Covering All Bases

Ensuring recurring card and reader income while helping customers

“The perfect solution in any sale is when you’ve solved a big problem that the customer may incur while helping your own business,” said David Barnard, director dealer development at RS2. “More customers understand the threat of hacking. That’s why we suggest to our dealers that they show their customers how to help repel hacking attempts with a very simple solution that adds to their bottom line.”

As any security dealer or integrator knows, there are two revenue results of making an access control sale: the proceeds from the original sale itself and the potential recurring revenue that can be wrought from the sale down the road. That recurring revenue could be in the form of selling additional readers and cards as needed or when the company expands. However, just because you sold and installed the original system does not necessarily mean you will get the revenue from these additional sales. The buyer could easily buy cards and readers from somebody else. So, how can you assure that you will get these add-on sales?

Help Your Customer Solve a Major Problem

It is becoming quite well known that current RFID devices are not suitable for secure identification. They can be subject to skimming, eavesdropping and relay attacks. An attacker can fool the system by simply relaying the communication between the legitimate reader and token over a greater distance than intended. As these facts become better known, there has been a drive by security directors to overcome such shortcomings.

In addition, Wiegand, the industry standard protocol commonly used to communicate credential data from a card reader to an electronic access controller, is no longer considered inherently secure due to its obscure and non-standard nature. No one would accept usernames and passwords being sent in the clear nor should they accept vulnerable credential data. ID harvesting has become one of the most lucrative hacking activities. In these attacks, a credential’s identifier is cloned, or captured, and is then retransmitted via a small electronic device to grant unauthorized access to an office or other facility.

“With the ability to order specific coded credentials online, the popular formats can be copied and cloned very easily,” said Jeffrey Tepper, owner of Southgate Lock & Security in Cleveland, Ohio.

A novel way that dealers and integrators can help their customers protect their card based systems is to provide a high-security handshake, or code, between the card, tag and reader to help prevent credential duplication to ensure that readers will only collect data from these specially coded credentials. In a sense, it’s the electronic security equivalent of a mechanical key management system, in which this single organization is the only one that has the key they use. Such keys are only available through the integrator chosen for the job. Their integrator never provides another organization with the same key. No other organization will have the reader/card combination. Only their readers will be able to read their cards or tags and their readers will read no other cards or tags.

Let’s highlight the key information from the paragraph above that describes how dealers and integrators can ensure that they, and they alone, reap the rewards of follow-up sales. “Such (cards and readers) are only available through the integrator chosen for the job.” Nobody else is able to sell your customer cards and readers and readers that will work with their present cards and readers, which you originally sold.

“The MAXSecure format has been “win-win” product for us,” Tepper said. “It is a win for the customer because it gives them a higher level of security at no extra cost. It is a win for us because it keeps the customer coming back for credentials. As people come and go from companies, it makes us a point of contact to the person responsible for the access control system.”

MAXSecure is an option that can be added to Farpointe Data’s proximity and smart cards to provide customers with a way to protect their card-based systems from skimming, eavesdropping and relay attacks. Skimming occurs when the attacker uses an unauthorized reader to access information on the unsuspecting victim’s RFID card or tag without consent. From that point on, the attacker can control when and where unauthorized entries may occur. An eavesdropping attacker recovers the data sent during a transaction between the legitimate reader and card. In a relay attack, the invader relays communication between the reader and a tag which lets the attacker temporarily possess a ‘clone’ of a token, thereby allowing the assailant to gain the associated benefits.

What’s scary about all this is that the equipment used to perpetrate the above attacks can be quite inexpensive and is widely available. For organizations worried about such invasions of their proximity or smart card systems, access control system manufacturers and leading integrators can deploy Fairpointe proximity/ smart cards and readers that provide increased security while, at the same time, providing themselves with ensured recurring revenues. Like Tepper says, it’s a win-win situation. Tepper is not alone.

“Our dealers love the Farpointe MaxSecure option,” said Matt Kronholm, regional sales manager for TransTech Systems in Aurora, Ore. “Other comparable extra secure credentials formats cost extra and can easily be ‘cracked’ by ordering through generic vendors. Max- Secure is the easiest way to secure both the facility and the customer’s business without adding costs.” AlarmNet Security, a security integrator located in Miami which helps secure organizations in Florida and Georgia, agrees.

“We have been serving the South Florida and Orlando market for more than 14 years and have completed services for thousands of satisfied customers, local and nationwide,” said Tony Hasham, owner of AlarmNet Security. “We value personal service and the personal relationships we develop with our customers. We strive to continuously offer the best undivided attention to our customers in order to achieve the long-term satisfaction of our installations and follow-up services.”

AlarmNet believes in letting their customers become aware of all risks they could encounter, even after installing the new solution.

“An access system itself can be hacked so we show them the various solutions they can use to stop such attacks,” Hasham said. “MAXSecure helps them stop hacks at the point of communications between the card and reader as well as within the Wiegand protocol. Nobody else has cards such as theirs and nobody else ever will since we control the supply of the specific cards they use. That protects them now and in the future. Of course, a by-product of this security measure means that, since only we can supply the cards, only we will get the recurring sales of the cards and readers that they will need. This not only produces additional sales but also keeps us in front of our customers for any additional security products they need.”

Creative integrators should always be looking for ways that help the customer while helping themselves. Not only is that good business, but it is also a way to provide good customer service. As is so often said, “A happy customer will make you happy.”

This article originally appeared in the April 2016 issue of Security Today.

Featured

  • Maximizing Your Security Budget This Year

    The Importance of Proactive Security Measures: 4 Stories of Regret

    We all want to believe that crime won’t happen to us. So, some business owners hope for the best and put proactive security measures on the back burner, because other things like growth, attracting new customers, and meeting deadlines all seem more pressing. Read Now

  • 91 Percent of Security Leaders Believe AI Set to Outpace Security Teams

    Bugcrowd recently released its “Inside the Mind of a CISO” report, which surveyed hundreds of security leaders around the globe to uncover their perception on AI threats, their top priorities and evolving roles, and common myths directed towards the CISO. Among the findings, 1 in 3 respondents (33%) believed that at least half of companies are willing to sacrifice their customers’ long-term privacy or security to save money. Read Now

  • Milestone Announces Merger With Arcules

    Global video technology company Milestone Systems is pleased to announce that effective July 1, 2024, it will merge with the cloud-based video surveillance solutions provider, Arcules. Read Now

  • Organizations Struggle with Outdated Security Approaches, While Online Threats Increase

    Cloudflare Inc, recently published its State of Application Security 2024 Report. Findings from this year's report reveal that security teams are struggling to keep pace with the risks posed by organizations’ dependency on modern applications—the technology that underpins all of today’s most used sites. The report underscores that the volume of threats stemming from issues in the software supply chain, increasing number of distributed denial of service (DDoS) attacks and malicious bots, often exceed the resources of dedicated application security teams. Read Now

Featured Cybersecurity

Webinars

New Products

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3