Are you or your customers worried about the risks of card cloning? You’re not alone. In 2022, the SMF think-tank found that the UK has the worst card fraud statistics in Europe, both in terms of number of victims and in financial losses [1]. Many individuals will think of card fraud in terms of their credit and debit cards. However, for businesses, there are additional risks associated to the RFID credentials commonly used for access control purposes.
In the case of an access control card being cloned, the potential impacts on a business are huge. The goal of an access control system is to ensure that only authorised people gain access to restricted areas. If an unauthorised person is able to enter those restricted zones with a cloned card, the consequences could be very serious.
Fortunately, ATRIUM is here to help. In this post, we’ll explore how ATRIUM makes card cloning completely impossible, eliminating all those risks.
What does card cloning mean?
In the context of access control, card cloning refers to someone copying the data stored on a swipe card and creating a duplicate card elsewhere. There are lots of reasons why someone might do this – and they are all malicious. Usually, this is a criminal activity designed to enable an unauthorised person to gain access to a building or area where they are not allowed.
What are the dangers of card cloning?
Cloned cards put your premises at risk and compromise the security of your access control system. First, there are the very serious potential impacts of unauthorised individuals gaining access to restricted areas. Theft, vandalism, and even harm to individuals are possible. Data breaches carry significant cause for concern too, along with the reputational and financial damage done by them.
Operationally, card cloning poses a huge headache. When a business becomes aware of a breach or a cloning issue, it might not always be possible to know which card was cloned, or how it happened. In some cases, hackers have accessed event logs to erase the evidence of unauthorised entries [2]. Any kind of security breach of this kind is likely to lead to a full overhaul of the system, incurring significant cost to upgrade and replace all the existing credentials and other system components.
How does card cloning work in access control?
The technology used by cards in access control systems is called RFID – that’s Radio Frequency IDentification. RFID comes in many different formats with different levels of security. Essentially, when the card is presented close to the reader, it transmits a string of binary code to the reader. The reader then sends that code back to the control board to verify whether it’s a valid credential or not.
The point at which card cloning occurs is when the card transmits its code. Hackers seek to intercept the transmission and copy the code, ready to save it onto a new, unauthorised card. However, not all cards share the same level of protection from this kind of attack. That’s where ATRIUM steps in.
How ATRIUM eliminates the risk of card cloning
ATRIUM access control is protected at every step by our KRYPTO solution. You need just three things to have a fully secure and encryption system:
- The ATRIUM A22K control board
- Readers from our K Series
- Credentials from our MIFARE® DESFire® EV2 range
At each point of data transfer between these components, KRYPTO protects the data with AES encryption. This encryption standard is the preferred option even for the United States government, thanks to its uncrackability (no, that’s not a real word). With today’s most advanced computing technology, it would still take millions of years to break an AES encrypted code using brute-force methods.
How does AES encryption prevent card cloning?
AES encryption takes the binary code that access control credentials transmit, and changes them into a format that is unreadable to outside eyes. An algorithm is applied to the data multiple times to transform it into what would essentially be gibberish to an unauthorised hacker. The only way to decrypt it is to have exactly the same key that was used to encrypt it. And with the highest level of AES encryption, that key is 256 bits long. That means the number of possible combinations that can make up the key is unfathomably large. Technically, it’s more than 115 quattuorvigintillion. Trust us, that’s big. That’s why it would take so long to randomly guess that key using brute-force methods, and why ATRIUM is so well protected.
How can I prevent card cloning?
Simple – choose ATRIUM access control. With the ATRIUM A22K and compatible readers and credentials, card cloning is simply not possible. And the benefits of that peace of mind are huge. For security officers, it means a whole area of risk that no longer needs to cause worry. Business leaders can be confident that only authorised people have authorised credentials to access the building. And for day-to-day end users, it means security. Everybody wants to feel safe and secure, whether they’re at home or at work. Knowing that their data is safe and the building is secure means users are more likely to champion the system and adhere to usage policies.
For more information about ATRIUM:
