Card, mobile credential, payment and security
Card offices often invest a lot of time and money into securing their data and inventory, but even the simplest issuance procedures and practices may be unintentionally putting personal information at risk.
The Identification Systems Group (ISG) offers ideas and suggestions for institutions looking to improve card security, as well as secure data and personal information. In a presentation given at NACCU 2017, Tom Stiles, executive director of ISG, offered advice on how to properly dispose of ribbons and cards, enhance card visual security, track inventory, and secure student data and information.
When it comes to disposing of used card consumables, simply tossing ribbons in the garbage doesn’t cut it. “It’s not recommended to throw the ribbons in the trash because those materials carry personal data,” Stiles advises.
It’s better to shred ribbons before throwing them away either in the trash or recycle. Some campuses have taken this a step further by placing used ribbons in a secure bin for shredding, incinerate the ribbons, or send the ribbons to a secure shredding site.
Stiles also suggests the Rippa Ribbon to help with shredding ribbons. The Rippa Ribbon is a device that sits on top of a top-feed shredder. The device feeds the ribbon down into the shredder, and is a helpful tool for campuses looking for an inexpensive but secure way to dispose of ribbons.
When it comes to disposing of cards, campuses can choose to handle things onsite or send used cards to a secure location for shredding. The ISG maintains its own recycling center for this very purpose and campuses can choose to ship their shredded cardstock for secure recycling. North American and Canadian universities alike can send proximity, smart, mag-stripe cards, and ribbon cores to the ISG recycling center.
The visual verification of ID cards is also important to preventing fraudulent duplication. “In addition to the mainstay utilities, the card is still being used for peripheral uses around campus as well, like access to intramural fields, gyms, labs and other areas of campus,” Stiles says. “Students still use their campus card as a form of identification, and duplicating cards isn’t difficult. You can even purchase accurate fraudulent student IDs online.”
Yet there are plenty of ways to deter against this. Stiles recommends that campus cards have security features to prevent duplication. Holograms are the most popular security feature used by universities to prevent duplication, but other features include incorporating the university logo in the overlay, using a unique background, incorporating UV Ink microprint, or a tactile impression. Card manufacturers can also incorporate UV ink, microtext, guilloche, color-shifting ink, and holographic foil into the cards.
First ask the question: Does it matter if your printers are connected via Wi-Fi or USB cable? While seemingly unimportant, printer security can be easily upended if connected to an insecure Wi-Fi network.
On the subject of login information, Stiles discusses the importance of avoiding shared login information between staff. ISG also provides two-factor authentication solutions for card issuance stations.
Running logs are also crucial. These reports are important because they help audit the cards being issued, as well as declare who carried out the issuance, and identify any suspicious activity.
Overall, identity theft remains an ever-present issue that makes securing card data and information paramount. Considerable money is invested in security, yet there are still pitfalls facing those institutions that don't follow best practices. Negligence can lead to a higher liability risk.
Stiles ultimately implores campuses to take more consideration into card office security. “Most of the campuses out there are taking the recommended steps,” says Stiles. “Nevertheless card offices should take all aspects of card issuance security seriously.”
