Card, mobile credential, payment and security
In this episode of CampusIDNews Chats, Tony Erskine, Founder and CTO of CloudCard, shares how the company’s Remote Photo solution simplifies the process of student ID photo submission. Since its start in 2015, the company has grown into a widely adopted mainstay across higher education, working with all major one card providers.
We’re making it feel like magical photo elves took a picture of your student for you and then dropped it into your one card system.
“Basically, we’re trying to make it feel like magical photo elves went and took a picture of your student for you and then dropped it into your one card system,” says Erskine.
Remote Photo eliminates the need for students to visit the card office, instead allowing them to upload pictures through a streamlined, AI-enhanced workflow. The system automatically removes backgrounds, enforces consistent sizing, and prompts students to resubmit photos if they don’t meet requirements.
When CloudCard first launched, every student photo had to be moderated manually. But as AI technology evolved, the company integrated automated classifiers to approve or reject submissions. Today, a photo goes through about two-dozen classifiers or checks prior to approval.
Some institutions rely fully on automation, while others keep human review in place.
“The students don’t always read, and that’s okay because I don’t always read,” Erskine jokes, highlighting how the system helps students correct mistakes without slowing down the process.
Beyond photos, Remote Photo now supports government-issued ID verification. Students can upload a passport or driver’s license alongside their ID photo, and CloudCard’s system uses facial recognition and optical character recognition (OCR) to confirm identity details. This reduces the burden on card office staff and eliminates the need for in-person verification.
By blending automation with flexibility, Remote Photo not only saves staff time but also meets students where they are—online, mobile, and expecting convenience.
To watch the full interview, click on the image at the top of this page.
I'm Tony from Remote Photo by Cloudcard and we are an online photo submission system that got its start out of Liberty University where I built their system in 2014.
In 2015 we launched right here in NACCU, so it's actually our 10 year anniversary coming to NACU and kind of like a homecoming.
So what do we do?
We capture photos, we make it so that the students don't have to come into the card office at all, especially when you compare it with mobile credentials or something like that.
We provide an AI-enabled workflow because to be honest students always don't always take the best photos, right? So, we'll remove background, we'll crop it, consistent aspect ratio and size and all of that.
And then on top of that we tell them when they do things wrong. Because you know what? The students don't always read and that's okay because I don't always read.
We don't hold them to that. We just tell them we can't take that photo and then we make them take another one.
Basically we're trying to make it feel like magical photo elves went and took a picture of your student for you and then dropped it into your one card system.
We started pretty small back in 2015 with three customers. So, a quick shout out to Pacific, ODU and Mercer University who took a chance on us early on which is super awesome.
And now we are, gosh we've partnered with pretty much all the one card systems. It doesn't really matter who you're working with or what you're doing.
We're kind of the standard for online photo submission in higher ed and it's really great to be here at NACCU and working with all our great partners.
Early on when we built the first iteration of the system, every single photo had to be moderated by a human being, and as we got into the 20-teens computer vision was coming along. In 2017 we built as far as I know the first ID photo classifier where we were able to look at a photo and say yeah this photo belongs on an ID card or no it doesn't.
That has allowed many of our institutions to completely delegate that to what we call “Helper Robot” because you know he's kind of helpful. We've added on to that over the years so we've gone from a single classifier to right now there's there are probably two dozen smart filters that a photo passes through on its way through the workflow.
Some of them will auto deny some of them will auto approve but some of our customers still look at every photo because that's what works for their workflow and that's totally cool.
Speaking of AI, we are now able to take a government issued ID like a passport or driver's license, and we can accept that at the same time we accept their ID photo. Then we do facial recognition, and we do optical character recognition to read the driver's license. We compare their name or their address or whatever it is that you want us to check for on the ID.
Again it allows you to offload some of the work that was previously done by a human where now they don't even need to come in for you to verify their ID. It's really helped out a lot.
If you're interested in learning more about Remote Photo or if it seems like it might be a fit for your organization, you can check us out online. The first step would be for us to schedule a quick 15-minute call to see if there's a fit and if there are problems that we can help you solve. We'd love to talk with you.
In the second article in our series titled Chips, formats, and encryption – we explore card formats. In the previous article, we learned that chips store and process data, but it is the format that defines the specifics of the data – the number of digits in the string and what each area of the string means.
Consider this series of digits, 2024567041. Now look at it this way, (202) 456-7041. An established format defines that a phone number will include ten digits with the first three standardized as the area code.
The format provides order, but the format is not the actual number. That unique number identifies – or dials – the White House.
Similarly, a format defines the way data is stored on the credential, but each cardholder has a unique number.
You often hear an end user say ‘I have a 35-bit card,’ but they are confusing the 35-bit format with the card or chip itself.
For identity and access control professionals, the differences between chips, cards, formats, and numbers are subtle. They are, however, crucial to managing systems.
Understanding the options within each category can ensure you make the most appropriate selections for your campus. It is also crucial in ongoing purchasing processes to make sure you are specifying cards, formats, and numbers that will work in your environment.
Each concept is applicable to both cards and mobile credentials, and understanding them is key to making informed decisions for your campus card program.
“It is always a challenge to explain to customers the difference,” says Todd Brooks, Vice President of Products and Technology at ColorID. “You hear ‘I have a 35-bit card,’ but they are confusing the 35-bit format with the card or chip itself.”
He explains that the same format can be used on any card type, because the format is just the way the data is parsed.
The 26-bit format – also known as the Weigand format – is the oldest and most common. It allows for the smallest number of digits, however, and this provides limitations.
A bit is a binary term for a zero or a one. Thus, 26-bit format consists of 26 zeros or ones laid out in a specific pattern. The initial bits form the three-digit site code with 256 total options. The remaining bits form the ID number with 65,536 options.
The initial bits form the three-digit site code with 256 total options. With that limited number of unique codes for organizations worldwide, there are plenty of duplicates.
The limitation is that with only 256 site codes for organizations around the world, there are plenty of duplicates. While 65,536 seems like a lot of unique numbers, many organizations have thousands of cardholders.
Any card reseller worldwide can issue 26-bit cards so there is no control over numbering systems.
“Because 26-bit is an open protocol, no entity is managing the number range so if care is not taken when placing orders, programmed ID numbers can overlap from one order to the next,” says David Stallsmith, ColorID’s Director of Product Management. “If this occurs, the new batch of cards cannot be entered into your system because the numbers are already in use.”
Moving beyond 26-bitDespite the industry’s concerns, the 26-bit ‘OG’ format remains difficult to displace.
“It works in everybody's system, and some older access control systems can only handle 26-bit,” says Stallsmith. “Even when systems support longer formats, many security managers are reluctant to use them.”
But he stresses that upgrading to more versatile formats makes sense. That is why security-conscious organizations have moved beyond 26-bit.
We highly recommend against starting with a 26-bit format. HID and Allegion offer formats of 35-bit, 40-bit, 48-bit, and they will manage the number range for you.
“We highly recommend against starting with a 26-bit format,” Stallsmith says. “HID and Allegion offer formats of 35-bit, 40-bit, 48-bit, and they will manage the number range for each customer which is a nice feature.”
The longer the bit structure, the more digits can be stored. The more digits, the more uniqueness for site codes and credential numbers. This is crucial to the successful operation of all the systems that use cards to authenticate and grant access, but it is not the same as data security.
“True security is in the chip and encryption, not in the format,” says ColorID’s Brooks.
There are thousands of other formats, but many are custom and can only be purchased from specific dealers. In some cases, manufacturers will create one for a specific dealer, and they will only supply cards with the format to that dealer.
Dealers often claim that it provides an added layer of security, allowing them to further tighten the grip against card number duplication.
Stallsmith says that this added layer does little to nothing for security, and it forces the end customer to buy all cards through the dealer.
“The real security here is protecting the dealer's business,” jokes Stallsmith. “Make sure you're buying a format that's generally available from all dealers who sell that product.”
Since most campus cards are used in access control systems, they typically use one of the formats described above. In addition to the unique ID number required for the security system, however, the same card will often need to contain one or more additional unique IDs.
A common ID number that is used by the institution’s campus card system provider is a 16-digit ISO number. Additionally, dedicated user IDs for applications like library checkout are sometimes used.
If you are planning to move to mobile, find out from your intended provider what formats they support and consider migrating your card population to that format.
“In some cases, the access and campus card systems themselves are modified to support a single ID that is stored on the card using a single format,” explains Brooks. “But in other cases, the card contains multiple numbers, each designed to support specific functions.”
Modern, multi-application contactless cards are built to support this exact situation. Multiple numbers can be stored in the same contactless card, and each can use a different format.
Though it is not always the case, most modern access control systems can support multiple formats.
But, as Stallsmith explains, end users typically prefer all their credential types to be programmed with the same format.
“If you are planning to move to mobile, find out from your intended provider what formats they support for issuing mobile credentials,” he says. “And consider migrating your card population to that format.”
Three main components underlie modern credential technology – chips, formats, and encryption. Each are applicable to both cards and mobile credentials and understanding them is key to making informed decisions for your campus card program.
Each concept is applicable to both cards and mobile credentials, and understanding them is key to making informed decisions for your campus card program.
In this series of articles, we will dive into each component, but first a brief preview.
Chips are the core of the credential equation. Like the chips that power almost everything we use in our modern lives, they both store and process the data required for identity transactions.
A format – also known as a card format or data format – is the standardized pattern used to store data on a chip. The format holds information such as ID numbers that allow access control and other systems to make decisions about the cardholder. Because data formats are just patterns or structures, they can be used on different chips. This enables different chip types to be used in the same system.
Encryption is the primary method used to secure data on the chip and in transit between the chip, reader, and system. Encryption levels in credentials vary greatly, from none-at-all to best-in-class, and everywhere in between.
In this first of these three articles, we’ll dive into chips.
Most chips on ID cards are either proximity chips that operate at the 125 kHz frequency or contactless smart chips that operate at the higher 13.56 MHz frequency.
The chips used in proximity or prox cards are older, non-secure technology. They do not support encryption and are really a storage mechanism to hold data such as an ID number. Because they lack security, they are extremely easy to clone and thus have fallen out of favor for secure applications like campus credentials.
You can go to a kiosk at Bed Bath & Beyond, insert your prox card or key fob, and they'll give you a duplicate of it.
According to Todd Brooks, Vice President of Products and Technology at ColorID, prox card cloning is easy and inexpensive due to the lack of encryption. There are vending machines and online devices that facilitate cloning.
“You can go to a kiosk at Bed Bath & Beyond, insert your prox card or key fob, and they'll give you a duplicate of it,” says Brooks. “Or you can buy a $25 device on Amazon that can clone cards very easily.”
For these reasons, higher education and most other security-conscious organizations have moved on to high-frequency 13.56 MHz contactless or Near Field Communication (NFC) technology.
But just because these chips operate at a higher frequency doesn't make them inherently more secure. It's what you do with it.
“A lot of people think, oh, it's contactless or NFC, so it's secure,” says David Stallsmith, Director of Product Management for ColorID. “But NFC only defines the communication frequency and a couple other very simple parameters. If it's not encrypted, it's still not much better than prox.”
In practice, however, most implementations of contactless chips do incorporate encryption. Of course, some do it better than others.
Common 13.56 MHz chips include MIFARE Classic and MIFARE DESFire from NXP, iCLASS from HID, and FeliCa from Sony.
Encryption for MIFARE Classic was compromised years ago, so that chip is not used often in secure applications, though it is still common in low-security situations.
For campus cards in the U.S., FeliCa and the initial versions of iCLASS were popular options, but they are not used much for new implementations. Many institutions that deployed them in the past, however, continue to use them.
There have been four versions of DESFire since its introduction in 2002. Today’s gold standard for security is EV3.
iCLASS Seos – the latest version of HID’s iCLASS – is extremely secure, and its usage is rising rapidly, says Stallsmith. While in this case Seos is the name of a specific chip, it can also be a secure identity object that can be used on other chips.
In recent years, DESFire has been the go-to for campuses and other markets seeking a secure credential.
There have been four versions of DESFire since its introduction in 2002. DESFire, DESFire EV1, DESFire EV2, and DESFire EV3.
According to Brooks, today’s gold standard for security is EV3.
The original DESFire product was phased out by NXP years ago, and EV2 was phased out more recently as NXP released the successor EV3 chip.
Because of its widespread use, EV1 is still available, though its phase out is also starting.
“EV1 still uses high-end AES encryption,” says Brooks. “It hasn't been broken, but we're just seeing NXP starting to phase it out.”
That leaves EV3 as the clear leader for new implementations.
“Many of our campus clients opt for EV3, and that is what we’ve been recommending for some time now,” says Stallsmith. “Because it was designed for backwards compatibility, it can even be blended into existing implementations that utilize prior DESFire versions.”
The other key component with chips is memory size. The larger the non-volatile memory, the more data and applications the chip can hold. DESFire EV3 chips are available in 2k, 4k, 8k, an 16k sizes.
iCLASS Seos chips are available in 8K and 16K.
Often you will hear the terms like 26-bit and 32-bit discussed when talking about contactless cards, but don’t confuse this with a chip’s memory size. These terms refer to data formats, the topic for the next article in this series.
Obviously, older less secure technology is going to be less expensive, but there are also large variances in the quality of a card’s manufacture.
It follows then that low-quality prox and MIFARE Classic cards are typically the least expensive, often just a couple bucks. But high-quality cards with the same chip can be significantly more expensive.
With any card, however, when it comes to longevity, durability, and good-looking printing, you get what you pay for.
Because of their low cost, many organizations still use non-secure prox and MIFARE Classic cards. Some are not aware of the security vulnerabilities and others choose to take the risk. If the use cases for the card are not high risk in nature, it can be a sensible decision.
With any card, however, when it comes to longevity, durability, and good-looking printing, Brooks says you get what you pay for.
“You can find inexpensive high-frequency cards, but you can also get cards – depending on what you've done with them – that are $10,” he adds. “So, there's a huge range in what you can get from high frequency.”
Here’s what campus card and security personnel should remember about chips for ID cards.
Palm Beach State College’s campus card office has opted to forego mobile credentials and stick with their longtime magstripe cards. While the decision may seem unusual to some, Jessica Bender, the college’s auxiliary services manager, explains to CampusIDNews the rationale and the research that went into it.
With a student population of 40,000, the college would face significant costs in transitioning to mobile, including annual licensing fees of $2 to $5 per credential. This compares to a onetime cost of just 25 cents per magstripe card.
She emphasizes that as a commuter-based community college, students don’t use their ID cards daily.
I don't think our students suffer by us not going mobile. As a community college, I'm not sure that they even know about it.
Most ID usage is tied to periodic events such as printing, financial aid transactions at the bookstore, or accessing the wellness center. They don’t have door access or meal plans that typically justify mobile adoption.
The average student age is between 23 and 26, and most live in the surrounding community.
If the college expands door access requirements to all students, the cost-benefit equation could shift. Then, Bender says, they would be open to reconsidering the decision.
She stresses that implementing mobile credentials should not be driven by trends. Incorporate careful evaluation of infrastructure, budget models, and long-term costs – including lost revenue from card replacements.
To watch the full interview, click the image at the top of this page.
Transcript
Our college has decided right now not to go mobile. One of the reasons is we're a very large community college and our use case doesn't really lend itself to mobile.
We have about 40,000 students, and we're still using magstripe cards. The cost is 25 cents a card.
To move to the mobile is a huge cost. We're carding 40,000 students. You have $2 to $5 annual cost per mobile.
We're not doing door access. We're not doing meal plans. We're doing mostly just stored value. So, for now, the magstripe works for us. That's why we decided no mobile for now.
I don't think our students suffer by us not going mobile.
Being a community college, I'm not sure that our students even know about it.
I hear the story that mobile makes the student decide whether they go to college A or college B. It gets a little bit different in the community college market because students stay near home to go to college.
Our students are not 18 to 21-year-olds. They're 23 to 26-year-old average.
I don't think that our students are suffering because we haven't gone mobile.
As a community college, we are all commuters, meaning we don’t have the residence halls so students don't need their card every day.
You know, I hear universities say that's why they found mobile because students always have their phone.
At a community college, the things students need their card for like printing, so you're not doing that every day. Financial aid at the bookstore, that's a semester thing. They want to maybe go to wellness center, so they need their card for that.
But it's not like a residential campus where you constantly need to present the credential.
I think that you really have to look at your use case to see if that makes sense.
That's funny that you should bring up when we might consider mobile. I was just in a meeting last week and we're slowly moving towards door access for our academic buildings. I was told by our chief safety officer that her goal is to have everything locked down 24x7.
And what that would mean would be someone would have to have a credential to present to get into buildings.
Right now we are using a MIFARE card for certain staff to have a limited amount of door access. But if you turned around and told me that from now on, every student was going to need to get that MIFARE card, so now you're at that same kind of price point at $5.
If that's where we get to, then I would say at that point that would change the conversation. Because you can save some costs by eliminating printers, eliminating staff at the printing locations, and still, you're going to be spending $5 on a MIFARE card. So I could spend $2 to $5 on the licensing for the mobile.
I just think when making a decision about mobile, it's a case by case decision and every school is going to be different.
I think some schools went with it because it was the cool, shiny thing to do, but I think you have to think about it.
Coming to things like NACCU and reading up on the industry, can help you understand all the costs involved.
Yes, the shiny new thing, but what I didn't know until I talked to a school that went mobile is it's an ongoing annual cost.
You have to have the infrastructure and the budget model to support that, and then you lose some income.
You lose your replacement fees and things like that, so you really need to make an informed decision and get all the facts before you decide, well, I'm going to do the shiny thing by going mobile.
Genea is a cloud-based smart building security provider that recently entered the higher education market via a partnership with Transact+CBORD. CampusIDNews talked with the company’s President and CEO Michael Wong to learn about the company and its offerings.
Though new to this market, Genea has deep roots in corporate security with major customers such as Target Corporation. Target uses the Genea platform across 18 countries and 1500 locations.
According to Wong, when Transact+CBORD was seeking a replacement to its on-prem TS Access solution, they selected Genea as a best-in-class cloud solution.
Most enterprise software applications no longer sit on a server in the basement of the building. They've migrated to the cloud. We're that cloud solution, best-in-class.
The company’s first higher ed implementation is underway at Mercer University, a former TS Access client looking to transition to a modern platform.
Wong highlights Genea’s flexibility, integration capability with other providers, and commitment to open hardware standards. Using Mercury hardware instead of proprietary controllers gives customers the freedom to switch vendors if needed.
Built natively in the cloud, Genea stands out for its speed of innovation. In 2023, the company rolled out 55 major feature updates, compared to just one or two typical of on-prem systems. This agility allows Genea to respond quickly to customer feedback and deliver requested features in weeks rather than months.
To watch the full interview, click the image at the top of this page.
TRANSCRIPT
Hi, I'm Michael Wong, President and CEO of Genea. We are a cloud-based smart building security platform.
We are relatively new to the higher ed space, partially because of our partnership with Transact+CBORD, where they're starting to end the life of some of their security products. They did their research on all the different access control solutions in the marketplace, and they said ours is the best. So that's how we got introduced to this industry.
We're now working with some of the other providers as well to do integrations.
We do all Target security worldwide, so access control across 18 countries, 1,500 retail locations, all their corporate offices, data centers, distribution centers.
Right now we are doing our first implementation for Mercer University. So, I talked to Ken Boyer. Once we're fully implemented, he'll be able to tell you what the experience has been like.
In terms of other industries that we've worked with, Target Corporation is our largest customer. We do all Target security worldwide, so access control across 18 countries, 1,500 retail locations, all their corporate offices, data centers, distribution centers.
So we know we can handle higher ed and the scale and complexity that it requires, because we've done it for a Fortune 50 company.
You know, one of the things that's happening right now with the industry is, for example, Transact is end of life’ing their TS access solution, and so those customers need to find a different solution.
So once again, as Transact looked at not developing another solution internally and trying to bring that to the cloud, they picked us as a best-in-class solution.
So that's what brings us back to Mercer University. Mercer was a TS access client. They were looking at trying to figure out what was the next step. And so we're right now at the beginning of the implementation process for Mercer University, and it's going well.
A lot of the end users that I've been talking to at the conference are just trying to figure out what else is available.
With Mercury hardware, they have 23 software providers that could use that same controller. So, if you do nothing else besides make sure that you get onto a Mercury platform, you future proof your investments.
And so with most enterprise software applications, they no longer sit on the server in the computer in the basement of the building. They've migrated to the cloud. We're that cloud solution, best-in-class.
We use Mercury hardware, which is very important, by the way. There's a lot of proprietary systems out there where they will sell you a proprietary hardware or a controller. And then if you want to switch to something else, no other software provider can use that.
So we lean in with Mercury as the platform on the hardware side because we always want to have our customers stay with us because we're providing great service and support, not because we sold them something that they can't get away from.
So with Mercury hardware, they have 23 software providers that could use that same controller. So, if you do nothing else besides make sure that you get onto a Mercury platform, you give yourself options and future proof your investments.
We are natively built in the cloud in AWS, which means our architecture is all microservices.
What does that mean? It means we can innovate faster than any company in the space. We had 55 major feature releases last year alone, where your typical on-prem solution with their monolithic code base, they can't be nimble like that. They're typically maybe releasing one or two.
And so when you talk to our end customers, one of the things you'll hear from them is they're just astonished about how quickly we can bring their ideas to fruition. We do it in months and sometimes weeks.
So if you want to learn more about Genea, go to our website. It's getGenea.com. Reach out, we'll set up a meeting, and we'll walk you through our platform.
On April 8 at the NACCU Annual Business Meeting, Kim Pfeffer began her new role as President of the NACCU Board of Directors. Her term will last through the NACCU 2026 Annual Business Meeting. Outgoing President Janet Rauhe passed the ceremonial gavel in front of a packed house in Henderson, NV.
Pfeffer currently serves as Director of the EmoryCard program and Interim Director of Campus Life Technology Services at Emory University in Atlanta. She has spent more than 20 years working in various areas of campus life and auxiliary services, but according to a NACCU announcement, she “found her home in the campus card industry.”
In 2020, she was named NACCU Volunteer of the Year, and she has been on the Board of Directors since 2021. She is a faculty member for the Industry Essentials Institute and a frequent conference and webinar presenter.
She joined Emory in 2018 after working at LaSalle University and Thomas Jefferson University.
Her accolades from – and service to – NACCU and the campus card industry are impressive. In the past decade, she has served in virtually every available volunteer role.
In 2020, she was named NACCU Volunteer of the Year, and she has been on the Board of Directors since 2021. She is a faculty member for the Industry Essentials Institute and a frequent conference and webinar presenter.
Through participation in NACCU professional development programs including the Standards and Guidelines program (SAGs) and the Data Summit, she has continually added to her expertise.
Pfeffer earned a B.A in History from Millersville University and an Ed.M. in Educational Administration from Temple University.
On a personal note, Kim has been a great friend, supporter, and contributor to our team at
CampusIDNews over the years. We thank her for her help and dedication to our industry, and we congratulate her on this new role.
At the CampusIDNews booth (#113) in the NACCU exhibit hall, the CampusIDNews team is shooting short (5-8 minute) video interviews with campus leaders and exhibitors profiling things happening, shaping, or confronting their programs and our industry.
I would like to invite you to participate and share your insights with other NACCU members and higher ed professionals via our audience of 6,500+ subscribers. As a thank you, we'll give you a $50 gift card/poker chip.
Though it need not be earth shattering, we ask that you have something special you’d like to discuss – such as a new initiative, product launch, challenge, or other topic. Think of something your team has done or wrestled with that could be of interest to your peer institutions.
Grab your 15-minute slot using the calendar link below, think about your topic, and get ready to cash in on your $50 gift card/poker chip.
Exhibitors: We are also scheduling video interviews to take place in your booths, so please grab a slot via the calendar link below to let us share your message. Sadly, the $50 thanks you's are reserved for campus reps 🙂
Thanks for supporting NACCU and CampusIDNews.
See you in Las Vegas,
Chris Corum
Editor, CampusIDNews
[email protected]
*Note that the timeslots on the reservation calendar display in your time zone rather than the Las Vegas time zone (PDT). This is so your calendar and reminders will show the correct time when you are on site. Please keep that in mind as you select your timeslot.
Campus reps click here to reserve your time slotExhibitors click here to reserve your time slot
Yale students are visualizing their on-campus dining history in a unique way thanks to a new service called Yale Hospitality Wrapped. It was created by an undergraduate computer science major and based on the incredibly popular Spotify service of the same name.
Spotify launched its Spotify Wrapped in 2016 as a tool to let users see a visual representation of their music preferences over the course of the year. It became a viral marketing phenomenon as millions shared their personal Wrapped on social media. In the years that followed, virtually every streaming service has jumped on the bandwagon and even learning sites like Duolingo have added their own annual wrap-up.
Now it’s campus dining’s turn.
He “reverse engineered” the Transact API to access the HTML data from the user’s account, synthesize the swipe data, and compute the individual account holder’s statistics.
For Yale Hospitality Wrapped, the concept is similar. Show the student when they dined, where they dined, and how often they dined.
Yale undergraduate Anish Lakkapragada created the Chrome extension that – after just one semester – is already used by more than 10% of his classmates.
“Everyone likes to compare and categorize,” he says. “We have things like chicken tender Tuesday and all these traditions, so people want to see how much they go.”
Lakkapragada uses the meal swipe data from Yale’s Transact Campus system to build the users’ dining hall wraps.
He “reverse engineered” the Transact API to access the HTML data from the user’s account, so it grabs the HTML pages, synthesizes the swipe data, and computes the individual account holder’s statistics.
When a student installs the Yale Hospitality Wrapped Chrome Extension, they click the button saying add to Chrome, and it automatically takes them to Yale’s central authentication page where they enter their NetID and password. Once signed in, the extension does the rest.
Campus card and transaction systems hold many more data points beyond meal swipes, and Lakkapragada is eager to explore other areas. Stored value, access control, and rec center transactions are of specific interest.
Currently, Wrapped is available for the fall 2024 semester, but it will be changed to analyze spring 2025 meal swipes at the end of the semester. Though it would not be true to the year-end concept of a typical wrapped, he says the extension could be modified to allow users to set their own timelines.
Lakkapragada has already expanded the dining hall wrapped to another major university, and he emphatically says he’d welcome others to get on board.
Until he built Wrapped, he says he really did not know about his dining usage.
He found he used 156 meals wipes during the semester, averaging 1.5 meals per day. He believes that he, like so many students, under-utilize their meal plans, and Yale Hospitality Wrapped could help them better take advantage of it.
“I pay for three meals wipes per day, but obviously, I'm a student and I’m not waking up for breakfast,” he jokes.
Yale Hospitality Wrapped screenshot
One of the extension’s most popular data points is the diversity score. It is calculated based on the number of dining locations a student visits during the term. If you frequented every location, you’d attain the maximum scored of 100, but if you ate at the closest dining hall for every meal, you score would be zero.
Student are using social media to share and compare diversity scores. Lakkapragada hopes this aspect will encourage students to explore other dining options on campus.
This could be a great benefit to dining services as well.
“We actually did speak with Yale Hospitality about the project, and they were excited and supportive,” he says. “They were surprised and receptive to it.”
Today, the data is disparate and tied only to each unique user. Anonymously aggregating the results across all the participants, however, could give a very different and interesting perspective.
Anish Lakkapragada, Developer of Yale Hospitality Wrapped
Lakkapragada says that is one of the reasons he would like to advance the project from a Chrome extension to a web app. As a website, there would be more flexibility to aggregate data, expand functionality, and include other campuses.
“If any other university that uses Transact is interested – a student, an administrator, a Transact Campus developer – I'm more than receptive to sharing code,” he says.
Why did he do it?
“Creating software is one of my favorite pastimes, and I like seeing my stuff being used on someone else's computer,” he says. “I always feel really happy.”
Anish Lakkapragada is a first-year undergraduate at Yale University double majoring in computer science and mathematics. He encourages anyone interested in contributing to the project or bringing a dining hall wrapped to their campus, to contact him at [email protected].
In this episode of CampusIDNews Chats, Danny Smith, co-founder and co-owner of Color D, announces the company’s acquisition of CardExchange, a long-time partner in identity and credential management solutions. Smith describes that the move is intended to increase ColorID’s ability to offer more integrated and flexible identity management systems for higher ed and other markets.
For more than 20 years, CardExchange has been a key partner in developing sophisticated, custom identity solutions, helping ColorID implement complex credentialing projects. The acquisition cements their long-standing collaboration, enabling a more seamless approach to providing cloud-based identity solutions.
A major focus of the acquisition is CardExchange’s cloud platform, which has been in development for the past four to five years. This system allows institutions to manage credentials across different modalities—physical, mobile, and biometric—while integrating with multiple third-party applications and access control systems.
With the acquisition, Smith says ColorID will be able to provide universities with greater control over their identity infrastructure. Traditionally, identity management has been tied to one-card system or physical access control (PAC) platforms. He argues, however, that universities should own and manage their own identity ecosystems.
This would allow them to switch service providers or integrate new technologies without being locked into a single vendor. The CardExchange acquisition, Smith says, enables ColorID to deliver an agnostic integration platform, helping institutions centralize identity management while maintaining interoperability with existing systems.
One of the most notable applications of CardExchange’s solutions is the NYU project, where the platform was used to unify credentialing across 14 global campuses. The success of this implementation demonstrates the scalability and adaptability of CardExchange’s technology.
Listen to the full interview, by clicking the image at the top of this page.
In this episode of CampusIDNews chat, Jeff Bransfield discusses how campuses are looking at biometrics to replace traditional access control methods like ID cards or mobile credentials.
Biometrics, such as face and palm recognition, are becoming popular in gyms, athletic centers, and other areas because of the convenience they offer. Bransfield explains that managing physical credentials has always been challenging, and using the human body as a credential makes things simpler.
Traditionally, biometrics were used in highly secure labs and areas requiring two-factor authentication, but now they’re expanding into everyday spaces like rec centers and student facilities. The idea is to streamline access and make it easier for students and faculty to move around campus without worrying about carrying a card or phone.
The fingerprint was a little more invasive and you had to touch the reader, so it took longer than some credential-based access controls. Facial identification changes that by reading as you're walking.
There are various types of biometrics—fingerprint, face, iris, and even gait recognition—but Bransfield points out that face and palm recognition are becoming more popular. These modalities are less invasive and easier to deploy than fingerprint systems, which used to be the most common but required more effort to enroll users and manage templates.
As the technology has improved, face and palm recognition have gained traction because they allow for a more frictionless experience. For instance, facial recognition works passively, identifying a user as they approach, making it quicker and easier than older systems.
Privacy concerns have been a longstanding issue with biometrics. People worry about how their data, especially facial images, might be used or stored. Bransfield stresses that biometric systems don’t store actual images of faces or fingerprints. Instead, they create a binary representation—a string of ones and zeros used for identification. This means there’s no photo stored, and the data is secure. Most systems discard the image immediately after creating the template, offering even more privacy protection.
It's becoming more of a convenience layer. It is less for added security than that individuals want to use biometrics to access everyday openings throughout the campus.
Another important distinction Bransfield makes is between facial recognition and facial identification. Facial recognition is often associated with video surveillance and used to pick people out of a crowd, like in airports or large events. This technology is used for security purposes like criminal investigations. On the other hand, facial identification is a more intentional and opt-in process. Users willingly register their face as a credential and use it for specific access, such as entering a building or room. This is more about convenience and less about surveillance.
ASSA ABLOY acquired Control iD, a biometric technology leader in South and Central America, and is now bringing their solutions to the U.S. and Canadian markets. Control iD’s products are particularly useful for higher education and other institutional settings where managing physical credentials is a challenge.
In contrast to facial recognition, facial identification is very much an intentional act of me opting in to use my face as my credential to access a certain area within my facility.
What makes Control iD’s biometric readers stand out is that they function as both readers and controllers. This means they can make access decisions directly at the door, without needing to communicate with a central control panel. They can be deployed as standalone devices or connected to an access control panel, depending on the campus’s needs.
Check out the full interview by clicking the image at the top of this page.
To learn more about Control iD readers, click here.
TRANSCRIPT
Credentials on campus are not always plastic cards or mobile phones anymore.
In a growing number of use cases, biometrics seem to offer a preferred mode of identification and on campus rec centers and athletic facilities and locker rooms and highly secure labs are frequently turning to biometrics to increase security and convenience.
But there may be more to it on campus than even just that. With me today to talk about this is Jeff Bransfield. He's regional director for digital access with ASSA ABLOY. Jeff, thanks for joining us. Yeah, thanks for having me.
Let's start off by saying or talking about where do you see biometrics heading specifically in the campus market? What's on the horizon?
Yeah, the conversations are evolving every single day. I think the use of biometrics is really becoming more of a common discussion to really bring that convenience layer into security, which doesn't include convenience for so long, right?
So the challenge of the credential and managing the credential, managing that identity has really evolved over time and the technology has increased in capability and availability to really give some more options to use the human being as the credential.
It’s become more of an everyday discussion of how can we leverage the things that we already are to bring us into that security layer.
Okay, and do you see it moving into other applications on campus? I mentioned in the opening that it's not maybe just secure labs anymore.
Yeah, for a long time it was really that conditional layer. It was that two-factor authentication, leveraging biometrics to those ultra secure facilities.
It's becoming more of a convenience layer. It is less for added security than that individuals want to use biometrics to access everyday openings throughout the campus.
Now it's becoming more of a convenience layer that I want to use my finger or face or palm or whatever I'm using for biometrics to access my everyday openings that I'm getting into throughout the campus.
So the rec centers, the athletic facilities, the things that you think about which is difficult to carry a credential to are becoming our everyday topics of discussion on campus, yes?
Lots of modalities out there. We've fingerprint, face, iris, crazy things like Gates, which I guess maybe is not crazy anymore. But with all these biometric modalities, are you starting to see one or a couple kind of become the main ones that campuses are interested in?
Yeah, I think the technology of biometric devices has evolved massively over the last few years.
So in the past, the entry-level price point was always kind of leaning towards fingerprint just because it was less intensive to deploy. But it was also one of the more difficult to manage because the templates needed to be very, very much enrolled on the device.
They needed to be very good capture at the time. So it took a lot of logistical pain to get the fingerprint template involved.
So we're seeing the technology has definitely increased to take things like palm or take things like face or iris. Those are easier to grab, maybe face and palm more than iris as far as the templates.
But yeah, we're seeing some evolution there to start leveraging some of the more automatic parts.
The fingerprint was a little more invasive. You still had to touch and do those things. So it actually took longer than some of the credential-based access controls versus facial identification. It's just getting it as you're walking.
So it's really that frictionless deployment that we're seeing that people are grasping.
As an industry, I know we've worked hard for a long time to get people past the fear of biometric technologies. By trying to push the message that your images aren't stored. You're not storing a picture of my face in the system that can be used for other purposes. It's really just a string of zeros and ones that form a template that's created from the measurements and the certain parts of my face or my fingerprint or whatever the modality might be. Been fighting it for decades, maybe even at this point. Are you still seeing that concern on campus? Are you having to fight that battle every time you step on a campus still?
I have that conversation every day. And that's good because people are learning the process. But yes, to your point, technically it is. It's storing a binary representation of my face. It's not storing a photo of my face.
It's all ones and zeros. It's just the algorithm that it's processing all of those data points.
We even have devices that can go so far to say, just discard a photo, don't keep a photo.
When I walk up, it doesn't even show my cardholder photo in the system.
In contrast to facial recognition, facial identification is very much an intentional act of me opting in to use my face as my credential to access a certain area within my facility.
So you can really go to that layer of conserving that privacy.
From the other side of the spectrum, the conversation of the human understanding of what biometrics really is, in regard to face, for example, we're having a lot of conversations around facial identification and facial recognition.
They're completely different technologies and different use cases.
Facial recognition is typically applied to a video surveillance layer to where it's identifying a face from a crowd in general surveillance for use for forensic find, criminal investigation, et cetera.
These are used in high traffic environments. You see them in airports, sporting events, malls, et cetera.
Facial identification, though, is very much an intentional act of me opting in to using my face as my credential to access a certain area within my facility.
So they're different conversations and it's very intentional.
I'm opting in to registering my face as my credential and I'm knowingly doing that act as I approach the opening, versus just walking into a general population area and being picked out of the crowd.
So they're two different processes and two conversations that we're having.
And it's very important for people to understand when deploying facial identification that it's very much an intentional use for frictionless access control leveraging biometrics.
A couple of years ago, late in 2022, Asa Abloy acquired a company called Control iD that has some pretty cool looking biometric readers. Can you give us a little update on that? And let me know where that might fit in the campus setting.
Absolutely. In October, 2022, it's been almost two years ago, the acquisition was complete with Control iD. Control iD has been doing business in access control, biometrics, process automation, time and attendance in South and Central America for years.
We just this year have been bringing these products to the United States, Canada, and we're really excited about the opportunities that it's granting our teams as we're going out and providing these solutions to our customers, especially our institutional customers like higher education.
A lot of the market's been asking for this. Control iD has been a fantastic partner. It's been a fantastic add to our portfolio.
The total cost per opening really, really starts going down at that point with a panel-less deployment.
It's revolutionary in what it can do and all of the different aspects in higher education, but also, we're having a conversation with K through 12, commercial, you name it, where people are really getting into that convenience of the credential, because that's the hard part of access control is managing that piece of plastic or managing that mobile credential or even better securing those credentials.
We're really, really excited about Control iD being part of our brand. You can see over my shoulder has really been fun to have as an option.
All right, so I've got one more question about the Control iD readers. You've talked about them being kind of unique and even maybe revolutionary. Tell us why, what's different about that reader than other devices?
Yeah, so we're working really well with a lot of our OEM software, OEM partners to develop native integrations to the product.
What that means is that we can actually deploy the Control iD, so ID face that you see over my shoulder, it actually is a reader controller.
It's got an external access module built into it that actually allows for you to process all of those yes and no decisions at the opening.
I can wire all of my peripheral devices to the access module itself. So I can deploy, especially with either standalone or with some of our OEM integrations, a panel-less integration.
I don't need to rely on an access control panel to make those decisions. I can actually deploy it with a panel-less deployment.
Our total cost per opening really, really starts going down at that point.
I assume too it's great for really remote locations too and things like an area where it might be the athletic locker room where it's a very fixed number of people and you know where they are.
Yeah, so you can deploy standalone. We can do it connected to a panel if you so choose. We can do our OSTP out or we can actually do a native integration as I spoke earlier.
Awesome. Okay, well it's a great update. They really are cool looking. I hope to check them out at a show or something like that.
Anytime. I know more about biometrics now than I ever thought I would, so.
Well, Jeff, thank you. We've been talking with Jeff Bransfield, Regional Director for Digital Access with Asa Abloy and I appreciate you joining us.
Thanks Chris.
