printer friendly version

Mobile credentials taking off

Mobile access via smartphones is becoming more common, with use cases ranging from Bluetooth, NFC (Near-Field Communication), or QR codes to manage secure access to commercial and personal locations. Mobile access offers convenience for registered users, while also making it simpler and easier for visitors, temporary workers, or delivery personnel. However, privacy, the loss of full control of identity data and user buy-in are potential challenges.

On the other hand, cloud management’s benefits make it appealing to many, allowing centralised management and real-time monitoring, which is ideal for environments with multiple entry points. It further provides for data collection and analysis, which can be helpful for building and people management, as well as the broader security function.

The 2024 IFSEC/HID State of Physical Access Control Report states, “While physical ID is still prevalent within the access control industry, there is no doubt that mobile access credentials and digital IDs are fast gaining ground.”

It further states that about 39% of respondents to the annual report “actively use mobile identities,” and they believe touchless/contactless solutions (48%) and mobile access (44%) are the two most significant trends shaping the access control industry. The report also expects almost 80% of organisations to deploy mobile IDs within the next five years.

“The advantages of flexibility, cost saving, improved hygiene and privacy have made the technology widely accepted by end users,” according to a report from Ivy Sun, Senior Analyst at Omdia. “Access control vendors have cited mobile credentials as the dominant trend influencing the market. The advantages of flexibility, cost saving, improved hygiene and privacy have made the technology widely accepted by end users.”

Furthermore, the company predicts that revenues from mobile credential sales will grow at 39,8% CAGR between 2022 and 2027. With these positive sentiments in mind, SMART Security Solutions asked two industry players for their thoughts on the state of mobile access and how they see it changing over the coming year.

Growing acceptance and rollout

Werner Geldenhuys, Paxton’s Country Sales Manager for South Africa, says that the use of mobile devices for access control has grown in popularity. “At Paxton, we offer users the option to use their phone or smartwatch as a key to access doors for free with Paxton10. This is available via the Paxton Key app. According to our records, there were over 19,000 downloads of the Paxton Key app in South Africa over the past three years, demonstrating that people are open to using mobiles for access control.”

Werner Geldenhuys

The reason for the interest, according to Geldenhuys, is that compared to traditional access cards or tokens, people almost always carry their phones on them, meaning it is one less thing to carry around. In addition, many people use biometrics on their phones to increase the security of personal data or documents saved on the device. “So, if a user loses their phone, technology like the Paxton Key app adds a layer of security and prevents unauthorised people from accessing the building.”

This leads to another benefit of using smart devices as keys; saving on the costs of buying access cards or replacing keys and locks if lost.

In a recent case study with Beau Vie II, the benefits and convenience of using the Paxton Key app for both the building manager and users was showcased. Beau Vie II is a student apartment block located at Banghoek Road, Cape Town. To secure the apartment, they use Paxton’s access control and video management system, Paxton10, alongside Paxton10 cameras and video door entry solution.

Morné Mellet, Technical Systems Specialist at Remote Entry Systems, installed and now manages the system for the customer. He said, “The smart credential is a major plus point for the client and the residents. At first, all the residents used the traditional keyfobs, but then, they requested the smart credentials one by one after seeing other people using their phones instead. Currently, about 90% of the residents are only using their phones as keys.”

Andre Vermeulen, GM of Secutel Technologies, adds, “While mobile access is steadily growing, adoption has varied across industries. Some sectors embrace it fully due to its convenience and security, while others implement it selectively, often citing compatibility or infrastructure concerns.

“With solutions like NoKey, we have observed a shift toward mobile adoption, especially in environments prioritising remote management and enhanced security. Our platform’s ability to integrate seamlessly with existing systems supports this trend, offering convenience without compromising control.”

Privacy issues and user buy-in

With the growing focus on personal privacy and increased regulatory scrutiny, some users may have issues with ‘company software’ on their phones. While this may not be a real risk (assuming one uses reliable brands’ apps), it still worries some people.

“User resistance to company apps often stems from concerns about privacy and compatibility,” says Vermeulen. “At Secutel, we mitigate this by emphasising the NoKey app’s secure and user-friendly nature, which does not interfere with personal data. Educational initiatives like training sessions or quick-start guides can help users feel more confident. Highlighting key features like end-to-end encryption and biometric authentication also reassures users about safety and simplicity.”

Geldenhuys explains that this is not necessary. “Paxton’s smart credentials do not gather any information from the user or the device. They only transmit a unique identifier to the Paxton10 system that is compared against a database of users to determine if a user has access.”

In addition, while passwords are still the primary means of accessing digital assets, the surge in cyberthreats pushes many to look for additional access control solutions to secure electronic resources and increase overall security. Vermeulen says integrating digital and physical access is feasible today and is increasingly in demand.

“Solutions like NoKey already allow users to unlock physical doors and remote management via smartphone apps. With built-in biometric and PIN authentication, NoKey bridges physical and logical access by ensuring only authorised personnel can operate in sensitive areas. For instance, integration with systems like Visual Verifier can restrict digital access unless users are physically present at a site, enhancing security comprehensively.”

Threats to and from the user

One of the debates around using personal devices for mobile access is the safety of mobile credentials. Smartphones are not only used for gaining access, but users can do almost anything with them, using apps that may be from unreliable sources. The threat of infecting one’s phone with some form of malware is real, and the question must be asked whether some breach of a personal device could impact the mobile credential, the associated app, or be transferred to the corporate network.

Vermeulen does not see this as a significant threat. “Smartphones used for access control, like with NoKey, are safeguarded by layers of encryption and a secure app architecture. The malware risks are minimised by using end-to-end encryption and hosting all data on a secure cloud platform. Additionally, biometric authentication ensures unauthorised access remains unlikely even if a phone is compromised. Regular app updates and strong IT policies can further enhance security.”

Built-in biometrics

Taking security further, a mobile credential is secured on a user’s smartphone, meaning there can be an additional layer of protection – multi-factor authentication (MFA) – which ensures the user is who they claim by requiring them to unlock their phone. Since smartphone fingerprint and facial biometrics are much more reliable today, verifying your identity with your mobile is an added MFA layer (even if a PIN is used), and the identification data stays on the user’s device, avoiding any privacy pitfalls.

According to Geldenhuys, system administrators can identify critical areas for a building and require Paxton Key users to unlock their phones before being granted access. Access will be denied if a user does not unlock their device or cannot unlock it. This security requirement can also be implemented site-wide. It will come at a significant cost saving as the end user will benefit from biometrics by simply utilising their mobile devices.

Vermeulen agrees, noting that organisations increasingly leverage device biometrics as an added layer of security. “With NoKey, smartphone biometric authentication is seamlessly integrated, ensuring only the authorised user can access facilities.”

QR codes are also used for access control, especially visitor management. However, we have recently seen criminals corrupting QR codes for nefarious purposes. This raises the question of risks to both the user and the company implementing access control. Vermeulen notes that while QR codes are still used in some scenarios (such as residential estates), BLE (Bluetooth Low Energy) is a more secure and efficient alternative, offering extended range and robust encryption to mitigate tampering risks.

Solutions in the market

Finally, SMART Security Solutions asked what products and solutions regarding mobile access solutions Paxton and Secutel have released over the past year, and what we can expect to see in the near future.

Geldenhuys says the company launched the brand-new Paxton Entry app in October 2024 as a new entry for the Paxton video door entry system. “The Paxton Entry app allows users to answer video calls from a Paxton Entry panel and open the door from anywhere in the world at any time. The app offers users the convenience of being freed from a specific computer or monitor, allowing them to answer and manage visitor access, while away from their desk.”

He adds that the Paxton Entry app has received positive feedback:

• Pete Harrop from Origin Solutions said, “The Paxton Entry app provides a very useful feature, enabling reception to answer calls from the Entry panel while away from their desk.”

• Peter Gale from Cohort Security Solutions said, “It is very simple and intuitive. It is straightforward, easy to set up and easy to navigate.”

In the past year, Vermeulen states that Secutel has advanced mobile access control through NoKey, featuring:

• Secure mobile credentials with biometric and PIN authentication.

• Seamless integration with security and camera systems like Visual Verifier.

• Remote management and event logging via the NoKey.io Cloud platform.

“Looking ahead, we aim to enhance compatibility, expand integrations, and explore AI-driven analytics for predictive security measures. Offline access features and real-time activity monitoring will remain core focuses as we continue prioritising convenience, efficiency, and security for our clients.”

Share this article:

Further reading: