Card, mobile credential, payment and security
It was 20 years ago when Hurricane Katrina hit the Gulf Coast, devastating cities and towns across Louisiana and Mississippi. Nearly 1400 people lost their lives and – adjusted for inflation – it remains the most costly hurricane in U.S. history.
For countless families and individuals, life was changed forever, and negative impacts are still close at hand. But occasionally instances of good come out of even the worst events.
Such was the case when a student ID card that was lost during the storm was returned to its owner at Katrina’s twentieth anniversary.
Driven to solve the mystery, Copeland posted a photo on the high school’s alumni page. It did not take long for people to respond.
While walking a stretch of beach at Gulf Islands National Seashore, park ranger Becky Copeland spotted something in the sand. She unearthed a small piece of history — a beaten but intact student ID card buried below the surface.
"It was so dark and weathered, but still intact," Copeland says during an interview with CBC Radio's As It Happens.
At first, the card seemed like just another item for her collection of unusual finds such as messages in bottles. The only visible clues were the year 1969 and the name of a high school in Birmingham, Alabama.
Unfortunately, the name of the cardholder was no longer visible so Copeland assumed its owner would forever remain a mystery. But recently, while rearranging her collection, she was stunned to see the faded lettering had become legible.
The card belonged to Cathy Hamel, who graduated in 1973.
Driven to solve the mystery, Copeland posted a photo on the high school’s alumni page. It did not take long for people who knew Hamel to respond.
From Katrina’s fury to a heartfelt reunion
Hamel had moved to a small town on the Mississippi coast years before Hurricane Katrina washed away the entire community. The night before the storm, she evacuated to house further inland, but even there the storm surge reached her in the attic. Thankfully, she made it through.
When she returned the following day, her home was completely gone — reduced to a concrete slab and a porch swing hanging from a tree. The few belongings she saved were two photo albums and some insurance papers.
But two decades later, her student ID card that had been lost to the storm resurfaced.
The beachcombing park ranger, Copeland met Hamel at the Gulf Islands National Seashore visitor center, and they embraced immediately.
Hamel called Copeland an angel, “because she did all the legwork to find me to return it."
For Hamel, the recovered ID is far more than a plastic card – it’s a tangible reminder of resilience, loss, and the kindness of strangers.
The head of University of North Carolina at Chapel Hill’s ID program spoke with CampusIDNews about the decision to require all students, faculty, and staff to use mobile credentials. Unlike many institutions that allow individuals to choose between a mobile ID or physical card, Chapel Hill adopted a mobile-first approach to streamline access and align with sustainability goals.
“On campus we are mobile first, which means that is your requirement. You get your mobile credential – you don’t get anything else,” says Melinda Bakken, Director of Campus Services and Person ID at UNC Chapel Hill.
Physical cards are still provided for rare circumstances, such as secure laboratory environments where phones are prohibited or for police officers who need backup access in case of phone failure.
Bakken explains that the mobile requirement was motivated by UNC’s “three zeros” initiative, which includes reducing waste by eliminating the routine issuance of plastic cards.
In addition to sustainability, the shift has also enhanced security and reduced card sharing, particularly in dining halls.
At least once a day someone will come and tell us that they have to have a physical card. They say 'I'm going non-digital.' I say, no problem, show me your canceled phone bill.
“We used to have situations where students would drop their card down [from the second floor] to a friend after swiping in,” Bakken says. “You’re not going to drop your phone. Most people will barely give you their phone to look at.”
While the transition has been largely positive, some students and staff have expressed concerns. Some simply prefer having a tangible ID while others want it as a souvenir of their college years. To address these needs, Bakken is exploring commemorative cards made from sustainable materials.
To listen to the full interview, click the image at the top of this page
TRANSCRIPT
On campus we are mobile first, which means that is your requirement. You get your mobile credential – you don't get anything else.
We do of course have always special cases. We have our labs, our BSL3 labs and BSL2 labs, where you are not allowed to bring a phone into the laboratory. They must have a physical card to bring and badge in.
Our police officers also get both just in case there is an instance where they have phone damage. We still want them to be able to get in, protect, do whatever they need to do.
And then of course animal labs, which we don't talk about.
I came to the decision to be mobile required because it would save on plastic. At UNC we are trying to be three zeros.
Of course, you know, there are always the caveats. There are special cases, but I think it's a good move for the campus and it supports our mission.
At least once a day someone will come and tell us that they have to have a physical card.
We are considering a commemorative card, and I think that's a good plan for us. I want to look into possibility of getting more sustainable products in order to print those cards.
Sometimes it is needed, for example, we actually just had a case where a Spanish visa was needed and the requirement online is that there is physical card, it cannot be a screen print. A physical card has to be copied three times and sent to the consulate.
He had to send a copy of his UNC one-card student card to the consulate in order to get approved for a student visa.
Some of the other ones that we have are, I don't want my phone anymore, I'm going non-digital. I say, no problem, show me your canceled phone bill and I'm happy to take care of you.
I won't say all, but some people are just kind of giving an excuse because they want that physical representation.
I've actually gone to a number of sessions and meetings about doing a commemorative card, and I think that's a good plan for us. I want to look into possibility of getting more sustainable products in order to print those cards.
I think going mobile is a great idea for other campuses because are connected to that phone. They always have it. They don't lose it. They don't even lend it out.
So it stops some of the sharing in places like dining halls.
They do have their concerns like 'What if my battery dies?' I'm actually working on a solution for that too with a power bank vending machine.
We used to have actually a situation where the student would go up the escalator and then they would drop the card down to their friend.
You're not going to drop your phone. You're not going to get in. Most people will barely give you their phone to look at. So, I think it is a good solution.
With mobile credentials, it's really exciting when you see the students getting excited about it. The first experience I had is when we were actually testing, and we went to the gym to test the readers.
We were not supposed to be telling the students yet, but he was at the front desk and saw it, and he was so excited about it. That's the thing that I enjoy about it when they get excited and pumped for using it.
They do have their concerns. What if my battery dies? What if this? What if that?
I'm actually working on a solution for that too with a power bank vending machine.
We're trying our best to help with all the concerns.
In today’s rapidly evolving educational landscape, understanding student behavior has become essential for improving learning outcomes and offering personalized support. A new study combines large language models (LLMs) with data from multiple campus sources to gain deeper insights into how students’ daily habits relate to academic performance. By analyzing student information system data, dining transactions, and exam scores in tandem, this system could provide a new tool to identify at-risk students early and improve educational interventions.
Traditional methods of analyzing student behavior often focus on isolated data sources, such as exam results or campus card usage. But this study, An Intelligent Educational System: Analyzing Student Behavior and Academic Performance Using Multi-Source Data, integrates multiple data streams, including demographic information, test scores, and more than 375,000 campus card transactions. The goal is to uncover hidden patterns linking daily behaviors, like dining habits, with academic performance.
Future studies could broaden the approach by integrating additional behavioral indicators, such as library visits, dormitory access logs, participation in campus events, or online learning activity.
The research team developed an AI-driven agent powered by LLMs that uses time-series analysis to track changes in both student behavior and academic outcomes. Though the data for the study was anonymized, the agent could ultimately produce individualized reports for teachers and parents, summarizing progress, behavioral trends, and potential warning signs. This would allow for data-driven decision-making, helping educators intervene before students fall behind.
For example, if a student’s dining patterns shift dramatically alongside declining exam scores, the system can flag potential challenges such as stress, health issues, or disengagement, prompting timely outreach from faculty or advisors.
At the core of this system is a meticulously constructed dataset drawn from three sources:
By fusing these diverse data sources, the research team created a resource that supports predictive modeling. When evaluated against traditional models, this new LLM-powered system demonstrated high accuracy and consistency in generating behavioral insights.
The study highlights the transformative potential of intelligent agents and LLMs in education. By providing accurate, interpretable reports, the system empowers universities to detect risks early, improve student outcomes, and make smarter, data-driven decisions.
For example, if a student’s dining patterns shift dramatically alongside declining exam scores, the system can flag potential challenges such as stress, health issues, or disengagement, prompting timely outreach.
However, the researchers acknowledge its current limitations. The dataset was drawn from a single college within Xinjiang Normal University, which may limit its applicability across other institutions. Additionally, the focus on exam scores and dining data captures only a small slice of student life.
They note that future studies could broaden this approach by integrating additional behavioral indicators, such as library visits, dormitory access logs, participation in campus events, or online learning activity. Expanding these data streams would provide a more comprehensive picture of how students engage with their educational environment.
This research marks a step forward in connecting everyday student behaviors with academic success, proving that when diverse data streams are intelligently analyzed, they can unlock valuable insights to guide the future of education.
In this episode of CampusIDNews Chats, Tony Erskine, Founder and CTO of CloudCard, shares how the company’s Remote Photo solution simplifies the process of student ID photo submission. Since its start in 2015, the company has grown into a widely adopted mainstay across higher education, working with all major one card providers.
We’re making it feel like magical photo elves took a picture of your student for you and then dropped it into your one card system.
“Basically, we’re trying to make it feel like magical photo elves went and took a picture of your student for you and then dropped it into your one card system,” says Erskine.
Remote Photo eliminates the need for students to visit the card office, instead allowing them to upload pictures through a streamlined, AI-enhanced workflow. The system automatically removes backgrounds, enforces consistent sizing, and prompts students to resubmit photos if they don’t meet requirements.
When CloudCard first launched, every student photo had to be moderated manually. But as AI technology evolved, the company integrated automated classifiers to approve or reject submissions. Today, a photo goes through about two-dozen classifiers or checks prior to approval.
Some institutions rely fully on automation, while others keep human review in place.
“The students don’t always read, and that’s okay because I don’t always read,” Erskine jokes, highlighting how the system helps students correct mistakes without slowing down the process.
Beyond photos, Remote Photo now supports government-issued ID verification. Students can upload a passport or driver’s license alongside their ID photo, and CloudCard’s system uses facial recognition and optical character recognition (OCR) to confirm identity details. This reduces the burden on card office staff and eliminates the need for in-person verification.
By blending automation with flexibility, Remote Photo not only saves staff time but also meets students where they are—online, mobile, and expecting convenience.
To watch the full interview, click on the image at the top of this page.
I'm Tony from Remote Photo by Cloudcard and we are an online photo submission system that got its start out of Liberty University where I built their system in 2014.
In 2015 we launched right here in NACCU, so it's actually our 10 year anniversary coming to NACU and kind of like a homecoming.
So what do we do?
We capture photos, we make it so that the students don't have to come into the card office at all, especially when you compare it with mobile credentials or something like that.
We provide an AI-enabled workflow because to be honest students always don't always take the best photos, right? So, we'll remove background, we'll crop it, consistent aspect ratio and size and all of that.
And then on top of that we tell them when they do things wrong. Because you know what? The students don't always read and that's okay because I don't always read.
We don't hold them to that. We just tell them we can't take that photo and then we make them take another one.
Basically we're trying to make it feel like magical photo elves went and took a picture of your student for you and then dropped it into your one card system.
We started pretty small back in 2015 with three customers. So, a quick shout out to Pacific, ODU and Mercer University who took a chance on us early on which is super awesome.
And now we are, gosh we've partnered with pretty much all the one card systems. It doesn't really matter who you're working with or what you're doing.
We're kind of the standard for online photo submission in higher ed and it's really great to be here at NACCU and working with all our great partners.
Early on when we built the first iteration of the system, every single photo had to be moderated by a human being, and as we got into the 20-teens computer vision was coming along. In 2017 we built as far as I know the first ID photo classifier where we were able to look at a photo and say yeah this photo belongs on an ID card or no it doesn't.
That has allowed many of our institutions to completely delegate that to what we call “Helper Robot” because you know he's kind of helpful. We've added on to that over the years so we've gone from a single classifier to right now there's there are probably two dozen smart filters that a photo passes through on its way through the workflow.
Some of them will auto deny some of them will auto approve but some of our customers still look at every photo because that's what works for their workflow and that's totally cool.
Speaking of AI, we are now able to take a government issued ID like a passport or driver's license, and we can accept that at the same time we accept their ID photo. Then we do facial recognition, and we do optical character recognition to read the driver's license. We compare their name or their address or whatever it is that you want us to check for on the ID.
Again it allows you to offload some of the work that was previously done by a human where now they don't even need to come in for you to verify their ID. It's really helped out a lot.
If you're interested in learning more about Remote Photo or if it seems like it might be a fit for your organization, you can check us out online. The first step would be for us to schedule a quick 15-minute call to see if there's a fit and if there are problems that we can help you solve. We'd love to talk with you.
A joint webinar with ColorID and HID Global will explore the future of campus identity. The title for the event is “Modern Campus 2.0: Building Bridges, Not Fences, with Mobile Credentials,” and it will take place on Wednesday, Sept. 24, 2025, from 2-3 PM EDT.
As the need for flexibility, security, and seamless integration increases, universities face challenging decisions about their credential ecosystems. In this 45-minute interactive session, industry leaders from both ColorID and HID Global will share practical strategies to address these challenges.
You’ll hear perspectives from both solution providers and industry innovators about the path to a “modern campus.”
Phil Coppola, Mobile Technology Evangelist, HID Global
Phil focuses on video surveillance, mobile credentials, and physical access control systems, and currently serves as the Business Development Director for Mobile Solutions - PACS North America at HID. With a strong emphasis on innovation and client-centric solutions, he is instrumental in shaping the future of mobile credential technologies in the security industry.
Sanjit Bardhan, Vice President & Head of Mobile, HID Global
Sanjit leads global strategy and adoption of mobile access solutions for HID. Renowned for coining the industry’s evolution as the “path from plastic to platform”, Sanjit articulates the journey from physical ID cards to mobile apps, digital wallets, and integrated identity. His thought leadership has been featured at major global conferences and in publications such as The Economist, Security Info Watch, and Intelligent CIO.
Danny Smith, Owner, ColorID
Danny co-founded ColorID in 1999 and has guided its evolution into a global leader in identity solutions for higher education, healthcare, enterprise, and government.. Under his leadership, the company has built a comprehensive portfolio of technologies, most recently strengthened by the acquisition of CardExchange and its next-generation cloud credential platform.
David Stallsmith, Director of Product Management, ColorID
David has worked closely with manufacturers, vendors, and end users to promote understanding of the complicated products and services that comprise the identification industry. He has helped many universities, healthcare facilities and government agencies evaluate and select contactless, mobile ID, and biometric systems.
Register Now
Three deployments of campuswide access control and mobile credentials were successfully launched by Acre Security, a provider of both on-premises and cloud-native physical security solutions. Two of them – the University of Virginia and George Mason University – were done in partnership with transaction system provider Atrium.
Across the three institutions, nearly 70,000 students can use a single credential – a physical card, mobile device, or biometric – for access to residence halls, academic buildings, and other facilities. In addition, the same credential enables a host of privilege controls in areas such as libraries and rec centers as well as payments in dining facilities, bookstores, and retail locations.
At George Mason and University of Virginia, Atrium-powered mobile credentials are elevating the student experience and increasing security.
The platform controls access to all campus facilities, but it also provides administrators with real-time visibility for threat detection, emergency management, and campus-wide or zone-specific lockdowns during active threats. Digital mustering provides automated tracking during evacuations and shelter-in-place situations.
One of Acre’s differentiators is that we offer both cloud-native and on-premises systems so that institutions can choose the architecture that best fits their requirements
“One of Acre’s differentiators is that we offer both cloud-native and on-premises systems so that institutions can choose the architecture that best fits their infrastructure and security requirements,” says Acre Security’s CEO Kumar Sokka.
The company says its roadmap includes AI-powered anomaly detection for proactive threats, enhanced biometric options, integration with campus transportation and off-campus services, and advanced visitor and contractor management.
These campuses add to the two companies’ growing list of shared clients. Prior implementations include University of Utah, Ferris State University, College of William & Mary, Longwood University, and Palm Beach State College.
“Acre is one of Atrium's valued PACS partners, bringing deep expertise in access control and security solutions,” says David McQuillin, VP Sales, Co-Founder, Atrium. “We have a powerful, proven connection with AccessIt! and are working with them to build a similar connection to their cloud native Acre Access platform.”
Acre and Atrium at George Mason UniversityGeorge Mason has been an Atrium client since 2013. The campus uses Acre’s on-premises AccessIt! solution for campuswide access control.
According to McQuillin, they have a powerful two-way API connection between the Atrium and Acre platforms.
The campus uses HID’s mobile credentials and readers. They also have locks from Assa Abloy and dormakaba as well as IrisID biometric readers.
The University of Virginia selected Atrium in a competitive process in 2024. Today, Atrium provides the traditional array of transaction system functions, an omnichannel point of sale system, ID card production, and mobile credentials.
UVA is Atrium’s first Allegion mobile credential implementation, it supports both Apple and Google Wallet, and the institution owns their encryption keys.
UVA is Atrium’s first Allegion mobile credential implementation, it supports both Apple and Google Wallet, and the institution owns their encryption keys.
“We partnered with A-Tech, a leading access control VAR in Virginia, and led UVA through a process in which they selected Acre’s AccessIt!” explains McQuillin.
The campus uses Allegion readers and Schlage locks. They also have facial and iris recognition readers from Princeton Identity.
In today’s landscape, campus safety requires more than just physical access.
“What’s needed is an intelligent ecosystem that protects students from both traditional and emerging threats," says Jeff Groom, Director of Engineering AI at Acre Security. "Our AI capabilities are designed to identify unusual patterns … and the platform continuously learns and adapts to each institution's unique security landscape."
For Atrium, these implementations show the diversity of their mobile credential and access control capabilities. McQuillin calls it their ‘one size fits one’ philosophy that ensures each client gets the best solution for their campus.
He explains it this way: “UVA had a large existing investment in Allegion readers and Schlage locks, so they decided that using Allegion as the mobile credential provider was best for them. GMU had a large investment in HID credentials, HID readers, and Assa locks so it was best for them to go with HID mobile credentials.”
Advancements in credentials, biometrics, and access control system and security capabilities are improving life for students at University of Virginia, George Mason University, and Rockhurst University. But it is not just these three institutions. It is occurring across the country as institutions work to increase safety and student satisfaction.
When we hire student workers in campus card offices or other auxiliaries, the obvious benefit is financial support. But as the story of one Michigan State University student shows, the true value of student employment extends far beyond a paycheck.
In an editorial in The State News, one student describes how on-campus employment shaped her in ways she’d never expected.
She began her campus job at the Spartan Greens Turf Complex expecting little more than learning how to check campus IDs as students arrived to participate in intramurals. Instead, she quickly discovered that her job taught her responsibility, independence, and organization. By managing time, budgeting paychecks, and working with others, she developed life skills she hadn’t anticipated.
Campus jobs are more than just work-study opportunities. They foster transferable skills that serve students well beyond graduation.
As her college career progressed, she expanded her campus employment to include other roles that further impacted her growth. refereeing intramural volleyball and basketball and creating social media content for The State News. Refereeing intramurals allowed her to stay connected to her passion for sports while teaching her work-life balance. Her position at The State News immersed her in a supportive, creative community, that gave her a new level of professional confidence.
True this is just one student’s experiences, but it highlights that campus jobs are more than just work-study opportunities. They foster independence and responsibility that translate into transferable skills that serve them well beyond graduation.
For higher ed administrators, the takeaway is that student employment is not only about helping students cover expenses. It is an avenue for personal and professional growth, preparing them for life after college in ways that classroom learning alone cannot achieve.
For the student employees in your card office or potential hires, encourage them to read the article from The State News. It could give them a broader perspective on the opportunity in front of them.
OrderAhead is a dining and mobile ordering application developed by TouchNet for use at colleges and universities. The system is designed to enable campus administrators to manage dining hall capacity, regulate order flow, and accept payments from both campus card accounts and traditional payment cards.
Administrators have full control over the platform, including menu configuration, promotional codes, order limits, and location-specific settings. The system supports integration with existing campus systems and offers optional features such as loyalty programs and customizable reporting.
It learns, predicts, and controls traffic and capacity. It can even spot trends and analyze history to take the guesswork out of staffing, inventory, and menu planning.
TouchNet OrderAhead collects and analyzes real-time data on usage patterns, reservations, and transaction history. This information can be used to monitor capacity at specific locations, identify trends, and inform staffing, supply, and menu decisions.
The video provides a thorough demo of both the user experience and the administrator interface. It shows how students navigate the app to place their fine-tuned orders and make payments. Administrator functionality includes visibility into orders, inventory, and menus.
The app can be fully branded to the institution’s color scheme, logos, and identity.
By combining administrative controls, user-facing ordering tools, and detailed reporting, OrderAhead can manage both the operational and customer-facing aspects of campus dining.
To see it in action, click the image at the top of this page.
In a recent interview with CampusIDNews, Danny Johnson, Regional VP of Sales for Transact, highlights the company’s new IDX platform as well as other innovations.
He describes IDX as the first fully cloud-architected, multi-tenant transaction system in higher education. By operating in the cloud, IDX unlocks new opportunities for campuses to access and use their data in innovative ways.
The Transact Insights product delivers advanced data visualization tools for both the company’s payments and commerce products. Institutions can monitor spending trends, payment preferences, transaction times, and purchasing behaviors in real time, allowing them to fine-tune student services.
Insights integrates seamlessly with Transact’s cloud point-of-sale system, and for institutions with existing analytics tools, a streamlined real-time data feed is available. This flexibility ensures campuses can harness actionable intelligence regardless of their current technology setup.
Mobile credentials remain one of Transact’s most successful offerings, purpose-built for the unique demands of higher education. Beyond access control, mobile credentials integrate with diverse campus systems – from library checkouts to recreation centers –many of which run on legacy platforms. Transact’s SIS payload feature addresses this by transmitting student ID numbers to these systems in formats they understand, eliminating the need for costly system overhauls.
Johnson also introduces Transact Verify, a cloud-based reader that replaces older iValidate and PR5000 devices. This versatile solution supports event attendance, meal plan verification, point-of-sale functions, and more.
Check out the full conversation by clicking on the image at the top of this page.
TRANSCRIPT
My name is Danny Johnson. I've been with Transact since 2005. This is a very exciting time for us since we recently merged with CBORD. It added all our clients together, so we are now a very, very large company servicing the higher ed industry here in the U.S. and worldwide.
What we're most excited about, especially at this NACCU conference, is our IDX product. It's named for a brand-new ID experience.
It is, as far as we know, the first and only cloud architected and designed transaction system that truly uses all the multi-tenant, cloud microservices.
It's incredibly exciting where we're going.
We're actually consolidating six transaction systems all into one.
So, this one, we're investing heavily.
As far as I know, this is the largest investment in the architecture of a transaction system ever seen in our industry.
I think our clients are ready for a multi-tenant true cloud system.
It enables something that I think will be revolutionary for our industry, and that's access to the data in new and creative ways.
By moving to the cloud, it gives us abilities to do things with the data that we just couldn't do before.
Insights, another product that we've recently released, is a perfect example of that.
We first released Insights into our integrated payments vertical, and our clients are using it already to look at how students are making payments on campus, what types of payment methods they're using, and using that business intelligence to really modify their processes and become more efficient.
We're seeing the same thing in our commerce side as well. We've released Insights for all our commerce products.
Insights gives campuses real time data on where students are spending money, how long it's taking for them to access food, what they're ordering, and more.
Our cloud point of sale is feeding information into Insights where campuses can see in real time exactly where students are spending their money, how long it's taking for them to access food, how they're paying for that, what they're ordering and where.
With that amount of information, campuses can fine tune the student experience and design it exactly the way that they want.
A lot of campuses already have something that they're using to visualize their data. In those cases, we've streamlined Insights into just a real time data feed.
So, if you already have a platform that you're using to model your business intelligence, great. What we'll do is we'll just strip down all the data, feed that into your system, instead of using the full Insights product.
We have different flavors for different types of institutions depending on what their resources are, what they already have in place and how they go about their business.
Mobile credentials continue to be a very, very successful product for us.
We are by far the dominant mobile credential in the higher ed market, and I think there's a couple of reasons for that.
One is it's designed for higher ed.
Although mobile credentials have been around for a long time and access control companies offer in the commercial space, it's very different in higher ed in the way that students use their mobile credential.
The SIS payload capability of our mobile credentials allows us to send the student number to legacy systems in areas like libraries, rec centers, and meal plans.
It's not always just the credential that you need to pass from your phone over to a reader.
Campuses are like mini cities.
They have departments, they have different aging systems, they have platforms on campus like in the library, how students check out books, in the rec center, taking tests.
There are all kinds of platforms that are using the campus ID today. Different systems that are using the campus ID are sometimes legacy or outdated. You just don't have the ability to have a mobile credential number inputted as the student number in those systems.
We understand that because we've been in this business for 40-plus years.
So, we've included a payload in that mobile credential read.
We call it SIS payload, and it basically allows us to send the student number through the mobile credential read to those legacy systems.
This way you don't have to upgrade absolutely everything on campus.
We've created ways and phasing to allow campuses to move in that direction and not have to do everything.
That's one of the differences of partnering with a company in the space for mobile credential as opposed to using an access control mobile credential out there.
With the merger and the partnership with CBORD, it's even more exciting.
CBORD has also been a pioneer in the space, bringing those access control mobile credentials to their campuses.
Now they have access to the Transact mobile credential as well.
We're bringing choices.
We expect to continue working with Allegion and with HID for those mobile credentials on those campuses when they already have that infrastructure in place.
If they don't and they're still planning it, they have access to the Transact mobile credential in the future as well, too.
We always show up strong here at NACCU. It's a very, very important organization and conference for us. We have a big team here.
We always have a large booth, and we try to bring as many of our products to showcase and touch and feel, look at them and really get an experience for them.
We also have our brand-new product called Transact Verify here as well.
It is a purpose-built reader that we can use for event attendance. It will eventually replace the iValidate product that we've had out on the market for a while, as well as a reader called the PR 5000 that many campuses are using for point of sale and for activities, for meal swipes, for meal plans to go into dining halls.
All of that will be replaced with a very, very elegant cloud solution called Transact Verify.
In addition to that, we have our entire commerce platform.
We have our mobile ordering kiosks where the guests here at NACCU can look through, see what it's like for students to order food, how they can update the prices and menu pictures across their entire commerce platform. And not just through mobile ordering and kiosks, but also their point of sale – all by just updating one location as opposed to having multiple systems that they have to go out and update those prices, the pictures, or change the description, change the product names, the foods, and that sort of thing.
Now they can just do it once and it will automatically change across their entire platform.
In the second article in our series titled Chips, formats, and encryption – we explore card formats. In the previous article, we learned that chips store and process data, but it is the format that defines the specifics of the data – the number of digits in the string and what each area of the string means.
Consider this series of digits, 2024567041. Now look at it this way, (202) 456-7041. An established format defines that a phone number will include ten digits with the first three standardized as the area code.
The format provides order, but the format is not the actual number. That unique number identifies – or dials – the White House.
Similarly, a format defines the way data is stored on the credential, but each cardholder has a unique number.
You often hear an end user say ‘I have a 35-bit card,’ but they are confusing the 35-bit format with the card or chip itself.
For identity and access control professionals, the differences between chips, cards, formats, and numbers are subtle. They are, however, crucial to managing systems.
Understanding the options within each category can ensure you make the most appropriate selections for your campus. It is also crucial in ongoing purchasing processes to make sure you are specifying cards, formats, and numbers that will work in your environment.
Each concept is applicable to both cards and mobile credentials, and understanding them is key to making informed decisions for your campus card program.
“It is always a challenge to explain to customers the difference,” says Todd Brooks, Vice President of Products and Technology at ColorID. “You hear ‘I have a 35-bit card,’ but they are confusing the 35-bit format with the card or chip itself.”
He explains that the same format can be used on any card type, because the format is just the way the data is parsed.
The 26-bit format – also known as the Weigand format – is the oldest and most common. It allows for the smallest number of digits, however, and this provides limitations.
A bit is a binary term for a zero or a one. Thus, 26-bit format consists of 26 zeros or ones laid out in a specific pattern. The initial bits form the three-digit site code with 256 total options. The remaining bits form the ID number with 65,536 options.
The initial bits form the three-digit site code with 256 total options. With that limited number of unique codes for organizations worldwide, there are plenty of duplicates.
The limitation is that with only 256 site codes for organizations around the world, there are plenty of duplicates. While 65,536 seems like a lot of unique numbers, many organizations have thousands of cardholders.
Any card reseller worldwide can issue 26-bit cards so there is no control over numbering systems.
“Because 26-bit is an open protocol, no entity is managing the number range so if care is not taken when placing orders, programmed ID numbers can overlap from one order to the next,” says David Stallsmith, ColorID’s Director of Product Management. “If this occurs, the new batch of cards cannot be entered into your system because the numbers are already in use.”
Moving beyond 26-bitDespite the industry’s concerns, the 26-bit ‘OG’ format remains difficult to displace.
“It works in everybody's system, and some older access control systems can only handle 26-bit,” says Stallsmith. “Even when systems support longer formats, many security managers are reluctant to use them.”
But he stresses that upgrading to more versatile formats makes sense. That is why security-conscious organizations have moved beyond 26-bit.
We highly recommend against starting with a 26-bit format. HID and Allegion offer formats of 35-bit, 40-bit, 48-bit, and they will manage the number range for you.
“We highly recommend against starting with a 26-bit format,” Stallsmith says. “HID and Allegion offer formats of 35-bit, 40-bit, 48-bit, and they will manage the number range for each customer which is a nice feature.”
The longer the bit structure, the more digits can be stored. The more digits, the more uniqueness for site codes and credential numbers. This is crucial to the successful operation of all the systems that use cards to authenticate and grant access, but it is not the same as data security.
“True security is in the chip and encryption, not in the format,” says ColorID’s Brooks.
There are thousands of other formats, but many are custom and can only be purchased from specific dealers. In some cases, manufacturers will create one for a specific dealer, and they will only supply cards with the format to that dealer.
Dealers often claim that it provides an added layer of security, allowing them to further tighten the grip against card number duplication.
Stallsmith says that this added layer does little to nothing for security, and it forces the end customer to buy all cards through the dealer.
“The real security here is protecting the dealer's business,” jokes Stallsmith. “Make sure you're buying a format that's generally available from all dealers who sell that product.”
Since most campus cards are used in access control systems, they typically use one of the formats described above. In addition to the unique ID number required for the security system, however, the same card will often need to contain one or more additional unique IDs.
A common ID number that is used by the institution’s campus card system provider is a 16-digit ISO number. Additionally, dedicated user IDs for applications like library checkout are sometimes used.
If you are planning to move to mobile, find out from your intended provider what formats they support and consider migrating your card population to that format.
“In some cases, the access and campus card systems themselves are modified to support a single ID that is stored on the card using a single format,” explains Brooks. “But in other cases, the card contains multiple numbers, each designed to support specific functions.”
Modern, multi-application contactless cards are built to support this exact situation. Multiple numbers can be stored in the same contactless card, and each can use a different format.
Though it is not always the case, most modern access control systems can support multiple formats.
But, as Stallsmith explains, end users typically prefer all their credential types to be programmed with the same format.
“If you are planning to move to mobile, find out from your intended provider what formats they support for issuing mobile credentials,” he says. “And consider migrating your card population to that format.”
