What is card sharing?
Card sharing in access control is when an unauthorised individual gains access to a secure area by using a card credential belonging to someone else. The authorised person’s card is either given to another person or stolen. It is then used illicitly to allow someone to enter a restricted area for which they do not have the appropriate permissions.
What is the problem with card sharing?
Card sharing is a big problem. For security and access control, it is a serious threat to the legitimacy of the system. If an area is restricted, it is restricted for a reason. If people can gain access to it without authorisation, it undermines the entire premise of the system. For the security officer or facilities manager on-site, it makes their job much more difficult.
Reporting is also compromised by card sharing. If an authorised person’s card is used to gain entry to a locked door, the report will show that their card was used, even if it was not them using it. It’s also therefore a big problem for end users. If their card was used to access a restricted area, and then something went wrong in that area, they would be blamed.
How can card sharing be stopped?
There are a wide range of different actions that can be taken to reduce or even eliminate the issue of card sharing. Some are more drastic than others. Some are more expensive than others. But it can be done!
1. Switch to biometrics
The simplest way to eliminate card sharing is to eliminate cards. Swipe cards are not the only option for access control systems, and other methods make it more difficult or even impossible to share credentials. Biometrics does just that. It’s not possible to give your fingerprint or facial features to another person. With biometric readers, you can rest assured that only authorised people can be recognised and granted entry to secure areas.
2. Training and enforcement
It is possible that someone could have their card stolen for malicious purposes. But it’s probably not the most common reason for card sharing. More often than not, it happens because someone lends their card to someone else temporarily. It’s “Can I just borrow your card quickly, I need to get something from this room?”. This is why it’s important that access control is incorporated into the onboarding process of new starters. If good practice can be instilled from the start, and the risks of not adhering to policies are explained, the issue can be reduced. Beyond that, enforcement is essential for encouraging compliance. People who flout the rules must be held accountable.
3. Monitor event logs carefully
Security officers and facilities managers must keep a close eye on what’s going on in their buildings. Most centralised access control systems keep a log of access events. It’s important that this is analysed and reviewed regularly. Any anomalies can be identified and picked up promptly. Any unauthorised access logs can also be looked at – if patterns emerge, then it may be possible to identify individuals who are repeatedly trying to access areas for which they are not authorised.
4. Implement multi-factor authentication
Sharing your access card with someone else is easy. Sharing multiple types of credential is more difficult. It could even be impossible, depending on the credentials required. If users have to swipe a card and enter a PIN code, it adds an extra layer of security and discourages card sharing. If one of the required credentials is biometric data, such as a fingerprint or iris scan, card sharing becomes essentially impossible.
5. Keep on top of the admin
Implementing and enforcing strict policies for lost or stolen cards is essential. That way, if a card is legitimately misplaced or taken, it is rendered useless as soon as possible. Anyone who then tries to use that card will be denied access, and the system will log an unauthorised access attempt. Security officers can then track those attempts and deal with the perpetrator.
Implementing reduction measures
Managing a security system is not easy. Card sharing makes it harder. It poses a significant risk to the security of the premises. Facilities managers must implement measures to reduce or eliminate the practice. If card sharing is overlooked or ignored in an organisation, it undermines the entire access control system’s purpose.
Not every organisation will be able to implement multi-factor authentication or adopt biometric readers at access points. But training, monitoring, auditing, and enforcing can go a long way to reducing card sharing.
👉 For more information about secure access control systems, book a demo with our expert team today!
