Many employees tend to overlook physical security measures and lack awareness of the facility’s access control system.
Upon starting a new job, workers are provided with a badge, accompanied by instructions from the security staff to keep it visible at all times during work hours. They are shown to expect that secure doors and vehicle gates will magically unlock or open when they present their badge. The extent of employee involvement in security is limited to reporting lost badges, ensuring no one follows them into the building, and occasionally scanning their badges when leaving work. That’s the extent of their responsibilities.
The Inner Workings
Employees often lack awareness of the inner workings of the company’s access control system, limited to what is visible to them. However, this vital component of a company’s physical security involves numerous elements beyond their perception alone. Badges or credentials can take various forms, including access cards, key fobs, or mobile credentials linked to phones, each using diverse technologies and security measures. Readers, responsible for matching badge technology, are not confined to fixed door readers alone; they can be found on desktop readers activating computers and handheld badge and biometric readers. In addition to these, keypads, various door lock hardware, alarm systems, door control panels, access control software, and the intricate networking and wiring that connects them all contribute to the complexity of the access control system.
While the physical access control system is intricate and comes with a considerable cost, it adds substantial value to the overall physical security of the company.
When a worker scans their badge to access a door, the backend process unfolds in the following manner: The reader transmits the badge number to a concealed access panel, which then verifies the recorded access permissions. If valid, the door opens almost immediately. Subsequently, the panel sends the badge number, permissions, and door information to the backend access control system database. From an employee’s perspective, the crucial aspect is the swift opening of the door. If it takes longer than about one second, employees will feel that there is something wrong with the system.
Within the backend access control system, all information is documented as either ENTRY or EXIT events in the access control database. The activity data stored in these systems is relatively straightforward, resembling the following format:
| Event Description | Time / Date | Device # | Badge # |
| Entry Granted | 8:04AM 1/19/2024 | B2D1 | 3074 |
| Entry Granted | 7:57AM 1/19/2024 | B2D1 | 3176 |
| Entry Granted | 7:42AM 1/19/2024 | Y1G1 | 4203 |
| Entry Denied | 7:41AM 1/19/2024 | B2D1 | 3875 |
| Entry Granted | 7:40AM 1/19/2024 | B1D1 | 2787 |
| Entry Granted | 7:40AM 1/19/2024 | B1D1 | 1632 |
| Entry Granted | 7:39AM 1/19/2024 | Y1G1 | 5205 |
| Exit Granted | 7:35AM 1/19/2024 | B2D1 | 1123 |
| Entry Granted | 7:27AM 1/19/2024 | B1D1 | 1222 |
| Entry Granted | 7:25AM 1/19/2024 | Y1G1 | 2102 |
In other words, the access control system possesses information about the scanned badge, the permission status (access granted or denied), the timestamp, and the location of badge reading—an apparently robust system. However, several gaps undermine its completeness.
Notably, the system lacks knowledge of the badge holder’s identity. If an employee were to give their badge to someone else, that person could gain entry to the company premises without being an employee. Moreover, once a door is opened using a badge, there’s a vulnerability to tailgating, where others can easily follow behind. This risk is particularly pronounced with elevators. Additionally, employees often neglect to badge-out upon leaving or may exit through a non-audited door, introducing further challenges to the system’s comprehensive security measures. Let’s talk about these gaps one at a time.
Gaps in the PACS
Is the right person in possession of the badge?
Determining whether the correct individual holds the badge poses a challenge. Specifically, when a badge is scanned at a reader for entry into a secure facility with specific access permissions, security professionals cannot definitively determine whether the badge aligns with the person who presented it. Unfortunately, this verification is not possible without employing additional tools.
Instances of workers exchanging or scanning a co-worker’s badge are not uncommon, presenting a genuine concern—particularly when the access control system is utilized for tracking work hours (time and attendance). Additionally, the risk exists that a lost badge could be discovered by someone with malicious intent, allowing unauthorized access to a facility.
What about tailgating?
Let’s consider the phenomenon of tailgating or piggybacking—an infringement on physical security where an unauthorized person gains access to a secured facility by following an authorized individual. Essentially, a worker scans their badge to open a door and accesses the facility, but then holds the door open for others to enter without proper authorization. While the act of holding doors open for others may seem courteous, tailgating poses a significant security concern as it undermines the established security mechanisms and processes designed to maintain the workplace’s security.
Did workers badge-out when leaving?
This is a crucial aspect for maintaining up-to-date occupancy information. If readers are installed at all exits and security professionals enforce the practice of badging-out, it becomes a very valuable data point. It allows security professionals to have an accurate count of who is currently onsite and who has left (facility occupancy).
Regrettably, numerous sites have back exit doors that do not require badging to exit, potentially leading to inaccuracies in the tally. This becomes particularly significant in ensuring the safety of employees in an evacuation and emergency mustering. The absence of this information may leave safety professionals, such as Evacuation Wardens, Fire Wardens, Floor Wardens, Emergency Managers, Evacuation Managers, Evacuation Officers, or Crisis Managers, uncertain about whether everyone has indeed evacuated a facility during a fire or other emergency event and accounted for as safe.
How to Have Better Control Over Your Access Control
These gaps present a significant challenge for businesses on various fronts. From a physical security perspective, the ability to control access to the premises diminishes. Instances of borrowing a badge or tailgating to enter another workspace for purposes like checking out equipment, using the bathroom, enjoying lunch at a superior cafeteria, or simply exploring a secured area become concerning.
The situation escalates when someone intends to steal equipment, intellectual property, or trade secrets. Once an unauthorized entry breaches the perimeter, the potential damage is considerable. The intruder gains unrestricted access to secured workspaces, and guards face challenges in swiftly verifying permissions, exacerbating the security risks.
Manned handheld badge readers integrated with the physical access control system offers a comprehensive solution to these challenges. Utilizing a handheld, mobile device to read badges or biometrics enables the access control system to execute ENTRY / EXIT tracking, mirroring the functionality of a fixed badge reader at a door. However, the added benefit is that security professionals can perform on-the-go validation from anywhere and are presented with the registered photo of the badge-holder on the screen from the access control system. This ensures that only the correct individual is granted admission into the facility. Moreover, the handheld scanning of each badge eliminates the possibility of tailgating, enhancing security measures and preventing unauthorized access.
Explore the capabilities of XPressEntry handheld badge and biometric readers from Telaeris, the handheld solution for access control systems. XPressEntry is a powerful tool offering exceptional flexibility to empower safety and security professionals enhancing access control systems and encompasses all the functionalities described earlier.
XPressEntry handheld readers validate permissions and authenticate credentials or biometrics against the identity information on record in the access control system database from anywhere, record entries and exits where door readers are not practical or available, challenge credentials from within secured spaces, spot check permissions to deter tailgating / piggybacking, quickly muster employees during an emergency evacuation, maintain facility occupancy information, and much more.
XPressEntry handheld readers proudly lead the industry with the most access control integrations and proudly lead the industry with the broadest support for badge technologies plus biometrics.
Don’t have a physical access control system (PACS) system onsite? No problem. XPressEntry also works as a stand-alone solution, fully managed by the XPressEntry Server.
CONTACT US for more information and a demo.
Leave A Comment