Card, mobile credential, payment and security
Document and card security today is far more complicated than a list of features or materials. To meet modern fraud threats, card issuers – from governments to campuses – need to design documents with comprehensive approaches to protect against attacks along multiple fraud vectors. With foresight and planning, issuers can link and layer the right design, personalization modalities, and security elements to maximize security.
Not so long ago, staying ahead of counterfeiters was as easy as opting for a newer card design and employing a secure printing technology. That was typically enough to keep credentials secure and fakes easy to spot.
“A few years ago, a spoof was good enough,” says John O’Rourke, Director, Product Management for IDEMIA Identity & Security, N.A. “Counterfeiters would use a blank piece of PVC and an ink jet printer to create a card with a similar appearance, but today, that is not what we are fighting.”
Modern counterfeiters are sophisticated, well-financed enterprises with access to industrial card production equipment, advanced materials and techniques. A host of counterfeit ID vendors operate globally, and with such sophisticated operations, the legitimate secure credential vendor community must continue to innovate to stay ahead of fraudsters. And they must do this while still providing secure credentials at price points that are still affordable.
Today, the primary threat comes from a robust offshore counterfeiting industry, protected by the veil of Bitcoin and motivated by the vast potential market of underage drinkers in the US.
By some estimates, the market for fake identification cards is in excess of $100 million in the United States alone. And, while a small percentage of the market for fraudulent credentials consists of hardened criminals, the vast majority of all fake ID purchases are being used as “drinking licenses” by underage people.
Secure card design must combine the right layout, materials, personalization, and security features to guard against alteration and simulation attacks.
The law enforcement problem is that while underage drinking is an issue, it tends to fall below the radar when compared to other more serious criminal uses for fake IDs — “think identity theft and much worse,” explains O’Rourke. These uses of counterfeit IDs greatly concern federal investigators, whose jobs are made harder by the increasing sophistication of the fakes.
The large number of underage drinkers creates something of a subsidy for the highly criminal end of the spectrum. According to US census data, roughly 20 million people are between 16 and 20 years old, and that number stays relatively steady from year-to-year.
Where underage drinkers of the past may have turned to a back-alley establishment with a printer and a laminating machine, today the market has shifted online. And we aren’t even talking about the dark web here.
A simple Google search will yield a menu of commercial providers — many using highly advanced materials and equipment. And, because the transactions are largely done through Bitcoin, they are anonymous and untraceable — not to mention untaxed.
The large, stable demand for fake IDs has attracted a number of online counterfeit providers that are motivated by the highly profitable market. Counterfeit suppliers now compete based on price as well as the quality of fakes offered. For less than $100, a nearly perfect replica credential is available for virtually any jurisdiction, replicating sophisticated security features, intact holograms and even scannable barcodes and magnetic stripes.
The valid secure credential vendor community offers fraud-resistant card substrates to mitigate counterfeiters. Whether it is PVC composite, Teslin, polycarbonate or polyester, there are advocates out there who claim their card material is the counterfeit killer.
Unfortunately, while some substrates are better than others, any card material can be counterfeited. PVC composite is the traditional “sandbox” that fraudsters like to play in, but all materials are available to a fraudster willing to pay the price.
“The most important thing is to approach the credential knowing that no single design element and no single card material will make the card secure,” says O’Rourke. “Multiple layers of fraud deterrence are the only effective approach to building secure credentials.”
Modern counterfeiters are sophisticated, well-financed enterprises with access to industrial card production equipment, advanced materials and techniques
In the past, securing the credential was all about making an unalterable document — something that was highly tamper resistant. But card technology advanced with solid body card substrates and personalization embedded within the document. This made tampering with real credentials more difficult.
So fraudsters shifted tactics.
Now, the vast majority of the counterfeits simulate document material and features, rather than altering original documents. This opened the door to mass production of fake IDs as it is no longer necessary to have an original document to modify.
Secure card design must combine the right layout, materials, personalization modalities, and security features to balance the security protection against alteration and simulation attacks. This must also be weighed against the business needs of card life in the field, location of personalization equipment, and, of course, cost.
The counterfeit ID industry has grown rapidly as an ever-increasing demand combines with the anonymity of the web and crypto currency. Easy access to raw materials and advanced printing equipment enables modern counterfeiters to simulate IDs from virtually any jurisdiction.
The physical card materials can no longer stand alone as the primary security feature.
The key is to issue cards that can be made as secure as possible in the environment required, and at a price point that works — and to make sure that the credentials are employing as many deterrence factors as possible to keep ahead of the rapidly evolving counterfeit industry.
A new secure credential paradigm is needed that extends beyond a list of physical materials and basic security features. This new paradigm must encompass multi-modal personalization, an array of security features, the right materials and a linked and layered design to counter multiple sophisticated fraud vectors.
Transact+CBORD has launched CS Gold 9, the latest version of its long-standing campus ID and transaction system used at more than 250 institutions. Designed to streamline administration and boost functionality, the new release integrates artificial intelligence, improves the user interface, and adds customer-driven enhancements.
Steve Swingler, Senior Director of Software Development, says the AI-powered Ask CS Gold feature has generated strong enthusiasm.
Western Connecticut, University of Tennessee Knoxville, and Vanderbilt were the first three schools to go live. It's released. We're quoting to customers. We're ready to do more installs.
“Admins can ask a natural language question through the web interface, and the AI figures out what they're asking for, queries the database, and gives them back an English language response,” he explains.
Early adopters—including Western Connecticut, the University of Tennessee Knoxville, and Vanderbilt—have reported smooth, simple implementations.
Read Winkelman, Vice President and Campus ID Business Leader, emphasizes that client input guided many of the upgrades. “The ten features that got the most votes in our customer ideas portal were included in this release,” he notes. CBORD even credits the contributing campuses by name in the release notes.
The redesign includes new setup wizards, time-saving templates, and a cleaner interface across 16 of the most-used screens—changes aimed at making the system easier to navigate for both experienced and backup administrators.
Beyond administrative convenience, CS Gold 9’s AI capabilities help campuses analyze student engagement.
“Ask a question and say, ‘give me a list of students who haven't used their meal plan more than once a day in the last week,’ and maybe that’s an indicator that they're disengaged,” says Winkelman. “At least a way to start mining that data and look for students who might need some extra connection.”
Feedback from pilot schools has been overwhelmingly positive, with early users calling the upgrade “seamless” and “a win” for simplicity and usability.
To watch the full interview, click the image at the top of this page.
TRANSCRIPT
Hello there, and welcome to this episode of Campus ID News Chats. I'm Chris Corum, your host and publisher of Campus ID News.
Transact+CBORD just released a new version of the long-standing CS Gold platform. We're going to talk today about the new version that was just released with CS Gold 9 with two of the company's leaders.
Welcome Read Winkelman, Vice President and Campus ID Business Leader, and Steve Swingler, Senior Director of Software Development. A little background on the two of them, it’s been 20-plus years with CBORD for both, 30 for Read, and if you add in Steve's time at Diebold, which became a part of CBORD, he's at 30 years too. Both worked on a campus as well.
Chris: So how about a little history of CS Gold before we talk about the new version, when it came out, how many campuses use it, that kind of thing.
Steve: We came out with the first version of CS Gold back in that time that you referred to when we were at Diebold prior to coming over to CBORD. I think that was 1998, and it's grown to over 250 campuses.
It tends to succeed with our larger campuses where the needs are complex, campuses that are doing some very large access control, but we've got a loyal group of customers that give us great feedback, great ideas, and we'll talk in a little bit about some of that feedback that we made part of Gold 9.
Chris: Gold 9, what's new in this version? What was the goal with releasing it? And what did you learn from clients that went into it?
Steve: The one that we get the most comments, questions, and excitement about, I think, is Ask CS Gold. It's an AI chat interface where the admins can ask a natural language question through the web interface of the existing CS Gold web interface, and they ask a question that's on their mind, and the AI figures out what they're asking for, where that might exist in the database, it queries the database, gets the results, and gives them back an English language, natural language response, and the feedback on that has been fantastic.
We've also done some work based on our admins' feedback to save them time in some of the tasks that have been historically more time-consuming, things like building out a meal plan. We've created a new wizard style that gives them some templates from which they can start, so there's some standard templates. There's also the ability to copy an existing meal plan and then tweak that, so some time savers there, some other wizards for the admins, some export utilities.
But I'm real proud of the work the team did to improve the user interface on more than 16 of our most used screens. There's a new look; there's a new cleaner design to it that we're proud of.
Read: I think one of the biggest things, you kind of hit on it, but we have some of the top requested features from customers that they've submitted ideas to us. We have an ideas portal that they can submit ideas in.
The 10 that got the most votes were included in this, and one of the things that I think was pretty is when a new feature is documented in the release notes, the school that submitted that feature as an idea is getting credit right in the release notes. It's not necessarily the person because people move around, but that school is getting credit.
I think that the things Steve talked about in terms of some of the wizards and the ease of use of the user interface, those are nice things, and you think about, well, that's great.
It makes it easier to use, but that's really by design because if you think about the Campus ID industry, we have a lot of customers who frankly are starting to near retirement age, and even those that aren't are looking to be able to take vacations or have sick time. They have to bring in other people who are doing things with the system and doing some system administration, but they don't do it every day, so the easier we can make the system to operate, the easier it is to have somebody cover and back up a regular system administrator, so that was really part of what we were trying to get after with Gold 9 too.
Chris: One question on the AI thing that you mentioned. Can you give a specific example or two of what someone would ask. When you first said it, I was thinking, you know, what's the weather going to be like today in Tallahassee or something, obviously that's not it, but so what would be a query or something that could be really helpful for a user?
Steve: So you know, one simple example I used just to pick on my boss was I'll ask and show people when was the last time that he went into the office and at what time did he arrive, and you know, make fun of him if he arrived late, but that's just for fun.
You know, you can think of some really complicated questions, and it figures out the answers, so I could ask which locations are doing more than 10% more dollar transactions or number of transactions than they were a month ago, right?
Where am I trending to have the business increase or the same thing with decreases?
You can ask questions to identify students whose activity has declined over a period of time. I can say over a semester, over a month, over a week, and it figures out the complexities of the query, and these are things that we don't naturally have reports in the system to do, but someone on campus will reach out to the card office and say, hey, can you tell me this?
Rather than it being days or weeks long project to figure out how to get a report, they can go type the question and they're getting some remarkably good results.
We had a live demo at a NACCU Near You event in Knoxville. UT Knoxville is one of our beta customers, and now they're live, it's fully released, but they were confident enough in the solution to put it up on the screen live in front of this group of people and type in questions and see it generate the answers, so it's working well for people.
Read: I was just going to say, I think, you know, Steve's point about decline in transaction volume, one of the biggest things that campuses talk about these days is student success and student engagement, and we have all the data in a campus ID system.
Being able to easily ask a question and say, give me a list of students who haven't used their meal plan more than once a day in the last week or some, you know, is that an indicator that they're disengaged?
Maybe, maybe not, but it's at least a way to start mining that data and look for students who might need some extra connection, extra attention.
The other thing that I think it can be really helpful with is I've had, I don't know how many different schools who talk about the fact that students don't always monitor their declining balance funds, and they don't spend it because they're going to the dining hall and they get to the end of the semester and there's all this money backed up that they want to spend.
It's a way to help identify how people are using the system and then proactively reach out to them, whether it's for a student engagement thing or just to make good use of the money. Because kids that eat and kids that sleep do better in school, right.
Chris: Well, you hit on one of my next questions when you said that that UT Knoxville is live. Is CS Gold 9 out of pilot and live at a number of institutions?
Read: Yeah, we, so we had three schools that, and Steve was doing the implementation, so our development team was doing them. Western Connecticut, University of Tennessee Knoxville, and Vanderbilt were the first three schools to go live. They all went live early summer. We wanted to wait till we got through the back-to-school season in a regular load in terms of transactions before considering it generally available, which it is now.
It's released. We're quoting to customers. We're ready to do more installs, but those implementations were very simple. In a couple of the cases, our primary contacts weren't even on campus when we were doing the installations because they didn't need to be.
And since back to school has started, no, no issues whatsoever. Systems have continued to operate really well.
I should also mention Western Connecticut was the first one to go live. UT Knoxville is a mobile credential customer using the, the Allegiant flavor of mobile credential and Vanderbilt is also mobile using the HID flavor and Vanderbilt has some biometrics tied in. We feel like we've really tested all the various use cases that we could have with those three customers.
Chris: You mentioned that it was an easy implementation, but for the next Gold customer that wants to go to version 9, what is the implementation process actually look like?
Steve: If they're familiar with past upgrade exercises, for example if they went from CS Gold 6 to CS Gold 7 or CS Gold 8, it's very similar. Depending on the size and complexity of their system, you know, the downtime will vary significantly. But one thing is there is not a major database version change in this one, so that actually saves some time in most cases. There's no database conversion required.
Chris: I assume since the two companies came together that Transact releases might have some ties to see previous CBORD clients or products and back and forth. Are there some new things in Gold that tie to some of the Transact products?
Read: Yeah, we're doing a couple of things. One is, as you might imagine, all of the devices around the perimeter of the core system – so point of sale, access control – we're looking to make those as consistent across all the products as possible. So, when a customer wants to move from gold to, to IDX, they're ready.
But we've got CS gold customers that are currently implemented with our cloud point of sale solution, which is a Transact point of sale solution that we've had for a while that includes mobile ordering.
We've also taken our CS Access portion of CS Gold and we're live with an integration to TSE, which is a Transact campus ID system, the predecessor of IDX that's live now as well.
So yeah, absolutely. We're looking to tie things together so that when a customer wants to move to IDX, they're ready because all of those tie ins are already set up.
We're not trying to push anybody to move, but we want them to move when they see the feature and the value that makes them want to move.
Chris: Any client feedback that stands out like from the early three, I'm sure it's all good, but is there something that makes you, that made you go, wow, this is, this is great to hear?
Read: Rebecca at Western Connecticut keeps sending us emails of feedback she's got from people that interact with the system that are just sort of giddy about how easy it is to use. She's called it a win. Knoxville the upgrade was simple. Vanderbilt called it a seamless transition. It’s hard to ask for anything better than that. I think people are happy with the functionality and getting value out of it.
Steve: Sometimes it's the little things. We added a real simple export button to the patron groups interface. That was requested somewhere along the way and we thought, okay, well, that's, that's not too hard to do.
Rebecca showed that to a group of RAs for the first time and they were just elated. Now, you can imagine there's some patron groups associated with residents in a particular building and to be able to just download that list and use it however they want to use it was an exciting new feature for them.
I never imagined that that would excite anyone.
Chris: If somebody wants to learn more about CS Gold 9 or an existing customer wants to talk about upgrades, where do they reach out?
Read: Best process is to talk to their account executive. If they don't know who that is, my email address is CRW at CBORD.com. I'm happy to field anything. But if contact your AE, you'll get probably a faster response and a little more detailed as well.
Chris: Read, Steve, thanks so much for joining us and filling us in on the latest and greatest with the new version and to all those folks listening or watching or whatever you want to call it.
As always, I appreciate you being here and if you have any suggestions for a future episode of Campus ID News chats, shoot me a note at chris at campusidnews.com.
Josh Bodnar, Director of BuckID at Ohio State University, shares his experience transitioning the university from Transact’s legacy access control system to LenelS2 NetBox.
“A lot of schools are facing the fact that Transact's legacy hardware is going end-of-life and end-of-support, so most of us are looking at what's next,” Bodnar explains.
Creative approaches are allowing Ohio State to extend the life of its existing hardware, save on replacement costs, and phase upgrades strategically.
Ohio State's migration leverages Mercury panels while reusing existing Transact readers, allowing the university to maintain flexibility and reduce costs. “Now is a good time for us to go to Mercury – it is a more open – and if anything changes in the future, we've got a lot of possibilities,” he says.
The project focuses on both upgrades and new installations.
Existing Allegion offline locks that read the magnetic stripe are being retrofitted with new radios and tap heads. This takes an insecure mag stripe offline reader and converts it to an online, wireless contactless reader.
Bodnar highlights the practical benefits of this approach saying it allows Ohio State to extend the life of its existing hardware, save on replacement costs, and phase upgrades strategically.
“We were very fortunate that Transact, Lenel, and Allegion all came to the table to help us figure out how can we get into a new access control system, upgrade what we've got, and make it as painless as we can,” he says.
He also describes these upgrades as an essential step in the path to mobile credentials.
To watch the full interview, click the image at the top of this page.
TRANSCRIPT
I'm Josh Bodnar and I am the Director of BuckID at Ohio State. I've been there six years now. We have multiple access control systems on campus, and I manage one of them.
In student life – which is where Buck ID sits, the residence halls, the rec centers, the student union – those are all in our access control system.
Historically, we used Transact’s legacy door access platform, but we're currently in the middle of a large project to move over to LenelS2 NetBox.
A lot of schools are facing the fact that Transact's legacy hardware is going end-of-life and end-of-support, so most of us are looking at what's next.
We decided to move to Mercury panels. We're reusing the existing Transact readers, at least the newer tap ones. They do have the capability of being OSDP, so we're reusing those readers on our hardwired installations where we have them.
The nice thing is it's becoming a little more open, so in the future, we have the choice of HID’s wired readers, Allegion’s wired readers, and the Transact wired readers that are still out there, in addition to Lenel’s Blue Diamond readers.
So at this point, where it's historically on our old system, we only really have the choice of using Transact proprietary door readers, now we've kind of got that whole ecosystem available to us.
So right now, we're using a lot of what we have just from a cost savings perspective, but it's nice that we've got that all available to us now.
We also like that, you know, now is a good time for us to go to Mercury. The idea is, you know, Mercury is a little more open. If anything changes in the future, we've got a lot of possibilities.
And then Lenel S2 was the right partner for us on the access control side, because they have the ability for us to reuse some of those older Transact panels. So, I don't have to upgrade all my panels in the field right now. I've got a little time.
Now, anything that's in the support, obviously, I don't want to leave it out there past the end of the support date, but I've got another year, year and a half before that comes up. It gives us some flexibility.
So we were very fortunate.
Transact, Lenel, and Allegion all came to the table to help us figure out how can we get Ohio State into a new access control system, upgrade what we've got, and make it as painless as we can.
I'm not going to say it's a painless process, because it's not. But with all those partners involved, they've helped us to make it less painful.
One of the big parts of this project we're doing right now, we had eight buildings that we constructed all at once about 10 to 15 years ago – our North Residential District.
At the time, we put in Allegion’s offline locks, the 8250 series.
As part of this project, we're actually going to take those existing locks, that existing investment, and just upgrade it.
We're able to take the back cover off, put a radio on it, take the old mag head off, put a tap head on it. And now those locks we've had for 12 years now are like a whole new system. They're going to be online. They're going to be tapped as we get ready for mobile.
So that's a big part of what we're doing right now, is trying to position ourselves where mobile could be possible.
I'm very jealous of all my friends and colleagues who have made it there. It's going to take me another couple years, but this is a big step in that direction.
And the ability to just upgrade that stuff.
So in places where we have existing hardware, if we can upgrade it, maybe flash new firmware to it, keep it, leverage that existing investment. 100% of the time, that's what I'm going to do.
When we're looking at new installations, some of it will be, you know, what's availability? We all remember what happened during COVID.
Supply chains, some manufacturers, you know, there were times where HID was back, six to eight weeks minimum, and sometimes months, and then, you know, it would change, and then it's Allegion six to eight months back.
I tend to be agnostic. I have great relationships with all the partners in the space. I think we're very fortunate and higher ed that we have such good partnerships with all the suppliers that are out there.
It's just, who's got what I need right now and what's pricing? The rest of it is what's the application.
If we're building new construction, we're looking at exterior doors or high traffic interior doors, 100% of the time, I'm going to hardwire that. I don't want to have to deal with batteries if I don't have to.
All that can be done as part of a project. 100% of the time, I'm going to go that direction.
It's easier for us. You're not getting into batteries. You don't have to deal with wireless signals and all of that.
But the flip side of that is if we're in a retrofit situation, maybe we're doing a couple of doors, interior doors and office suite, and t's really cost prohibitive to do the whole full line where you're not getting into a door, getting into a frame.
In those cases, that's where we're really looking at wireless locks because they bring that cost way down. If it's a brass key or a wireless lock, I'm going to push us towards the wireless lock in those retrofit situations.
People laugh at me if I say, “it's going to be about $10,000 to put full online access control.” They're like, well, that's funny. No, not going to happen.
A wireless lock can cut that cost in a quarter maybe, maybe a little less depending on if you've got infrastructure in place already.
I'm starting to look at some of the new biometric stuff that's out there. We don't have a huge biometric presence right now. We've got some on our athletic facilities, but it's a lot older biometrics, a lot of fingerprint readers.
I’m really excited about some of the facial recognition. Or facial authentication, I learned that there's a difference there.
I love that facial authentication technology where you can take the ID photo so you're not having to capture a biometric template. You can take a photo you already have and then have the reader recognize the person and build the template on the fly.
I'm really interested in some of that. I'm not sure kind of where we use it yet. Very interested in seeing if our athletic department's open to that. They're kind of on their own system with their own biometrics right now.
I'd love to get them kind of more integrated with the rest of campus, especially if I can tell them, you can get rid of all this biometric profile capture that you're doing now. I've got the photo; facial authentication readers are available. Is this something where we could work together and maybe take them to the next level?
So kind of excited about that.
And then I'm really excited to try and get us in a place where mobile can be possible for us. I mean, the last 10 years, that's kind of been the thing. That's what everyone's working towards.
We've got a lot of legacy stuff and we're starting to finally make some real strides into getting to where we've got the readers that can get us there.
The NACCU Annual Conference is known for its exceptional educational content. Key to that is participation from higher education leaders willing to share their knowledge with peers from other institutions. The deadline to submit presentation proposals is coming soon, closing on Monday, December 8, 2025.
This year’s conference will take place April 19-22, 2025, just across the river from Cincinnati, Ohio in Covington, Kentucky. Consider presenting an individual session or leading a group or panel discussion. Options include:
Submitting a proposal is quick and easy. Using the online form, you provide some basic details and a brief session description (up to 100 words). You will also be asked to provide several sample questions you will use to engage the audience, as well as two things they will learn from the presentation.
You will specify the ideal audience for your presentation – beginner, intermediate), or advanced – and select up to three areas topic areas:
Each presenter must be a NACCU institutional or corporate member. If you are not a current member, this is an ideal reason to join.
Speakers will be notified regarding their proposal’s acceptance on January 6, 2025.
To learn more or submit your proposal, click here.
In this episode of CampusIDNews Chats, Dave McQuillin, co-founder and VP of Sales and Marketing for Atrium Campus, shares how new technologies are reshaping campus dining and retail operations.
McQuillin says colleges are turning to semi-autonomous and fully autonomous solutions to meet evolving student needs and overcome staffing shortages. “Students these days really expect to have great food options available 24-7 because that’s how they live,” he explains. Traditional hours no longer meet expectations, and it’s increasingly difficult to staff late-night or off-hour locations.
At UGA, Atrium worked with AiFi to deliver a fully autonomous retail store that doubled sales and reduced shrinkage from high double digits to less than 2%.
Atrium’s partner ecosystem includes semi-autonomous solutions like Mashgin, which uses AI and computer vision to scan items instantly. “You grab what you want, you put it on a tray, you hit pay, and it uses AI algorithms and cameras to ring that check up very quickly,” McQuillin says. Average transaction times are just 12.5 seconds—significantly faster than manual self-checkout—and shrinkage is reduced.
Atrium also supports fully autonomous retail, integrating with technologies like Zippin and AiFi. The University of Georgia’s AiFi store, for example, “doubled sales, reduced shrinkage from high double digits to less than 2%, and students are super happy,” McQuillin reports.
To watch the full interview, click the image at the top of this page.
TRANSCRIPT
Atrium is an a la carte, cloud-native campus card program that supports mobile credentials, meal plan management, and the full suite of one-card offerings.
One of the trends we're definitely seeing in higher ed is a shift to semi-autonomous and fully-autonomous dining in retail.
Why is that important?
Students these days really expect to have great food options available 24-7 because that's how they live.
Locations that are just staffed from 8 to 5 p.m. just don't cut it. Staffing shortages also have been a driver for this. It's increasingly hard to find staff that will work the hours that are required. But more than anything, it's about improving the student experience.
Some of the solutions that we have been bringing to market through our partner program include Mashgin, which is a semi-autonomous solution.
You grab what you want, you put it on a tray, you hit pay, and it uses AI algorithms and cameras to ring that check up very quickly.
In fact, Mashgin talks about an average transaction time of 12 and a half seconds, much faster than self-barcoding items.
The other advantage of that technology is it reduces shrinkage. A lot of universities are struggling with this when they have unattended self-serve checkouts, which rely on the integrity of the students to barcode every item.
In addition to Mashgin, we have integrated with services like Farmer's Fridge, Just Baked, Costa Coffee, Vicky the AI-powered vending machine, and Robo Burger. It seems like almost every other week there's a new robot-driven vending machine that's coming to market, and we are able to onboard those services very, very quickly.
Now, the other category in that area is fully autonomous.
Our first foray into that was to integrate with Zippin at Towson University. In addition to Towson, we have UNLV that also has a Zippin store.
But true to our roots, we want to give clients lots of options, so we just recently integrated with AiFi, which is another leader in the fully autonomous store space. We had a very successful opening of the AiFi store at University of Georgia.
They report that sales doubled, shrinkage dropped from high double digits to less than 2%, and students are super happy.
They're so happy with the results that they've already released a PO to Atrium to open a second AiFi, fully-autonomous store in their student center.
As we've discussed, there's a lot of change in the air.
Clients are looking at end-of-life with their campus card system, or their point of sale, or their access control.
They're looking to elevate the student experience.
What we would like is to have a conversation with those clients. Give us a call. Give us an opportunity to talk with you. I think you'll find that Atrium could be a very good fit for your campus.
VandyCart is Vanderbilt Campus Dining’s new mobile grocery ordering program designed to give students a fast, convenient way to buy groceries on campus.
Using the Transact Mobile Ordering app and Vanderbilt’s single sign-on, students can choose from more than 150 products and place an order for pickup at several convenient on-campus locations. Products include fresh produce, frozen food, and common kitchen staples.
The service provides flexibility for students to use their meal plan for items they can use to eat or prepare meals at home.
They can spend up to three meal swipes per transaction. Each swipe is valued at $12. They can also use Commodore Cash, Meal Money, or a debit/credit card. Students are limited to six meal swipes per week through VandyCart.
VandyCart is a great example of how an institution can expand the use of things they already have in place – dining facilities and mobile ordering tech – to add new services for students.
Other common non-food convenience store items are also available, but meal swipes cannot be used for these purchases. In this case, Commodore Cash, Meal Money, and debit/credit cards are accepted.
Orders can be picked up during four specific two-hour time windows each day. The windows are 9-11 am, 1-3 pm, 5-7 pm, and 9-11 pm. Students select their pickup window and must arrive during that timeframe. If they do not, their groceries are removed to make room for the next round of orders.
Pickup is offered at four campus locations, including Vanderbilt’s three Muchie Mart grab-and-go markets and its Rand Dining Center.
VandyCart is also making it easier for students to order a healthy meal when they’re sick and not able to visit their dining hall. Campus Dining’s popular Get Well Meals program is now available via VandyCart on the Transact Mobile Ordering app.
Students can order a nourishing meal that can be picked up by a friend or roommate.
Each Get Well Meal kit is designed with health in mind. Breakfast includes Oatmeal, fruit, Gatorade, and a protein bar. Lunch and Dinner feature Soup (vegan or non-vegan), fruit, Gatorade, and a protein bar.
VandyCart is already seeing an average of 400 orders per week and serving 200 unique users per week.
Orders can be paid for using a meal swipe, Commodore Cash, Meal Money, or debit/credit cards. Orders can be picked up at one of four dining locations.
VandyCart is a great example of how an institution can expand the use of things they already have in place to add new services for students.
Through creative utilization of existing kitchens for food prep, dining halls for pickup, and c-stores for basic items, the service required no additional facilities. By adding this new feature to the institution’s already deployed Transact Mobile Ordering app, additional tech investment was not required.
Grocery pickup provides a new service to boost the student experience, and it provides added value to the meal plan offering.
Though new, it is already showing promise.
According to an article in the Vanderbilt Hustler, Campus Dining reports that VandyCart is seeing an average of 400 orders per week and serving 200 unique users per week.
Modern identity cards and credentials rely on encryption for security. It is what separates a smart card, high-frequency contactless card, or mobile credential from older insecure technology such as low-frequency proximity cards, magstripes, and barcodes.
But what is encryption and how does it work in the credential world?
At the heart of this question is the encryption key, a string of data used to encode and decode information. In most card systems, there is a secret key that is shared between the card and reader enabling secure transactions to occur within the system.
Each concept is applicable to both cards and mobile credentials, and understanding them is key to making informed decisions for your campus card program.
“You can think of it as the variable in an equation – the equation stays the same, but the variable can change,” says David Stallsmith, ColorID’s Director of Product Management. “The credential and the readers must know the correct secret key to encrypt and decrypt the identity data.”
Only then will they communicate to open doors or conduct transactions. That's why encryption is the key to security.
Traditionally, most manufacturers have used their own standard encryption key in all their clients’ readers and cards.
Of late, however, there has been a push by some end users – including some campuses – for custom keys. Rather than using the manufacturer’s standard keys, these clients have requested dedicated keys unique to their system.
There are benefits and drawbacks to both approaches.
Standard or non-custom keys make ordering and provisioning of new cards and readers easier, faster, and sometimes cheaper. That is because the manufacturer does not need to customize them for the individual client.
But that positive also comes with a negative. Using the manufacturer’s standard key ties you to that manufacturer for cards and readers. The ability to order from multiple suppliers is reduced or even eliminated.
People that owned their custom keys during the pandemic had more options for card stock suppliers, but since the supply chain bounced back, that benefit has pretty much evaporated.
Another drawback of non-custom keys is that if the manufacturer’s standard key is compromised, it could impact all client sites. This could require replacement or reprogramming of all cards and readers.
Protection against a compromise at the manufacturer level is a benefit of custom keys. If it were to happen, end users with custom keys would not be impacted. It is important to remember, however, that custom keys are not immune to compromise. If not properly protected, they are arguably as vulnerable as non-custom keys.
“Depending on what type of card it is and how you manage that custom key, it can give you the ability to do other things,” says Todd Brooks, Vice President of Products and Technology at ColorID. “It can provide a bit of freedom as far as how you get your cards and how you encode the cards.”
For example, with custom keys the end user can program cards on their own rather than relying on the manufacturer do it. This allows them to buy cards from multiple suppliers.
“People that owned their custom keys during the pandemic had more options for card stock suppliers,” says Stallsmith. “This cut months off their lead time for card orders, but since the supply chain bounced back, that benefit has pretty much evaporated.”
Determining whether you want custom or non-custom keys is just the first decision. Next you need to decide if you’ll have your manufacturer hold those keys on your behalf or if you want to hold your keys within the institution.
At face value, holding your own keys – what some industry vendors call ‘owning your keys’ – seems like the obvious choice. Again, however, complexities arise.
Managing the keys yourself can be expensive and if not done properly can leave you vulnerable.
Most campuses wanting the benefits of custom keys have determined that they are not ready for the responsibility and liability of managing those keys on their own.
“When the manufacturer is holding the custom keys for you, there's security in that,” explains Brooks. “Managing the keys yourself can be very expensive and if not done properly can leave you vulnerable.”
Though far from the norm, he says, a small number of campuses have opted to manage their own keys, control their entire ecosystem, and decide how they're going to make their cards work on the different reader models they wish to use. It takes a more effort and more IT expertise, but it can be done.
Whether an institution uses custom keys or not, data needs to be encoded on the cards.
“Generally, cards are pre-programmed by a manufacturer like an HID or Allegion even if the end user has a custom key,” says Brooks. “In some cases, however, the campus will do it themselves either in the card printer using ID software or with a desktop device or USB reader.”
The idea of holding your own keys so you have total control of your system is attractive, but the practical application is limited.
To accomplish this, a Secure Access Module (SAM) that is purpose-built to securely stores keys is used.
“Whether it's a USB device or it's in the printer, it's basically the same SAM module,” says Brooks.
Very few campuses have taken on the responsibility to own or hold their own custom keys, so it is difficult to measure the value of doing so. Conceptually there are benefits, but they may just be conceptual at this point.
“The idea of holding your own keys so you have total control of your system is attractive, but the practical application is limited,” says Stallsmith.
He uses the example of a campus holding the custom keys for their DESfire cards. If the institution decides to change their access control reader manufacturer, it is true that holding keys could streamline the process. But there are only a few reader manufacturers to choose from, and ripping and replacing one access control reader for another is not an attractive or common decision.
“Sure, you can hold your own keys, but it's not like all of a sudden your world is going to dramatically change,” he says. “But if you have a very specific use, then then I guess it could be helpful.”
Encryption keys and transaction system providersIt is a common question: If I have custom keys or if I hold my own custom keys, does it make it easy to switch from one transaction system provider to another? The real question is more nuanced. You are really asking: Could I switch providers but continue to use my existing cards and readers?
In theory, you could because DESFire and other modern contactless credentials can store multiple applications on the same card. In most cases, however, the prior application will not work in the other transaction system provider’s readers and system.
“Just because you own your key doesn't mean that application you create using it will work on the different readers,” says Brooks. “It may require you to put two, three, or four different applications on the card itself to work with the reader infrastructure from the different transaction system providers.”
Think of it this way. You have an application on your card that is used in transaction system vendor #1’s platform. You replace vendor #1 for vendor #2. Just because you hold the encryption key and that key was used to create the first application does not mean it will work in vendor #2’s platform. The data, the format, and other elements would likely make them incompatible.
Of course, with modern multi-application cards, you could reprogram the cards to add a new application that supports vendor #2’s system, but that is easier said than done. It would require you to touch every existing card to add the new application. In a campus environment with thousands or tens of thousands of individual users, it just is not a realistic ask.
Stallsmith states it this way: “In a university setting, you don't get cards back.”
Though it garners a lot of discussion, it is rare for higher ed institutions to own or hold their own encryption keys. It can be costly, and it requires solid IT capability and commitment.
“I would say the key ownership discussion so far is largely theoretical,” says Stallsmith. “We've helped a number of customers get custom keys from manufacturers, which is often not easy because they haven't had to do it much.”
With OSDP you can centrally roll keys and not have to go from reader to reader to make changes. That makes the conversation around custom keys a lot more interesting.
This may change as access control readers move from using the older Wiegand protocol to the new OSDP protocol in greater numbers.
With the Wiegand protocol, the access control system can receive data like card numbers from the reader, but it cannot send information to the reader. The OSDP protocol, on the other hand, facilitates two-way communication between readers and the access control system. This enables the system to send new encryption keys to readers remotely without requiring a human to visit each reader for manual updates.
“With OSDP you can centrally roll keys and not have to go from reader to reader to make changes,” says Stallsmith. “At that point the conversation around custom keys is going to get a lot more interesting."
For most campuses, that's years away. For those with the means to do it now, however, there are more options.
The large card and reader manufacturers have been creating credentials with secure encryption keys for decades now.
While security breach and system compromise should always be top of mind, neither Stallsmith nor Brooks could point to a single instance of card or credential compromise at a systemwide encryption key level. This is true for both manufacturer’s standard keys and end user custom keys.
So, while real, to this point the threat is likely overblown.
Traditional large manufacturers are incredibly consistent at programming and delivering readers and cards. Another manufacturer may give you a custom key, but they may have a devil of time making cards on time.
This leads Stallsmith to point out that there's another side to the custom key discussion. He says that the traditional large manufacturers are incredibly consistent in their ability to program, update, and deliver readers and cards that work together.
“You just buy their readers, and you buy their cards, and everything works,” he says. “You can go with another manufacturer, they'll give you a custom key, but they may have a devil of time making cards on time.”
Perhaps the lesson is that it's not just the concept of the custom key that should determine what readers and cards a campus elects to use.
Like most decisions, there are many factors at play. In this series of articles, we addressed three of the most important – chips, formats, and encryption. Evaluating each of these concepts can help you make the best decisions for your campus.
Genius, a unified Point-of-Sale solution from Global Payments, is now available for colleges and universities through TouchNet, A Global Payments company. Genius helps drive commerce and simplify back-end processes for higher education by integrating with existing campus systems, centralizing payment operations, and delivering real-time transaction data.
Data protection is a central component of the Genius solution. The system uses end-to-end encryption (E2EE) to protect payment information and maintain compliance with PCI standards.
With Genius, institutions can accept campus card tenders, credit and debit cards, mobile wallets, and gift cards, both in store and on the go.
For campus dining, the solution supports mobile and kiosk ordering, digital menus, and meal plan management. This allows institutions to efficiently manage the spectrum of different transaction types expected by modern students
Global Payments recently expanded the Genius POS solution specifically for the higher education market. The solution provides a unified payment experience across campus facilities, including bookstores, dining services, recreation centers, and student organizations.
For campus retail and food service environments, key benefits include:
By integrating with student information and financial systems, Genius allows institutions to coordinate payments across departments while maintaining consistent reporting and security standards. Introducing a unified Point-of-Sale solution for higher education is designed to consolidate previously fragmented systems, reduce reliance on cash, and improve payment efficiency across campus.
Foodservice directors are quietly transforming a major cost center into a strategic advantage. The line item? Takeout containers and food packaging.
Across North America, campuses spend tens of thousands of dollars on disposable packaging for dining programs. Rising costs, zero-waste mandates, and student expectations around sustainability are prompting foodservice teams to reconsider the logic behind all that trash.
One model is standing out: managed reusable container programs, powered by new technology.
Instead of purchasing thousands of single-use containers each month, schools are adopting systems where guests check out with reusable containers and return them later. While the concept of reusable packaging isn’t new, what has changed is the technology making it practical, scalable, and trackable—without adding operational friction.
With no app or token required, signup friction is reduced. Instead, students can use their campus card from Transact + CBORD, TouchNet, and Atrium.
At Reusables.com, we are driving this shift offering North America’s leading reuse platform that provides the hardware, software, and logistics to run a closed-loop container program. Reusables.com is already live at more than 15 campuses in the US and Canada, including UCLA, Pomona College, UC Riverside and the Rochester Institute of Technology.
With Reusables.com, guests simply tap their campus card or credit card to borrow a container. No app download is required. Containers are returned to smart bins that track usage, send return reminders, and keep staff updated in real time.
Reusables.com supports an array of container options
Other reusable container programs failed in the past due to low return rates, poor guest experience, and staff overload. New systems like Reusables.com have solved for these problems with:
This modern approach helps foodservice teams pilot quickly, scale efficiently, and unlock savings without needing new headcount.
One mid-sized university processed 150,000 checkouts with a 99% return rate
Reusables.com is now in use at US institutions including UCLA, Pomona College, UC Riverside, RIT, as well as Canadian schools like the University of Guelph.
At UCLA, the system integrates directly with student cards and allows for credit/debit accountability as well. Students tap their ID or credit card and skip any extra app setup. At UC Riverside, the dining and sustainability offices implemented Reusables.com as part of their broader climate strategy.
Schools using Reusables.com report packaging cost savings of 30 to 50 percent annually. Because containers are reused hundreds of times, campuses cut costs, reduce landfill waste, and avoid the hassle of managing deposits, tokens, or manually tracked systems.
Another campus saw a 50% drop in disposable packaging spend, fewer stockouts, and higher student satisfaction.
One mid-sized university processed 150,000 checkouts and reported:
Another school reported a 50% drop in disposable packaging spend, fewer stockouts, and higher student satisfaction.
Self-service stations make it easy to checkout reusable containers
At the University of Guelph, the dining team integrated Reusables.com to support its zero-waste goals.
With Reusables.com, we have real-time insights into our container program and clear sustainability metrics,” says Brooke Gregoire, Manager of Hospitality Services. “Returns process smoothly, and our team no longer spends time chasing containers.”
Guelph now runs 15 smart return stations across campus. Their system gives students five days to return containers before applying a refundable $7 fee. The dining team reported less time spent managing inventory and a drop in waste and supply costs.
Reusables.com Container Return Station
Mainstream news outlets are paying attention to this trend. In September 2025, The Wall Street Journal profiled the shift in its piece, “That Single-Use Coffee Cup Could Be on the Way Out.” The article spotlighted how institutions are evolving from small pilots to permanent infrastructure in response to regulatory and financial pressure. Reuse, the Journal noted, is emerging as a cost-saving and compliance-ready strategy.
Several trends are pushing campuses toward reuse:
For many institutions, reuse is no longer just a sustainability talking point. It is a financial and operational priority.
At Reusables.com, we view ourselves as a technology partner, not a container company. Thus, our role is to help foodservice teams launch and scale reuse without friction.
Reusables.com’s Waste Nothing Guarantee assures a 99% return rate, savings of at least 30% and $5,000 in new revenue during the first semester — with no up-front cost.
Book a demo now to get a free ROI estimate for your school’s container program.
In this CampusIDNews Chat episode, we talked with Tim Nyblom, HID Global’s Director of End User Development for Higher Education. He outlined three key innovations shaping campus identity and security.
One of the most transformative changes is the expansion of mobile credential options. “The tech giants engaging in this space and are now opening up different channels, different partners, and different integrations,” says Nyblom. “[With this,] different companies will be coming into this space to be able to offer wallet-based solutions.”
Apple and Google are now opening up different channels, and this will enable new companies to offer wallet-based credentials.
This will give institutions the ability to adopt mobile access in ways that best fit their environment.
Nyblom also points to biometrics as a major area of progress. HID recently introduced a new facial biometric reader called Amico, designed to enhance campus security.
“Universities have been asking for this for a long time,” he explains. “There are different use cases on campus, from recreation centers, athletic buildings, server labs, data centers, medical campuses — anywhere you want that extra layer of security.”
Another key development centers on HID’s Mercury controllers, the long-standing backbone of many access systems. Their open architecture controller gives institutions freedom to integrate new solutions and providers without costly hardware replacement. “You have the ability to pick and choose your partners and not have to rip-and-replace readers,” Nyblom says.
With so many advancements converging, Nyblom says the current environment in higher education identity and security is “ever-changing and exciting.”
To watch the full interview, click the image at the top of this page.
TRANSCRIPT
It's an exciting time in the higher education industry. There's so much happening, so much innovation, so much new technology entering this space. There’s more flexibility, more choices for universities than ever before.
One example is obviously mobile credentials. It has been a huge topic over the last couple of years and what's really exciting is there's now going to be more choices than ever.
The tech giants have been engaging in this space and are now opening up different channels, different partners, and different integrations.
Different companies will be coming into this space to be able to offer wallet-based solutions and mobile access-based solutions using an app as well like we've been doing for a very long time. There's just a lot more choice and flexibility that universities now are going to be able to take advantage of.
Another example is innovation in the biometric arena. We have a new facial biometric reader called the Amico that we're super excited about. Universities have been asking for this for a long time. There are different use cases on campus, from recreation centers, athletic buildings, server labs, data centers, medical campuses – anywhere where you want that extra layer of security.
Another example on the innovation side is around our Mercury controllers. It's been the leading controller in the industry for a very long time.
One of the greatest things about Mercury is that it is an open architecture platform where you have the ability to pick and choose your partners and not have to rip and replace hardware.
Recently we just introduced the latest line, the Blackboards as they're referred to or seen on the MP controller side. It really gives universities a ton of flexibility. As systems are going end of life, universities are now being able to take control of that hardware and protect themselves on all future investments.
We are talking a lot about this, we're getting a lot of questions, our partners are bringing a ton of opportunities around the Mercury controller and it's a really exciting time.
These are just a few examples of what's happening in this space, it is a great time to be in this industry, it is ever-changing, there's so much excitement and passion right now and, our team is here. If you ever need us, please feel free to reach out.
We want to be that trusted advisor and make sure that you are making the best decisions for your institution.
