Evaluating Accuracy

Evaluating Accuracy

Installers and system integrators must consider a wide range of readers and credential types in the evaluation process when designing an access control system. Determining the appropriate solution for an application will depend on a needs assessment conducted with the end user to define specific functionality, compatibility and operational criteria for the new system. Among the products that may be considered are legacy card readers, keypads, keycards, integrated lock devices, proximity readers and biometric technologies—and all the credentials each of these devices will require.

When it comes down to a final decision on access control technologies, one key question is, which of these products and/or combination of devices delivers the accuracy, security and cost-efficiency to best meet your defined system criteria and budget?

Before exploring the answer to this question, it’s important to understand the basic concept of identity, which affects nearly every aspect of security.

Identity is particularly vital with access control, where the decision to allow an individual to enter any secured area depends on the ability to determine if he or she is authorized to be there. Therefore, physical security depends on the ability to connect authorities and permissions to the particular individuals who hold them. This connection between identity and permission is critical for triggering actions, including opening a particular door, admitting visitors, issuing keys, accessing sensitive or valuable materials and more. This is why identity verification in security systems—and particularly access control systems—is so important.


So, how can a person’s identity be confirmed? Generally speaking, the methods used to confirm the authorization—and identity—of a person for security purposes can be broken down into three categories: something you have, something you know or something you are.

A card reader is an example of “something you have,” namely an access card. For access control systems, other examples include a company badge, proximity tokens and even garage door openers. Documents such as driver’s licenses and passports may be used in staffed lobbies and security checkpoints. Whatever the physical “thing” may be the common weakness is that it can be lost, stolen or loaned to someone else.

One way to reduce the likelihood of loss or theft is the “something you know” approach to confirming identity and authorization within a security system. Most often these are passwords or passcodes. In some cases, the answer to security questions—such as favorite food or first school—may also be used. Unlike physical credentials, these codes are harder to misplace in a way that would allow them to be used by imposters, but they can be vulnerable to guessing or hacking using social engineering techniques. They can also be easy to forget, which is especially true of strong passwords that contain letters, numbers and symbols. Similar to physical credentials, they are easy to loan to another person simply by telling them.

Commonly referred to as biometrics, “something you are” is the third of these approaches. Examples of these credentials include fingerprints, palm veins, facial features and one or both irises. These offer two significant security advantages over the first two approaches: first, they offer higher identity accuracy and therefore security, and second, they are more difficult to lose, steal or lend.

Many access control systems in businesses use card readers for enabling access. In these situations, an access card is the sole means of confirming the identity of the individual carrying it, and the decision to authorize access is made based on an individual presenting a pre–programmed access card. The card serves as confirmation of the person carrying it. Obviously, this is the lowest level of identity verification because cards can be stolen, loaned, lost or duplicated, making the link between credential and identity tenuous and vulnerable at best.

Without physical identity verification, the reader cannot confirm that the user is in fact the individual to whom a card has been assigned. Two-factor authentication (i.e., access card plus PIN or password) is a security improvement, but even that can be defeated with skimmers and cameras that are readily available. Organizations that use card readers have determined that the low level of security is sufficient for their needs; the truth is that every member of their staff is a potential weak point or vulnerability that could allow criminals or others with malicious intent to gain entry.

It is clear that of the three main methodologies, biometrics has the strongest link to an individual’s identity, making it best suited for ensuring the security of an access control system. Within this general category, the main biometric identifiers used to verify identity are fingerprints, facial and iris recognition.


Fingerprints are thought to be unique to individuals, and can therefore be used for biometric identity confirmation. One positive aspect of this modality is that most people don’t mind having their fingerprints recorded. Fingerprint readers are easy to use and require no special environmental conditions— the messy ink of yesterday has been replaced with digital scanners that take only a second or two to capture the pattern.

As for drawbacks, fingerprints typically require physical contact with something that’s been touched by other people, which poses a hygiene issue, particularly during the cold and flu season. Fingerprints also change over time and as a consequence of activity— for example, age, scarring, calluses and other factors can change fingerprints enough to prevent matching.


Faces contain features that can be used for individual identification. These include the relative position, size and shape of facial elements such as the distance from forehead to chin and eye to ear, for example. Biometric systems capture selected identifiers and turn them into a unique code, which is stored in the reference database and compared to other images to find a match.

One advantage of facial recognition is that it can be performed using a simple image—for both enrollment and identity verification. However, facial characteristics can be easily modified with make-up, hairstyle, facial hair, glasses and similar alterations that could prevent a match. Plus, faces are naturally unstable, with features changing over time—so people must be regularly re-enrolled to maintain accuracy.


Excluding DNA, iris recognition is one of the most accurate among current biometric modalities. Iris identity authentication is also fast—it can take less than a second and readings are non-contact and noninvasive. In the past, iris recognition systems tended to be more expensive than other methods, but new models leverage technology advances in processing power, cameras, and LED illumination, making them available at surprisingly affordable costs. Fixed readers are available, as well as high-throughput systems that can perform iris-based recognition while users walk by at normal speed.

There are still misconceptions in the market about biometrics in general and iris readers in particular. Some facts and an explanation of how iris reader technology works might help to debunk some of these mistaken beliefs. First, remember that reading an iris is not a retina scan. The retina is a layer at the back of the eye’s interior, and requires a relatively intrusive scan to capture. The iris is the clearly visible colored portion of the eye, and can be captured with a camera in a process similar to taking a photo.

The iris pattern has desirable properties for verification compared to other biometrics because of its uniqueness, stability over time and relatively easy accessibility. And iris recognition has high accuracy among biometrics. According to Cambridge biometric expert Dr. John Daugman, a typical iris is extremely complex, with more than 200 degrees of freedom that can be used for identification. This complexity allows for the development of far more accurate identification systems than could ever be achieved with fingerprints (which have only about 35 degrees of freedom) or faces (which have about 20). Plus, an iris cannot be shared or lost, and iris readers cannot be deceived by makeup, hair or clothing changes. Some readers can capture an iris image through eyeglasses, sunglasses and contact lenses, even in outdoor environments.


Because of its non-contact nature, iris recognition technology can be deployed in locations such as pharmaceutical manufacturing where users may wear gloves, at a construction site or port when hands may be dirty or in environments where users wear protective clothing.

As an identity management solution, iris readers have been deployed in applications as diverse as federal, state and local law enforcement, correctional facilities, travel and border security, healthcare, financial services and sports and entertainment venues, in addition to mainstream security locations.

The accuracy of iris recognition systems for identity authentication extends their potential use beyond security to applications such as workforce management, inventory control, logical access and more. For example, consider the efficiency and productivity gains that result from using iris recognition for time and attendance, making “buddy punching” impossible. By eliminating extra steps between punching in, recording hours, processing payroll and performing analytics, iris recognition is also more convenient. These and other non-security applications increase the value of iris recognition systems and deliver greater return on investment for end users.

In general, a higher degree of accuracy translates into a higher level of security, and vice versa. Card/ badge-based and PIN/password-based access control systems cannot accurately determine whether the user is who he or she claims to be. For this potentially difficult task, biometrics is the only one of the three main access control and credentialing methods that can do the job most effectively.

Technology advances in processing power, cameras and LEDs have made iris reader systems available at much more competitive costs, and new form factors are rapidly increasing their reach. Iris biometric- embedded tablets, for instance, combine the accuracy and convenience of iris recognition with the functionality and customization of a mobile computing platform for increased security levels. Other new systems on the market offer high speed, making it possible for users to simply walk through a checkpoint without stopping.

Without question, biometrics is the most fool-proof of the credentialing methods used to verify identity, and today’s iris readers meet all three of the main evaluation criteria for access control systems: accuracy, security and cost-effectiveness. As more organizations place greater emphasis on risk management, iris readers are being deployed in growing numbers to strengthen access control and identity management systems that increase the level of security while delivering numerous additional benefits. In any evaluation of access control systems, biometrics—specifically iris readers—should not only be part of the conversation but should move to the top of the list.

This article originally appeared in the August 2016 issue of Security Today.


  • Survey: Less Than Half of IT Leaders are Confident in their IoT Security Plans

    Viakoo recently released findings from its 2024 IoT Security Crisis: By the Numbers. The survey uncovers insights from IT and security executives, exposes a dramatic surge in enterprise IoT security risks, and highlights a critical missing piece in the IoT security technology stack. The clarion call is clear: IT leaders urgently need to secure their IoT infrastructure one application at a time in an automated and expeditious fashion. Read Now

  • ASIS International and SIA Release “Complexities in the Global Security Market: 2024 Through 2026”

    ASIS International and the Security Industry Association (SIA) – the leading security associations for the security industry – have released ”Complexities in the Global Security Market: 2024 Through 2026”, a new research report that provides insights into the equipment, technologies, and employment of the global security industry, including regional market breakouts. SIA and ASIS partnered with global analytics and advisory firm Omdia to complete the research. Read Now

  • President Biden Issues Executive Order to Bolster U.S Port Cybersecurity

    On Wednesday, President Biden issued an Executive Order to bolster the security of the nation’s ports, alongside a series of additional actions that will strengthen maritime cybersecurity and more Read Now

  • Report: 15 Percent of All Emails Sent in 2023 Were Malicious

    VIPRE Security Group recently released its report titled “Email Security in 2024: An Expert Look at Email-Based Threats”. The 2024 predictions for email security in this report are based on an analysis of over 7 billion emails processed by VIPRE worldwide during 2023. This equates to almost one email for everyone on the planet. Of those, roughly 1 billion (or 15%) were malicious. Read Now

Featured Cybersecurity


New Products

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3

  • Hanwha QNO-7012R

    Hanwha QNO-7012R

    The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection. 3