Today, there are many card-based options for controlling physical and network access. Although many organizations have transitioned to newer, more secure options, such as smart cards and RFID cards, others still have magnetic stripe cards in place.
Continuing our two-factor authentication explained series, this blog takes a closer look at using magnetic stripe cards for access control—how the cards work, the benefits of continuing to use this authentication method, and the drawbacks of not upgrading to newer authentication methods.
How Magnetic Stripe Authentication Works
Most people are familiar with magnetic stripe cards—they are often used as credit cards and hotel key cards. There are two types of magnetic stripe cards: high coercivity (HiCo) and low coercivity (LoCo).
On a HiCo card, the stripe is typically black and is encoded with a stronger magnetic field (2750 Oersted). These cards are a bit more durable than their LoCo counterparts and are, therefore, recommended for longer-term use and situations that require more frequent swipes.
Conversely, the LoCo’s stripe is generally brown and encoded with a weaker magnetic field (300 Oersted). These cards are less durable, which is why they’re typically used for short-term applications, like as hotel key cards.
In both cases, the cardholder’s information is stored as binary code on the magnetic stripe on the back of the card. To gain access to a given resource, the user swipes the card through a magnetic stripe card reader. The data is read when the magnetic stripe passes over the reader’s head. Once the data is validated by the reader, the user is permitted access.
An optional PIN or password can be required for added security, but this is generally dependent on the controlling software to manage, as it’s not stored or processed on the magnetic stripe card itself.
Ease of Use
Most people are familiar with magnetic stripe cards, because they’re widely used for a number of applications. Moreover, readers work very quickly—all it takes is a swipe and the user is permitted access.
Less Expensive than Other Cards
Magnetic stripe cards are an affordable option for low-security environments and convenience-based applications. They cost as little as 10 cents per card, as opposed to RFID ($1-10 per card) and Smart Cards ($50-$100 per card).
Leverage Existing Investments
Many organizations already have magnetic stripe readers in place in some capacity, such as for point-of-sale systems and in police vehicles for license swipes. In these situations, it can be cost-effective and only require minimal effort to leverage or expand on these existing investments. Swapping out hundreds or even thousands of cards and their readers is a much more expensive and involved project.
Can Be Remotely Deactivated
If a card is lost or stolen, the card can simply be disabled and a new one issued to the user, as opposed to having to replace the locks and issue new keys to all users, as in the case of a traditional key. Although this can also be done with other access cards, these other cards cost more to replace.
Magnetic stripe cards can store different types of data and be used for a number of applications, such as hotel key cards, school or employee ID cards, public transit passes, door keys for physical access, and facilitating network access. In addition, they can be utilized as combined ID and access cards.
Although magnetic stripe cards provide more security than 2D barcode cards, they are significantly less secure than other card-based authentication methods. For starters, magnetic stripe cards store data as simple binary code with no encryption.
Furthermore, duplicating magnetic stripe cards is a relatively simple process, and it’s easy to purchase the equipment to do so online. All one needs is a card skimmer to skim the information from the card and duplication equipment to clone the card. Because of this, magnetic stripe cards shouldn’t be used in high-security situations, and they should be layered with a PIN or password to increase security as needed.
Wear and Tear
Another problem with magnetic stripe cards is that they’re made of flimsy plastic, and therefore, easily scratch or break. Additionally, because cards must be physically swiped through a reader, they are subject to wear and tear over time. Finally, a card’s magnetic stripe can become demagnetized, making the data stored on it unreadable. All of these issues can cause reader issues or render a card unusable.
Because magnetic stripe cards must actually be swiped through a reader, users have to get their cards out of their wallets, pockets, purses, etc. for every use, making them less convenient than proximity-based methods.
And, although swiping is easy, it doesn’t always work on the first try. We’ve all been in situations where our magnetic stripe card required multiple swipes to be read properly. Sometimes, this is due to user error, such as swiping too quickly or slowly or the swiping with the magnetic stripe on the wrong side.
Magnetic Stripe Cards Can Be Lost or Stolen
Like anything that must be carried, the cards can be lost, stolen, or forgotten. If this happens, a user is unable to authenticate until he or she locates the card or receives a replacement. Magnetic stripe cards also offer little protection if they fall into the wrong hands, especially if a PIN or password is not required.
If you don’t already have magnetic stripe technology in place, there are hard costs associated with deployment. Although magnetic stripe card readers are less expensive than barcode scanners and other reader types, they still must be purchased and implemented. You must also invest in a magnetic encoder and ID card software that encodes information onto the magnetic stripe. Finally, you have to factor in the cost of purchasing and replacing the cards themselves.
Meeting Your Organization’s Authentication Needs
Magnetic stripe cards have long been in use as a way to control access. Organizations continue to use them due to their relatively low cost and simplicity compared to other card-based methods, the high cost and effort to rip and replace existing technology, and user familiarity with how the cards work.
However, there are a number of more secure authentication options available today. You must carefully weigh the benefits and drawbacks of the various access control options to see what’s best for your organization. Choosing an authentication platform that offers flexibility and a broad range of authentication options can help your organization meet these needs as they grow and change over time.