What are the obstacles to adoption of mobile credentials for access control?

Mobile credentials are making a big push now in the market as companies look for ways to harness existing technology that we carry every day: our mobile phones. This is especially appealing as organisations strive to appeal to a younger generation by implementing advanced technology to address common challenges of access control management. One of the obstacles mobile credentials have seen, however, is the need to download an application on a device that is personally owned for a work application. Another consideration is how to handle visitors and contractors that might require short- or long-term access. Privacy concerns also dominate mobile credential discussions, and recent regulations in Europe with GDPR can create concern with how information is gathered and shared on a mobile device. While there is certainly momentum for these types of credentials in the market, considerations need to be made to address these concerns.

According to the IHS Access Control Intelligence Database - Mobile Credentials report, 20 percent of all credentials will be mobile by 2020, a significant increase compared to today. This is expected to be the fastest growing category in the access control market. Mobile credentials have been slow to take off because legacy readers traditionally did not have Bluetooth or NFC capacity. However, upgrade kits will soon be available from some access control vendors, and customers will be able to easily upgrade their readers. We are already seeing a steep increase in the adoption of mobile readers. In fact, already most of reader sales in the projects we are involved with are mobile-enabled, as our customers see the value in future-proofing their installations. The early adopters are schools, who are implementing totally mobile-enabled access control systems, and enterprise customers, who tend to use mobile credentials as a complement to existing readers.  

The greatest obstacle to largescale adoption of mobile credentialing in the access control industry is probably not a technological hurdle but a hardware one, which can lead to a lack of willingness to adopt new system designs. Many access control systems are not brand new and, in turn, use legacy technology that does not support readers capable of handling mobile credentials. For access control systems to adopt this new approach, there needs to be a way for users to transfer data from one system to another. With older technology, that may not be possible without replacing the system in its entirety. For small scale applications, such as a business with few doors, the upgrade is easier. On the other hand, if an enterprise has hundreds of doors and thousands of users, the needed investment is huge.

The credential as we know it is already dead, but the industry hasn’t realised it yet. Mobile Credentials will be one of the key drivers in a paradigm shift for access control. We’re still in the early phases of the shift where most people are trying to use the “new technology,” i.e. a smartphone, to do what the old technology did (badge at a door), rather than leveraging what is now possible to deliver a new, better experience. For example, there’s really no reason to have to present a smart phone to a reader, ultimately the access control installation of the future won’t have readers at the door, and it will be so much more than simple badging.

Mobile devices are quickly replacing everyday items in our daily lives. From tablets to laptops – and now, wallets, keys and light switches – replacing RFID tags with NFC technologies on mobile devices is overdue. Employees treat these devices as an extension of themselves. Once the phone is the proverbial key for the building, it provides a conduit for additional safety and security functions like panic buttons, emergency notifications, and the potential for real time location tracking in the event of an emergency. Employees, especially with personally owned devices, are becoming more and more privacy-conscious; while the pluses of deploying mobile credentials are obvious to the organisation, selling the benefits to the employee can be an uphill battle. Including additional functions like Panic Buttons and Emergency Notifications with any mobile solution in the workplace can help an organisation increase adoption with mobile credentials, all while showing a commitment to workplace safety.

The commercial sector is likely to see the largest growth rate over the next few years for two main reasons. First, typical offices have a limited number of access-controlled doors so the cost of upgrading to mobile capable readers is relatively inexpensive. Second, with company-issued smart phones becoming more common, bringing them under the administration of the organisation’s IT security policies reduces overall risk. For Government organisations, adoption of mobile credentials is held back due to a lack of a universally accepted standard. Additionally, many agencies have internal badging policies that require visual identification, making it less likely they will pay for a mobile license as well as issue cards. A further obstacle is the large cost of re-credentialing an entire workforce. You can add to this the challenge of integrating mobile credential management and distribution into existing IT platforms and accounting for phone OS updates, patches, device upgrades etc.

Gartner has forecasted that 20 percent of organisations will use smartphones rather than traditional physical access cards by 2020. We think this is a conservative estimate as we already see many universities, co-working spaces and other early adopters moving completely to “mobile-only” access-control system models. These users place a high value on the ability to integrate numerous applications into a unified mobile experience. Other trends likely to accelerate the adoption of mobile credentials include rising interest in cloud-based access control platforms that can potentially enable even more services and experiences on mobile phones. For facility managers, these platforms will support flexible and convenient subscription models to make it easier to replenish mobile IDs when smartphones get lost or need replacement. Mobile IDs also help move from product-based models to an easier, service-based experience for deploying access control credentials, while streamlining forecasting, budgeting and reporting at the same time.

There is little doubt that mobile credentials will be the preferred form of digital identity within the next decade. While the mobile credential likely will never fully replace alternate forms of identification, our fast-paced society has shown an inclination toward technologies that drive efficiencies in our daily lives. Once end users experience the advantages of mobile credentialing – such as enabling unencumbered movement through spaces where the access system recognises the user’s presence and reacts to individual preferences such as office lighting and temperature settings – the shift will happen. This migration toward mobile credentials is happening in the hospitality industry. Where available, end users avoid lines by checking in via mobile phone and heading directly to their room upon arrival. We anticipate that the adoption of the technology in this mainstream segment will help drive its broader acceptance, soon making mobile credentials as commonplace as fingerprint identification on mobile phones.