Covering All Bases
Ensuring recurring card and reader income while helping customers
- By Scott Lindley
- Apr 01, 2016
“The perfect solution in any sale is when you’ve solved a
big problem that the customer may incur while helping
your own business,” said David Barnard, director dealer
development at RS2. “More customers understand the
threat of hacking. That’s why we suggest to our dealers that they show their
customers how to help repel hacking attempts with a very simple solution
that adds to their bottom line.”
As any security dealer or integrator knows, there are two revenue results
of making an access control sale: the proceeds from the original sale
itself and the potential recurring revenue that can be wrought from the
sale down the road. That recurring revenue could be in the form of selling
additional readers and cards as needed or when the company expands.
However, just because you sold and installed the original system does not
necessarily mean you will get the revenue from these additional sales. The
buyer could easily buy cards and readers from somebody else. So, how can
you assure that you will get these add-on sales?
Help Your Customer Solve a Major Problem
It is becoming quite well known that current RFID devices are not suitable
for secure identification. They can be subject to skimming, eavesdropping
and relay attacks. An attacker can fool the system by simply relaying the
communication between the legitimate reader and token over a greater distance
than intended. As these facts become better known, there has been a
drive by security directors to overcome such shortcomings.
In addition, Wiegand, the industry standard protocol commonly used
to communicate credential data from a card reader to an electronic access
controller, is no longer considered inherently secure due to its obscure and
non-standard nature. No one would accept usernames and passwords being
sent in the clear nor should they accept vulnerable credential data. ID
harvesting has become one of the most lucrative hacking activities. In these
attacks, a credential’s identifier is cloned, or captured, and is then retransmitted
via a small electronic device to grant unauthorized access to an office
or other facility.
“With the ability to order specific coded credentials online, the popular
formats can be copied and cloned very easily,” said Jeffrey Tepper, owner of
Southgate Lock & Security in Cleveland, Ohio.
A novel way that dealers and integrators can help their customers protect
their card based systems is to provide a high-security handshake, or
code, between the card, tag and reader to help prevent credential duplication
to ensure that readers will only collect data from these specially coded
credentials. In a sense, it’s the electronic security equivalent of a mechanical
key management system, in which this single organization is the only one
that has the key they use. Such keys are only available through the integrator
chosen for the job. Their integrator never provides another organization
with the same key. No other organization will have the reader/card combination.
Only their readers will be able to read their cards or tags and their
readers will read no other cards or tags.
Let’s highlight the key information from the paragraph above that describes
how dealers and integrators can ensure that they, and they alone,
reap the rewards of follow-up sales. “Such (cards and readers) are only
available through the integrator chosen for the job.” Nobody else is able to
sell your customer cards and readers and readers that will work with their
present cards and readers, which you originally sold.
“The MAXSecure format has been “win-win” product for us,” Tepper said.
“It is a win for the customer because it gives them a higher level of security at
no extra cost. It is a win for us because it keeps the customer coming back for
credentials. As people come and go from companies, it makes us a point of
contact to the person responsible for the access control system.”
MAXSecure is an option that can be added to Farpointe Data’s proximity
and smart cards to provide customers with a way to protect their card-based
systems from skimming, eavesdropping and relay attacks. Skimming occurs
when the attacker uses an unauthorized reader to access information on the
unsuspecting victim’s RFID card or tag without consent. From that point
on, the attacker can control when and where unauthorized entries may occur.
An eavesdropping attacker recovers the data sent during a transaction
between the legitimate reader and card. In a relay attack, the invader relays communication between the reader and a tag which lets the attacker
temporarily possess a ‘clone’ of a token,
thereby allowing the assailant
to gain the associated benefits.
What’s scary about all this is that
the equipment used to perpetrate
the above attacks can be quite inexpensive
and is widely available. For
organizations worried about such
invasions of their proximity or smart
card systems, access control system
manufacturers and leading integrators
can deploy Fairpointe proximity/
smart cards and readers that
provide increased security while, at
the same time, providing themselves
with ensured recurring revenues.
Like Tepper says, it’s a win-win situation.
Tepper is not alone.
“Our dealers love the Farpointe
MaxSecure option,” said Matt Kronholm,
regional sales manager for
TransTech Systems in Aurora, Ore.
“Other comparable extra secure
credentials formats cost extra and
can easily be ‘cracked’ by ordering
through generic vendors. Max-
Secure is the easiest way to secure
both the facility and the customer’s
business without adding costs.”
AlarmNet Security, a security
integrator located in Miami which
helps secure organizations in Florida
and Georgia, agrees.
“We have been serving the
South Florida and Orlando market
for more than 14 years and have
completed services for thousands
of satisfied customers, local and nationwide,”
said Tony Hasham, owner
of AlarmNet Security. “We value
personal service and the personal
relationships we develop with our
customers. We strive to continuously
offer the best undivided attention
to our customers in order to achieve
the long-term satisfaction of our installations
and follow-up services.”
AlarmNet believes in letting
their customers become aware of all
risks they could encounter, even after
installing the new solution.
“An access system itself can be
hacked so we show them the various
solutions they can use to stop
such attacks,” Hasham said. “MAXSecure
helps them stop hacks at the
point of communications between
the card and reader as well as within
the Wiegand protocol. Nobody else
has cards such as theirs and nobody
else ever will since we control the
supply of the specific cards they
use. That protects them now and in
the future. Of course, a by-product
of this security measure means that,
since only we can supply the cards,
only we will get the recurring sales
of the cards and readers that they
will need. This not only produces
additional sales but also keeps us in
front of our customers for any additional
security products they need.”
Creative integrators should always
be looking for ways that help
the customer while helping themselves.
Not only is that good business,
but it is also a way to provide
good customer service. As is so
often said, “A happy customer will
make you happy.”
This article originally appeared in the April 2016 issue of Security Today.