This executive brief explores the security risks associated with using CSN instead of reading the data protected by security mechanisms.
When contactless smart cards are implemented and deployed properly, they represent one of the most secure identification technologies available. However, some manufacturers, in an attempt to sell a ‘universal’ reader capable of reading almost any contactless smart card technology, actually disable the built-in security mechanisms. These readers, referred to as ‘CSN readers’, only read the card’s serial number which, per ISO standards, is not protected by any security.
- A False Sense of Security
- Card Serial Number (CSN)
- How is a CSN Used for Access Control?
- Most Commonly Used Card Format Intensifies the Problem
- Why is CSN reading so popular?
- Recommendations from Government and International Organisations