Fingerprint readers have been removed by few companies to be replaced by simple badge readers. This decision made by many security managers is actually enhancing risk level instead of protecting employees.
How to keep security and employee’s health protection during the crisis?
We explain here what measures and considerations should be taken to NOT deactivate fingerprint readers during the crisis.
You have a fingerprint reader to increase security, right? The existing systems based on fingerprint technology are a more trustful system than ID badge or RFID system, because fingerprint assures authorized people to be identity’s holders and not someone holding a badge and trying to break into secured area with others’ credential.
Badges can be stolen and even cloned, but not your fingerprint features.
The General Data Protection Regulations – GDPR and Data Protection Impact Assessment – DPIA are a major issue for many countries, overall in the European Continent.
These countries need to respect the regulated framework for user’s privacy. The legal environment for biometric projects using fingerprint capture are strong well-though and planned by governments and actors in the market. This implies that today, in the current stage, fingerprint and biometric systems are stronger than other systems.
Concerning this structured offer and protection of data, why would a company remove these layers of security in a fingerprint based system ?
Many will think and see the contact biometric technology as a vector to certain diseases or virus. But, the removal of these protection represent a bigger risk than the others.
Indeed, by deactivating biometric systems with already structured framework to low level security appears a bad choice and risk taken.
The deactivation of the system already in function give a breach and higher exposure to attacks in terms of personal data and physical access control amidst others. The risk here is augmented if systems are not active.
Can you as a security manager let this risk happen?
You are not going to remove all contact objects, are you ?
In our daily life and relations, contact is key. Now, if we speak about companies, will you remove door handles or common objects as coffee machine, tables, desks to avoid contact? Probably not, the same is applied to biometrics with fingerprint technology.
“Back to badge” : clearly not the best idea !
The replacement of fingerprint contact readers to badges is far from being ideal in both security and health aspects. It’s to be emphasized that cards can be easily cloned, and have a low security option for protection.
A false sense of security is common in cards or RFID technologies, because it’s difficult to identify an illegitimate entry into the secured area.
Health issues: Badges aren’t hygienic as you think, just because they work through a contactless technology, it does not mean it can reduce virus transmissions. The card in contact with other objects can be turned into a vector. The avoidance of virus transmissions is more about how often do you wash or sanitize your hands than grab contact-objects.
In addition, badges are bigger than fingerprint sensor, this means that there are more contact surface to contain viruses. A sensor measures only 15×20 mm / 0.6×0.8 inches VS a classic card 54x86mm / 2.12 / 3.38 inches).
So what are the recommendations?
Put or leave your fingerprint terminals active, for matters of security. You will maintain a high level of protection.
IDEMIA made several recommendations to clean and sanitize the sensors on its terminals. But we could also recommend that you treat such readers as you treat other objects already mentioned here above, and provide (touchless) hydro-alcoholic gel or wipes dispensers next to them. This way, your employees can clean their hands right after using the fingerprint sensor and the door/handle.
This is maybe an inspiring example: pedal-activated gel dispenser next to the reader and door handle.
Source: Document from Nicolas Raffin – VP of Marketing at IDEMIA