broadly in the industry in the future.”
For now, the introduction of finger scanning seems to present Disney with an operational challenge to get visitors used to the new requirement. The reaction of Simon Henson, who visited Disney while on vacation, is common. As Mr. Henson put it: “Overall it’s good. But it seems to make the queues longer. No one seems to put their fingers in all the way on the first try.”
About the author:
David C. Wyld ([email protected]) is the Maurin Professor of Management and Director of the Strategic e-Commerce/e-Government Initiative at Southeastern Louisiana University.
ColorID, which supplies ID systems to the campus card industry, has named David Stallsmith to lead its Advanced Technology Cards Initiative, a new project designed to help the company’s customers integrate such technologies as biometrics, single sign-on, server-based authentication and data encryption.
ColorID creates new focus on Advanced Technology Cards
CORNELIUS, NC– ColorID, LLC announced it has hired David Stallsmith to head up its Advanced Technology Cards initiative, including prox, iCLASS, Mifare, DESFire and contact smart cards.
ColorID is introducing an array of solutions which will enable its customers to use their ID badges to log on to their computers and networks. David will manage the integration of technologies to provide customers with a range of applications such as server-based authentication, single sign-on, biometrics and data encryption. He will also continue to advance ColorID’s significant proximity and contactless card offerings.
Gary Smith, President of ColorID stated, “There are currently a multitude of card, software and biometric products available from many different manufacturers and vendors. David will work to find the best solutions available for our customers. We are excited to have him join the ColorID team”.
David attended the University of Cincinnati and graduated with Honors from the New England Conservatory. He was also a professor at Lawrence University and has owned his own business.
ColorID is one of the world’s leading ID system suppliers to the campus card industry. ColorID’s products are used in “One Card” systems, access and control systems, computer networks, point of sales systems and loyalty systems. ColorID supplies a full line of ID products including ID stations, ID printers, system software, ID ribbons, proximity cards, pre-printed cards, blank cards, smart contact cards, logical access solutions and ID badge accessories. ColorID also offers full support and installation services on the entire product line. ColorID supports products by Fargo, Eltron, Zebra, DataCard, HID, Indala, AccessID and many other manufacturers. Contact ColorID at 704-987-2238 or toll free in Canada and the US at 888-682-6567. Visit ColorID on the web at: www.colorid.com or email at [email protected].
