Fit for Security

Fit for Security

Sandpoint West Athletic Club has used biometrics for 20 years and loves it

Sandpoint West Athletic Club has used biometrics for 20 years and loves itTo say I’m sold on biometrics for athletic clubs after using the Hand- Key since 1995 is an understatement. Back then, we were remodeling our check-in area. While doing so, we decided to re-evaluate our check-in software. We didn’t like membership cards because we were spending too much time on people who had forgotten to bring them; plus, it is very easy for a member to provide their card to a non-member. In addition, there was the actual product cost and labor spent printing and distributing cards. With many short-term memberships, that too was a cost we wanted to reduce.

Around the same time, we discovered that a YMCA in Washington State was successfully using biometrics. We visited them and learned that hand geometry readers positively verify users by the shape and size of their hands by analyzing more than 90 separate measurements of the hand’s length, width, thickness and surface area. This information is compared against a previously stored “template” in the reader’s memory allowing hand geometry technology to provide a fail-safe method to ensure that the person who enters the club isn’t merely carrying someone else’s access card or PIN.

Because HandKeys guarantee that the person requesting access is actually who they say they are, we began to evaluate software and decided to work with Clubrunner, a company that supports the HandKey check-in system.

We opened our remodeled check-in area in September 1995 with a new Hand- Key and two types of software: “HandReader” operates the HandKey, while “Clubrunner” runs our club. HandReader communicates with Clubrunner upon each check-in to record all visits.

Getting Customers Onboard

Starting from scratch, enrollment consisted of assigning people a PIN number and then instructing them to place their hand onto the platen of the HandKey three times. Henceforth, to enter the club, they would only need to enter their PIN and place their hand on the platen. They no longer would have to worry about cards. Initially, some members were concerned about sanitary concerns; others had privacy concerns. For those concerned with sanitary issues, we explained how the platen itself is infused with an antimicrobial coating that keeps it bacteria free. We also provided hand wipes for use after presenting one’s hand. That apprehension quickly went away

With sanitary concerns extinguished, privacy concerns were next. We explained that people often confuse biometrics with the systems they see on TV crime shows. When considering the privacy concerns associated with biometrics, an important distinction must be made between identification, a one-to-many match, and authentication, a one-to-one match. It is vital that users understand the difference.

Identification. A system designed to identify a person compares a biometric presented by a person against all biometric samples stored in the database. The system identifies the individual, if the presented biometric matches one of the many samples on file. This is a one-to-many match and is used by the police to identify criminals, governments to identify qualified recipients for benefit programs and registration systems for voting and licensing drivers. (This is the type of system we see on TV crime shows.)

Authentication. A live biometric presented by the user is compared to a stored sample previously given by that individual during enrollment, and the match is confirmed. The hand geometry of the user is not stored in a database or on an ID card. Instead, an algorithm is performed with points measured on the finger or hand. The template that results from this equation is all that is stored.

Using this knowledge, we assured club members that when they enter an assigned PIN, only that template is transmitted. When they present their hand, the reader runs the authentication process to determine if the template that is stored matches the biometric being presented. If there is a match, the person is authenticated.

A core group of enthusiastic members paved the way for the others. It was interesting to watch. We have two lanes at our check-in: one for the express check-in that uses the HandKey and the other for check-in by an attendant or when someone has questions. Within weeks, the majority of our members wanted to use the express lane.

Perhaps what impressed us the most, from a business standpoint, was how much personnel time we gained. Using cards requires someone to be at the front desk, exclusively devoted to check-in. Upon creating the express HandKey lane, our front desk employee could attend to other duties such as answering phones, signing people up for memberships and other member-related services. From a dollars and cents perspective, an automated express check-in lane is cost effective.

From the Original HandReader to the Next One

Recently, we replaced the ID3D—which had checked in over 2 million members— with a new reader, a Schlage HandKey II that is faster and has even better HandReader software.

Our first challenge was to transfer existing member templates to the new system. We had to get the system up and running, as we have over 400 visits per day. With excellent tech assistance, we were able to transfer more than 2,000 hand templates, so when the Handkey II was up and running, everything worked the same. It was great not having to re-enroll everyone and the members were satisfied.

Also, for 18 years, I’ve been extracting numbers from the old ID3D HandKey using Backhand, a DOS-based program, and matching them to our club’s system software to account for membership changes. The new HandReader software— HandNet for Windows—supports the HandKey II, so manually synchronizing the numbers is no longer required. This compatibility is an incredible time saver.

Today, we have more than 2,000 users stored in the HandKey II. Using a 4-digit PIN, we can assign up to 10,000 unique numbers. This means our members are free to choose their own numbers, one they can easily remember with a four in five chance that they will get the number they want.

Running the Club

Sandpoint West Athletic Club has different types of memberships, and some are even time restricted. Since the HandKey II and Clubrunner records the time and date that a member checks in, this is very easy to manage. Other members want to buy a set number of days. This also is managed easily because the software automatically reduces the member’s visits as he checks in.

Today, there is only one entrance and that requires only a single HandKey. However, in the future, if expansion takes place, a second entrance may be needed. HandNet for Windows will let us control and monitor two or more HandKeys simply and easily. With one program, we will be able to monitor activity and alarms on all readers while controlling the access of each.

This article originally appeared in the March 2014 issue of Security Today.

Featured

  • Analysis of AI Tools Shows 85 Percent Have Been Breached

    AI tools are becoming essential to modern work, but their fast, unmonitored adoption is creating a new kind of security risk. Recent surveys reveal a clear trend – employees are rapidly adopting consumer-facing AI tools without employer approval, IT oversight, or any clear security policies. According to Cybernews Business Digital Index, nearly 90% of analyzed AI tools have been exposed to data breaches, putting businesses at severe risk. Read Now

  • Software Vulnerabilities Surged 61 Percent in 2024, According to New Report

    Action1, a provider of autonomous endpoint management (AEM) solutions, today released its 2025 Software Vulnerability Ratings Report, revealing a 61% year-over-year surge in discovered software vulnerabilities and a 96% spike in exploited vulnerabilities throughout 2024, amid an increasingly aggressive threat landscape. Read Now

  • Evolving Cybersecurity Strategies: Uniting Human Risk Management and Security Awareness Training

    Organizations are increasingly turning their attention to human-focused security approaches, as two out of three (68%) cybersecurity incidents involve people. Threat actors are shifting from targeting networks and systems to hacking humans via social engineering methods, living off human errors as their most prevalent attack vector. Whether manipulated or not, human cyber behavior is leveraged to gain backdoor access into systems. This mainly results from a lack of employee training and awareness about evolving attack techniques employed by malign actors. Read Now

  • Report: 1 in 3 Easily Exploitable Vulnerabilities Found on Cloud Assets

    CyCognito recently released new research highlighting critical security vulnerabilities across cloud-hosted assets, revealing that one in three easily exploitable vulnerabilities or misconfigurations are found on cloud assets. As organizations increasingly shift to multi-cloud strategies, the findings underscore significant security gaps that could provide attackers with potential footholds into networks. Read Now

  • Built for Today, Ready for Tomorrow

    Selecting the right VMS is critical for any organization that depends on video surveillance to ensure safety, security and operational efficiency. While many organizations focus on immediate needs such as budget and deployment size, let us review some of the long-term considerations that can significantly impact a VMS's utility and flexibility. Read Now

New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.