LG Iris Access control systems & kits  (6)

Gregor Schlechtriem has worked in the access control market for over 20 years and is now responsible for the Access & Intrusion Business Unit at Bosch Building Technologies. In this interview, the expert talks about key industry trends, the impact of the COVID-19 (Coronavirus) pandemic, technical innovations and his company’s strategy. Mr. Schlechtriem, you have many years of experience in the security technology market. What is your background and what are your responsibilities as Senior Vice President at Bosch Building Technologies? Gregor Schlechtriem: I am a trained engineer and electrical technician, and have been involved with access control in the broadest sense, since I started my career in the late 1980s. I started in the field of parking garage technology and then switched to security technology in 2001, as Managing Director of micos GmbH, which specialised in traditional access control. micos GmbH was known for its highly available and highly secure access control systems, for critical infrastructure and government applications. Many systems from that time are still in use today and continue to be supported and upgraded. Bosch is continuing micos’ business here? Gregor Schlechtriem: Exactly, micos was taken over in 2004 by Bosch Security Systems, now known as Bosch Building Technologies. Since then, we have continuously been developing the access control business. Being part of the Bosch Building Technologies division, we benefit a lot from international cooperation with colleagues Being part of the Bosch Building Technologies division, we benefit a lot from international cooperation with colleagues and from overlap with other product lines, such as intrusion detection technology and video security. This gives us the opportunity to implement outstanding project solutions for demanding customers in an international environment. In developing this business, I rely on my experience from other interesting roles at Bosch that I took on, after micos was bought in 2004. For a time, I worked in the European System Integrator Business, which I also had the privilege of managing for several years, as well as being directly responsible for business units. In Fairport, USA, I had the overall responsibility for intrusion detection technology for many years, as I later did in Eindhoven for video systems. Since 2018, the global access control and intrusion detection business has once again been my direct responsibility. At Bosch Building Technologies, we have in the meantime assigned sales to the respective business units, so that we can develop our product and solution portfolio, in close cooperation with sales and our regular customers. Our main task now is to make our access control portfolio accessible to a broader market. We want to make Bosch much better known, as an access control provider, in the international market. After all, with our own access product portfolio, the power of the Bosch Group and over 40 years of experience in this sector, we have a lot to offer. As an expert in access control, how do you see the industry developing? In which direction is it currently evolving? Gregor Schlechtriem: First of all, I see that security requirements are constantly increasing. Whereas there are currently still simple ‘key replacement systems’ that merely record card numbers, such an approach, to a large extent, no longer meets today’s security and user experience requirements.The core task of access control has not changed over the years In the beginning, access control was more or less a kind of key replacement. Later, there was the possibility of increasing security via a pin code, i.e., via verification through simple data inputs. The next step in this direction was biometrics, which is another key step up, because it allows verification by means of unmistakable characteristics. However, the core task of access control has not changed over all the years and has basically always remained the same: access control means determining who has an access request and checking whether this request can be fulfilled. What’s next on this path to greater security? Gregor Schlechtriem: Biometrics-based access control is becoming increasingly powerful and user-friendly through the use of artificial intelligence (AI). Here, data protection plays a major role, as wherever identities are established and movement data is recorded, it is necessary to reconcile the evolving technology with data protection.Biometrics-based access control is becoming increasingly powerful and user-friendly through the use of artificial intelligence The question of data protection is becoming even more significant, as systems increasingly migrate to the Cloud. Bosch puts particular emphasis on ensuring that, even in the cloud, the data generated in access control is always in line with data protection rules, regardless of where it is located. In my opinion, this trend towards the Cloud will continue, because companies are increasingly looking for complete service offerings, so that they can focus on their core business. Also, a system in the Cloud is easier to maintain and always up-to-date with the latest software, which makes cloud solutions even more attractive for providers and users. How can higher security be reconciled with a good user experience? Gregor Schlechtriem: Today, the card still plays a central role in the user experience, as the essential credential. Another current trend is ‘one card for everything’: with the increasing availability of secure multi-function smart cards, the possibility arises to use cards beyond the pure access function, for example, for payment in the canteen, at the catering and coffee machines, and in the parking garage, as well as simple access to other properties and so on.The security of cards has evolved significantly and kept pace with requirements The security of the cards, the reading and encryption processes, has evolved significantly and kept pace with requirements, although we are also facing an installed base that no longer meets these requirements, due to outdated systems. Today, it is standard for communications between reader and card to be encrypted. In some cases, the keys are also only held centrally to further increase security. The security systems industry was also affected by the COVID-19 (Coronavirus) pandemic. How do you think the industry has changed? What technical solutions have emerged during this time? Gregor Schlechtriem: First of all, there is a certain need for retrofitting in the industry due to changes in how buildings are used. For example, American retailers used to be open around the clock and always had staff on site. Now, due to COVID-19, stores are also closed, and this results in a whole new need for intrusion detection and access control systems to protect the buildings. For access control, an obvious task has arisen as a result of the COVID-19 pandemic, namely to track contacts, as far as this is compatible with data protection. We actually expected more to happen here, but in our observation, many companies did quite little, despite clear and simple steps that could have been implemented relatively quickly. The installed access control systems clearly lag behind the technical possibilities. Another topic that the COVID-19 pandemic has brought into focus is hygiene Another topic that the COVID-19 pandemic has brought into focus is hygiene. Companies should actually have invested in contactless systems here and retrofitted speed gates or motorised doors. But in many cases this was not put into practice. The door opener is still often used, which has to be operated manually and therefore, is touched multiple times. But, if everyone presses the same button, that doesn't help hygiene. Surprisingly, this is different in North America. Here, ‘request-to-exit’ proximity detectors are used almost everywhere, which avoids this problem completely and releases the door, when an authorised person approaches it. Mobile access and smartphone-based access control are also growing markets. What kind of developments do you see in these areas? Gregor Schlechtriem: I already mentioned that users increasingly want to be able to use one card for several applications. But, what we are seeing here is that even with the most modern cards, which have a lot of applications loaded on them, we are reaching performance limits and the user experience suffers. If you compare the card with the smartphone as a credential, you have a much more attractive integration platform there, which is significantly faster and delivers much better performance. For us, the mobile credential or the smartphone is the future, because it simply offers more possibilities that the card will not be able to provide in the long term. What is the specific direction Bosch is taking here? Gregor Schlechtriem: We are currently working on a broad implementation. A whole team is working on the user experience around the smartphone, because it’s understood that smartphone-based access has to work just as easily, as it currently does with a card.A whole team is working on the user experience around the smartphone In theory it does, but if you look at some of the actual implementations, this topic is still relatively complex. In terms of user experience and automation, we still have quite a way to go, and we are working hard on that at the moment. The user experience is one side of the coin, the other side concerns establishing security in the smartphone as a whole. In other words: How do I make the smartphone secure enough as a mobile credential, to meet my access control requirements? We are also working intensively on this. That's actually an IT task. Do you do this yourself at Bosch or do you work with external experts here? Gregor Schlechtriem: We have our own powerful Bosch IT, which also manages our company smartphones. If our company smartphones are lost, the data on them is automatically deleted. The devices use biometrics to identify users, before they can access the data. It is a sound security concept that a card cannot offer. Moreover, we are working with other partners in the IDunion project, to create the additional infrastructure around mobile credentials as well. What exactly is the IDunion and what role does Bosch play? Gregor Schlechtriem: Digital identities must be openly accessible, widely usable, interoperable, and secure. This applies not only to access control, but to the digitised economy in general. The IDunion project has set itself the task of creating the infrastructure for this, in the form of an independent wallet, i.e., secure identity storage on smart devices. The project is funded by the German Federal Ministry for Economic Affairs and Energy (BMWI), because digitisation is also a critical social issue. We are intensively involved in the ‘Physical access to the building’ work package in this consortium. Through this involvement, we want to ensure that our access control systems benefit from this infrastructure and are open to future digital business models. Does ‘digital identity management’, which includes biometrics and mobile access, also play a role for Bosch? Yes, it plays an important role for us, and I wouldn’t consider these topics separate Gregor Schlechtriem: Yes, it plays an important role for us, and I wouldn’t consider these topics separate. For me, a mobile device has the advantage that it has already ensured and verified my identity from the moment of interaction. That’s the fascinating thing about it. If I only allow the device to communicate with the access control system, if I have identified myself first, I have implemented biometrics and access control together in a widely accepted process. From my point of view, this is a very interesting perspective, in terms of security and user experience, because the biometrics procedures in smartphones are, I think, the best currently available. In my view, the smartphone has the potential to take over central functions in access control in the future. What are your goals for the access control business of Bosch Building Technologies in the near future? Gregor Schlechtriem: We will continue to focus on specific solutions for large customers. That is the continuation of our current strategy. In these projects, we will introduce new topics as I have just described, i.e., primarily new technology elements. I believe that, precisely because of the longevity of access control, a long-term migration capability is also of particular importance. We want to reach out to the broader market and make more widely available, what we have developed in terms of technology and innovation. We are currently in the process of setting up and optimising our sales organisation, so that it becomes much more widely known that we at Bosch have our own powerful access control portfolio, which can be used for all kinds of applications. In addition, we want to differentiate ourselves in the market with our systems, in line with the motto of our founder, Robert Bosch: ‘Technology for life’. The user experience with Mobile Access should be simple, straightforward, and secure: You hold your smartphone in front of the reader and the door opens.

Recent cyber-attacks have disabled and even shut down physical assets. Robust foundational security and training staff, able to recognise an attack can help mitigate the threat, as ABB’s Rob Putman explains. Edge devices and data analytics As cyber security specialists, we must navigate an ever-changing threat landscape, one that is made even more complex by the increased interconnectivity between Operational Technology (OT) and Information Technology (IT), as companies look to leverage edge devices and data analytics, as well as remote connectivity, in the wake of the COVID-19 pandemic. As the threat surface evolves, the industry must guard against attacks on key physical infrastructure, carried out by a range of malicious actors, including nation states and criminals intent on blackmail. The chemicals sector, a high-value target for cyber-criminals Cyber-criminals view the chemicals sector, as a high-value target, because of the potential cost In 2017, not long after a ransomware attack that targeted Maersk, the world’s largest shipping firm, made the news around the world. Another cyber-attack, this time targeting physical industrial assets, generated fewer headlines, and yet could have resulted in both real, as well as financial, damage. Cyber-criminals view the chemicals sector, as a high-value target, because of the potential cost, both financial and reputational, to the operator, should production be interrupted or stopped entirely. Cyber security vulnerabilities put physical assets at risk The attack in question, a ‘Triton’ custom malware attack on a petro-chemical facility in Saudi Arabia, targeted a safety system, taking over system controllers. Bugs in the code triggered an emergency shutdown, but could have led to the release of toxic and explosive gases. It was a vivid reminder of how cyber security vulnerabilities are increasingly putting companies’ key physical assets at risk. Two more-recent high-profile incidents illustrate my point. In February, a Florida water treatment plant was hacked. The malicious actor remotely accessed the system for three to five minutes, during which time they opened various functions on the screen, including one that controls the amount of sodium hydroxide (NaOH) in the water. The hacker changed the NaOH from about 100 parts per million to 11,100 parts per million, which could have resulted in a mass poisoning event. Colonial Pipeline cyber-attack incident Then, in May, the Colonial Pipeline system that originates in Houston, Texas and carries gasoline, and jet fuel, suffered a ransomware attack. Using a VPN, hackers targeted back-office IT systems, forcing Colonial to shut down IT hosts and network infrastructure, severing communication with those OT systems that are responsible for communicating ‘transactional data’ associated with fuel delivery. In this instance, a single compromised password disrupted Colonial’s ability to invoice its customers. This dependency on OT data stopped pipeline and business operations, and the company was elected to pay the hackers an initial ransom of US$ 4.4 million, in order to restore operations. The Colonial attack was multi-dimensional, in that it not only impacted Colonial’s business, but also the wider US economy and national security, since the pipeline transports nearly half of the east coast's fuel supplies. Outdated IT system elevates physical risk The increased interconnectivity between IT and OT can also create vulnerabilit Attacks such as these prove that, armed with little more than a laptop, an email account and access to the dark web, determined hackers can cause disproportionate damage to physical infrastructure. As mentioned at the outset, the increased interconnectivity between IT and OT can also create vulnerability. Producers often want to know: Is it risky to connect a production asset or their operational environment to the Cloud? My answer is, if you do so without having done any risk audits around people, processes and technology, or without enhancing and maintaining that environment, then yes, that is risky. For example, we often observe that the life cycle of a production asset far outlasts the IT systems that are used to run it. Take a cement kiln. Several generations of plant operators may have come and gone, but that asset may still run, using legacy software, such as Windows XP and why not? Need to replace aging distributed control systems Well, that’s fine, if you are not concerned about having that asset compromised, and all that entails. A ‘flat’ IT network, an aging distributed control system, and machines with legacy versions of Microsoft Windows, all these elements, which are still commonplace in many industries, make it much easier for attackers to find and infiltrate a company, without needing sophisticated tools. The age-old mantra of not interfering with a piece of equipment or software that appears to be working, often applies to the individual assets. For example that cement kiln that are still controlled by the same Windows XP-based control software. However, if we’re honest, things have changed quite a bit, not because something was broken, but because innovation came in. That same kiln control system is most likely connected to other systems, than when first commissioned and that opens it to exposure to threats that it was never designed for. The human element There is a misconception that IoT-connected devices can open companies to risk There is a misconception that IoT-connected devices can open companies to risk, but many recent, high-profile cyber-attacks have been conducted from a laptop, by hacking someone’s VPN, or are a simple phishing/malware attack. In all these cases, the human element is partly to blame. Take the Florida attack. The compromised computer at the water treatment facility was reportedly running an outdated Windows 7 operating system and staff all used the same password, in order to gain remote access via the Teamviewer app, which the hacker was then able to use. Physical and human assets, key to robust cyber security Discussion on the best way to mitigate the threat is often framed solely around specific technical solutions and ignores the fact that robust foundational cyber security is really driven by two very different, but equally important, types of capital: physical assets (e.g. production machinery), and human assets. The truth is that smart digital software and industry-renowned cyber security applications, while critical, are in many cases, only as good as the weakest human link in the chain. Industry would, therefore, do well to ask itself the following question: Do we have a security problem, or a complacency problem? At this juncture, it is important to point out that the majority of companies that ABB works with, are at least aware of the threat posed by cyber attackers, and the potential impact of an attack, on their revenues, reputation and bottom line. User error and human-generated exposures Making sure staff are aware of the threat and training them to respond properly, if they are targeted, is vital However, user error and human-generated exposures are where most of these attacks occur. Those human failures are mostly not due to malicious intent from employees, but to the lack of training of the employees on secure behavior. Making sure staff are aware of the threat and training them to respond properly, if they are targeted, is vital. However, there are also age demographics at play here. Much of the operations employee base is heading towards retirement and often, there is no plan or ability to backfill these people. Need to invest in new digital and automated technologies If you think you don't have enough people now, in order to stay on top of basic care and feeding of the OT environment, with regards to security, what is that going to be like in 20 years? For this reason, there must be a major industry reset, when it comes to its workforce. Companies must invest in new digital and automated technologies, not only to ensure that they stay ahead of the curve and mitigate risk, but also to attract the next generation of digitally literate talent. Robust cyber security is built on solid foundations When we talk about foundational cyber security, we mean fundamentals, such as patching, malware protection, high-fidelity system backups, an up-to-date anti-virus system, and other options, such as application allow-listing and asset inventory. These basic controls can help companies understand their system setup and the potential threats, identify vulnerabilities, and assess their risk exposure. The Pareto principle states that around 80% of consequences come from 20% of the causes. In the context of cyber security, that means 80% of exposure to risk comes from 20% of the lack of security. If companies do the foundational things right, they can manage out a significant amount of this risk. Importance of maintaining and upgrading security controls However, having basic security controls, such as anti-virus software in place, is just the first step on that journey. Equally important is having someone within the organisation, with the requisite skill set, or the extra labour bandwidth, to operate, maintain and update those security controls, as they evolve. Educating, training and recruiting existing employees, and the next generation of talent, along with forging partnerships with trusted technology providers, will ensure that industry can leverage the latest digital technologies, in order to drive business value, and secure physical assets against cyber-attacks.

The COVID-19 pandemic is only accelerating the expansion of Automation, Robotics, Machine Learning (ML) and Artificial Intelligence (AI), and changing how people live their daily lives. This expansion leads the way with technologies that are developed to solve problems, improve operations, streamline processes and assist people, to focus on learning new skills, creativity, and imagination. Transformation of the physical security industry One of the latest industries to be permanently transformed is physical security. The era of utilising security cameras is slowly changing into more advanced and more efficient technological applications - security robotic solutions. SMP Robotics is a California-based company, which is a pioneer in developing robotic technologies, powered by AI, to assist, improve and deliver on new expectations in today’s world. One of their services is smart surveillance systems. This represents a proactive approach to security. The company, SMP Robotics’ Founder and Chief Executive Officer (CEO), Leo Ryzhenko, stated “Autonomous robotic technologies will become a driving force in future security solutions.” Robotics and AI in autonomous security solutions The robots can patrol 24/7, counteracting intrusion and communicating via voice message with guards The company uses robotics and AI technology to implement autonomous security solutions, which reduce liability and overhead, as well as improving the quality of services. Robotic guards are capable of patrolling all types of facilities, in both urban and rural contexts. The robots can patrol 24/7, counteracting intrusion and communicating via voice message with guards. The inspection robots, deployed by SMP Robotics, are easily integrated with many existing security technologies, armed with obstacle avoidance and anti-collision measures, automatically recharge, and can recognise faces up to 50 metres. As the world grows increasingly complex, technology like this is essential to ensure safety for all. AI-enabled autonomous video monitoring ground vehicles The advancements in technological breakthroughs of SMP Robotics position the company and its AI-powered, autonomous video monitoring ground vehicles, to be the most adaptable to any industry, cost-effective for clients’ business needs, in providing various types of services from public safety, crime prevention, to asset protection and physical security. SMP Robotics continues to implement new innovative solutions and groundbreaking technologies in its latest generation of autonomous models. Currently, many were already deployed or in a process to be delivered to a number of key clients, in various industries throughout the globe, from oil & gas, nuclear power plants to data centers, healthcare facilities, and amusement parks. Smart security robots Tal Turner, the Vice President (VP) of Business Development and Partnerships, SMP Robotics, said “We provide autonomous, artificial intelligence, all-weather, all-surface, smart security robots that are turnkey and operate independently on their own, using real-time obstacle avoidance, face recognition, and other cutting-edge technological advancements.” According to Coherent Market Insights, the Robots as a Service (RaaS) market direction will grow by 15.9% by 2028 and reach the threshold of 41.3 billion dollars. SMP Robotics stands at the forefront of the security robotic revolution, making an impactful change to make the world a safer place.

Iris ID, a pioneering provider of iris recognition technology, announced the compatibility of its iCAM M300 handheld, multi-modal biometric reader and the MozaicID iCAM M300 smartcard software credential application. This application enables the mobile device to accommodate a range of Personal Identity Verification (PIV) compatible credentials including PIV Interoperable (PIV-I) and the Transportation Worker Identification Credentials (TWIC), a smartcard used by workers requiring access to secure areas of U.S. maritime facilities and vessels. Secured identity authentication The MozaicID app uses the iCAM M300’s detachable FBI-certified Sherlock fingerprint sensor from Integrated Biometrics to authenticate workers’ identities by comparing a live fingerprint to a stored template embedded in the credential. The application will also check the trust status of the presented credential. The iCAM M300 also enables mobile enrolment of workers with its embedded camera simultaneously capturing both iris and facial modes for contactless identity authentication. Authorities statement Mohammed Murad, vice president of global sales and business development, Iris ID, said compatibility with the MozaicID app adds to the versatility of the iCAM M300. “Iris ID and MozaicID have combined best of breed technologies to create an accurate and more secure means of identifying maritime employees wherever their jobs take them,” he said. “The iCAM M300 provides an unparalleled intuitive user interface, which makes the process easier for the user and operator.” Jim Parroco, chief executive officer of MozaicID said “MozaicID is dedicated to providing effective, relevant and user-friendly security solutions. We institute intuitive and innovative technology in our software with proven results. The product offering, we have with Iris ID provides an excellent security solution in response to a specific need.” Features and benefits Supports other contact or contactless Personnel Identity Verification (PIV) smartcards such as Common Access Cards (CAC) used by military, civilian and vendor employees in controlled government spaces Commercial Identity Verification (CIV), used by commercial organisations to meet federal government access control standards Comes equipped with software development kits (SDK’s) ready to deploy a wide variety of Android-based identity application Organisations requiring remote identity verification, such as the U.S. Customs and Border Patrol and law enforcement departments, use the water- and dust-resistant iCAM M300 Provides magstripe and contactless card support, as well as an MRZ reader to verify ePassports Communications protocols include NFC, Wi-Fi, Bluetooth, GPS, 4G LTE

Boon Edam will expand its booth presence and installs turnstiles at ASIS 2016's main entrance Boon Edam, a provider of security entrances and architectural revolving doors, has announced a greatly enhanced presence at the 62nd ASIS International Seminar and Exhibits in Orlando, Florida from September 12th-14th. In addition to expanding the booth to the largest footprint ever at the ASIS event, the company will also be the first official Turnstile Sponsor of the Exhibition.   Official turnstile sponsor   As the first official Turnstile Sponsor at ASIS International since the event’s inception, Boon Edam will install 18 lanes of barrier-free Speedlane 2048 optical turnstiles at the main entrance to the exhibits. The Speedlanes will be the first product that attendees encounter as they enter the exhibit hall.   Larger booth for increased customers  Due to unprecedented sales growth over the last several years, Boon Edam has expanded its booth size at ASIS to the largest footprint ever—now 40’x40’, with several designated meeting areas to accommodate larger groups from global and enterprise customers.   Product demonstrations  The booth will include the following products for live demonstrations:   A full complement of Speedlane Lifeline optical turnstiles, which were launched last year and offer on-trend styling and an intuitive user experience. The booth will include a Speedlane Swing, Slide and Open.   BoonTouch, a proprietary desktop touchpad with integrated software that enables efficient traffic management for many types of Boon Edam security entrances.   BoonConnect, an IP-addressable, proprietary software system that provides diagnostic and configuration tools for the Tourlock security revolving door and Circlelock mantrap portal. Users can access door operations and events using devices such as a tablet, laptop or smartphone via secured corporate network.   Tourlock 180+90, the best-selling security revolving door in the industry due to its high throughput and ability to prevent tailgating and piggybacking without manned supervision.   Circlelock mantrap portal is an anti-piggybacking solution for sensitive areas. At ASIS, we will be demonstrating the procedure for secondary biometric authorisation inside the portal using the latest iris scanning technology by Iris ID Systems, Inc., called the iCAM7S Series reader.   Circlelock Wall Mount portal is a special half portal that can be used to retrofit an existing swing door into an unmanned and reliable anti-piggybacking solution. This special portal will demonstrate authorisation using facial recognition technology from Stone Lock Global, Inc., called Stone Lock Pro.   Speedlane 300 optical turnstile, a practical optical turnstile with contemporary styling for detecting and deterring unauthorised entry.   Turnlock 100 full height turnstile, ideal for rugged outdoor environments and controlling access at the perimeter/fence line.   Trilock 75 waist high turnstile, a durable and versatile crowd control solution that works in a variety of applications, from outdoors to Class A office building lobbies.

Time and attendance has proven to be a successful use of biometric technology traditionally used for controlling access to highly sensitive areas Security technology is increasingly being used to help organisations tackle challenges going far beyond controlling access to office buildings and monitoring parking lot activity. Video, in particular, has become the darling of many markets. Retailers use live and recorded video to assess promotional sales efforts. Manufacturers confirm employees are following mandated safety regulations. Transit officials debunk false liability claims with a review of recorded mobile video. But here’s a relatively new one – biometrics. Long thought perfect for controlling access to highly sensitive public and private research and military facilities, they are showing up in offices, hotels — even in remote fruit fields and sugar processing plants — for employee time and attendance. It’s proven to be a successful use of the broad technology. Risks of mechanical and electronic clocks The process of keeping track of employees’ hours has long been open to fraud and other issues. Mechanical time clocks — in use since the 1800s — and even more modern electronic clocks using magnetic stripe or proximity cards are open to a process known as ‘buddy punching.’ That’s a scheme in which an employee clocks in and/or out for a friend who may be late or not even at work. Mechanical systems are also slow, potentially leading to long queues during shift changes resulting in wasted time and lost productivity. Mechanical cards also need to be keystroked into the payroll system, requiring significant back office time for data entry. Electronic cards can be shared. They may also be lost or stolen, costing additional time and money in back office expense. Even small errors in collecting and processing employee time and attendance can add substantially to the cost of payroll, already a major expense for any organisation. Studies by a leading international human resources consulting firm have shown even small payroll errors and fraud can boost operating costs by up to 10 percent. Biometric time and attendance solution But fraud, delays and lost credentials can be largely eliminated by a biometric solution. Common biometric systems involve hand or fingerprint readers, facial identification or iris recognition. Each technology records and then compares physical characteristics unique to every individual. However, changes in weight, hairstyle, finger or hand size, cuts or even the effects of manual labour can trigger the need for re-enrolment – in all except iris-based solutions. Fraud, delays and lost credentials can be largely eliminated by a biometric solution Iris recognition advantages The structural formation of the human iris (the visible coloured ring around the pupil), is fixed from the first year of life and remains constant. And few people can’t use the technology, as most individuals have at least one eye. Even blind people have successfully used iris recognition. At employee enrolment, iris systems utilise an industry-standard camera to capture an image of the iris. Software converts that to a small template stored in a terminal database. Authentication requires employees to stand roughly 18 inches from an iris reader and the process takes about two seconds. With multiple readers installed, long lines are eliminated. Also eliminated is fraud. Since every user’s iris is unique and required to be present at the reader, time fraud schemes are virtually impossible. The system can also prevent another type of back-office time fraud known as “ghost employees” – non-existent people added to the payroll. Security is also enhanced. The digital templates can’t be used to produce any sort of visual image, affording a high-level of defence against employee identity theft. An iris recognition system can also grant facility access as employee’s clock in for work. Iris recognition case study Here’s an example of how an iris recognition system has benefitted a major Turkish fruit and vegetable grower and one of Europe’s largest providers of juice. The nature of the local work force created a major time-and-attendance challenge. "Fingerprint and facial recognition systems were tried briefly. Facial recognition suffered from workers’ changes in hairstyle, facial hair, glasses and protective gear" New labourers arrive daily seeking work. Once hired, they might work a few days and then leave before returning a week later. Unreliable schedules made standard time cards virtually impossible to manage. The company’s security integrator suggested smart cards as an option. But that wasn’t much of an improvement as authorising, printing, distributing and tracking cards for thousands of on-and-off workers continued the human resources nightmare. Also, improper use of the cards threatened to cut into the company’s profits. Both fingerprint and facial recognition systems were tried briefly. The constant cuts and scars workers get from the manual labour impaired the accuracy of readers. Facial recognition suffered from workers’ changes in hairstyle, facial hair, glasses and protective gear. Daily payroll reports are transmitted to the company’s Istanbul headquarters using wide area networks in the fields and satellite communication. Software links the received data to a payroll module which automatically calculates employee hours and produces paychecks. The system currently has more than 10,000 enrolled workers. More are being added on an almost daily basis. Once a worker is in the system, it doesn’t matter how often he may leave. When he returns, the iris system immediately recognises him. Also, the contactless iris-based technology inhibits the transfer of virus or bacteria as there is no direct employee contact with the biometric readers. If these systems can work in remote areas of Turkey, they can certainly work in downtown Boston. And they do. There, a boutique hotel uses iris-based identity authentication to keep the hours of its employees. The same system also allows VIP guests to enter their suites without a key card. Reductions in cost Recent reductions in both product and deployment costs have made using biometrics, including iris recognition, a practical time and attendance investment for organisations of almost any size and in any location. Of course, biometrics still remains the go-to choice for protecting sensitive locations and international borders, as well as national identity and voter registration programmes.