How secure is your ID card system? Fargo Electronics wants to help you find out. They have developed a series of self-assessment questions that will help card managers determine the gaps in their ‘supposedly’ secure ID cards. This non-proprietary interactive website tool was launched in April.
“We felt there was an awareness that needed to be driven home,” said Joe Wright, Fargo’s marketing director. “We wanted to make end users realize their vulnerabilities.”
A couple years ago, Fargo discovered that “a lot of customers didn’t realize the lack of security with their card system, card issuance process and the card itself. We wanted to develop a tool that would help users realize the level of security, or more importantly the risk, associated with their card program,” he added.
The page, available at http://www.fargo.com/assessment/select.asp, covers three vertical markets – corporate, education, and government. “The majority of our business falls in these three areas,” he said. Users also have to identify the area of the world they’re from, such as the U.S., Canada, Latin America, Europe, Middle East, Africa, or Asia Pacific.
After choosing the area and region, and inserting a zip code, users then are asked to respond to between 10 (education) to 14 (government) questions.
A common question among all three is the current state of the organization’s security system, i.e. what are they now doing to prevent forgery or preventing the card from being used by unauthorized personnel.
“It’s unfair to think that 14 questions online on the Internet will solve their security problems,” said Mr. Wright. “Our goal is to make people aware of security issues by asking questions to provide direction, and then give them an estimate of their level of risk.”
The Fargo self-assessment site won’t initially capture any contact information. “We try to remain neutral,” said Mr. Wright. Users can print off a recommendation report on the state of their card’s security which allows them to take this to their security director.” Fargo can also supply a page of recommended solutions, and it is there that a user can request help from a Fargo solution provider, added Mr. Wright.
A demo of the page was unveiled at the recent ISC West security conference. “We got some pretty positive response,” said Mr. Wright. “Many didn’t even realize their ID card system could be at risk. And, manufacturers of access control systems thought this would be a good tool; both for end users and as an awareness tool for sales and marketing.”
The self-assessment wasn’t ready for the NACCU conference, but Mr. Wright said Fargo will definitely demo it at next year’s show.
Mr. Wright believes that there are “two areas for security improvement in colleges; first, investing in a visual security element on the card, either a high secure custom hologram or secure foil card like Verimark or Holomark. College kids are getting pretty savvy with fake IDs.”
Second, he added, “A lot of people forget about their vulnerabilities within the card issuance process and system itself. Students make cards for other students. Staff uses the system for other purposes. There are solutions available to lessen the likelihood of this occurring, such as a lockable hopper or smart card controlled access (for system users and administrators). There are also software-driven solutions where you can control the hours of operation of the system, set-up notifications for misconduct and apply security images. And if you do find a fraudulent card, you need a good tracking method where you can trace the card back to the printer and the operator.”
Colleges also need to realize that ID cards being issued today have a lot more value. “They can be used for access control, purchasing books, lunches, off-site vendors programs, library use, phone cards, financial data and more. They can also be used to log onto the Internet. As that functionality of the card grows, as does its value, you’ve got to do more to protect the card,” said Mr. Wright.
Fargo first started the self-assessment project last November. “It has been six months in development. We wanted to make sure we had the right tool, and we used a third party company to make sure we didn’t start marketing Fargo instead of providing a good assessment tool,” said Mr. Wright.
In addition to a security report on the company, the assessment tool also compares the company or college against others in that industry. Future input received on the site will determine what that average will be, Mr. Wright added.
Now that the site is live, Mr. Wright said the company is investing in a lot of “outbound marketing” to let people know about it.
Note from the editor: Whether you are a Fargo user or not, it is worth the time it takes to enter your information and get your results. You can gain insight into the types of issues that can impact your overall system security … And you might be surprised by your overall threat level, I was! Visit www.fargo.com/assessment/select.asp.