Subscribe

The reliability of mobile credentials

Getting to grips with the evolving world of access control

Johannesburg, 24 Jan 2020

The need to eliminate the infamous and highly unreliable visitor logbook, while still providing accurate capturing of a visitor’s details, and on some premises, the assurance that only pre-authorised visitors have access, has created a demand for pin or personal access code (PAC) solutions that provide visitors with access to residential estates and business complexes.

With the ever-changing landscape of access control, it has become essential to have an access control solution that works, but more importantly, works for your environment and meets your needs.  

John Powell, managing director of Powell Tronics, explains that the primary challenges his business encounters in providing a user-friendly PAC-driven access control system in a modern world using mobile technology is ensuring that the system is both secure and resilient to external unauthorised infiltration and that it is adaptable to meet the varying needs of individual estates or business parks.

However, the crux is to select a service provider with a documented and reliable track record.

The right solution needs the right solution provider

Powell says experience is the keyword and estate and property managers are advised to visit similar installations deployed by the supplier to verify the veracity of their claims. A great example is Powell Tronics' PT-GUEST visitor management software, originally developed to enhance the recognised Impro access control solution IXP 400i and the recently implemented Access Portal integration – PT-GUEST Portal.

PT-GUEST has evolved into a substantial system that hands over management of access control to property and estate managers, as well as homeowners and tenants. This is a solution to security and connectivity concerns as well to the challenge of somewhat slower processes experienced due to the adoption of cloud-based solutions for hosting databases.

Fortunately, the PT-GUEST solution and locally hosted database is managed via a secure Web portal rather than residing in the cloud. However, this will be reviewed once total and improved cloud access is available within South Africa.

POPI vs access control

According to Powell, with the imminent introduction of the POPI Act, secure access to the system and the data which it encompasses is PT-GUEST’s strongest attribute. "The software, database and relevant processes are password protected and site administrators are carefully selected by management to ensure that their site’s information is kept securely in-house."

More so during the registration process onsite, certain authenticated personal information is assigned to the homeowner or tenant, which acts as the verification criteria when a PAC is requested for a visitor.  And once it is verified that the request has been issued by a registered tag-holder of that particular site, the PAC and expiry information is expedited via either the registered person’s cellphone number or e-mail address through a secure online service.

This is a necessary tool for pre-authorisation of visitors. Using a cellular messaging service incurs continuous costs, such as monthly subscriptions to the WASP short-code system provider, cost of SMS text messages sent to and from the short-code system to the requesting resident/tenant/employee, as well as notifications of the visitor’s arrival and departure.

In an attempt to assist clients to alleviate these expenditures, Powell Tronics will soon be releasing its Android app for PT-GUEST IXP on the Google Playstore as an alternative for requesting PT-GUEST pre-authorised PACs for visitors and notifications. While this mobile app uses the cheaper alternative of data rather than airtime, it also alleviates issues with cellular numbers being blocked on the WASP provider’s cellular marketing systems, something that has been on rise with the increased amount of unsolicited marketing SMSes received daily from banks, retailers and insurance providers, among others.

In order to ensure the new PT-GUEST mobile Android app delivers the same high-level security currently enjoyed by estates and businesses, mandatory site information and authenticated personal information will form part of the app registration process, and mobile device information will be added to the access control system for future verification.

Once enabled, the app allows the homeowner or employee to enter their visitor’s information and request a PAC, which they can share with their visitor using the standard Android messaging options.

All data sent to and from the mobile app is encrypted and password-protected to ensure that it is not easily infiltrated through the already secure web portal used on site.

Estates quite often require more of the visitor’s details than what is captured in the pre-authorisation process and enforce that all pre-authorised visitors and their vehicle details be scanned when arriving at the estate’s entrance.

While the pre-authorised visitor’s destination is predefined by the system, based on who their host is, guards at the entrances using portable devices scan and decrypt the visitor’s driver’s licence or ID and vehicle’s registration disc and on completion update the access control system’s database with all the accurately captured information.

An audit trail is available which allows estate management to view who requested a PAC, which method was used to obtain the PAC, when it was requested and if and when it was successfully created. This also provides for data mining to establish trends, especially where estates have a number of venues or host various events, such as wine tasting, conferences and golf tournaments, as well as for levy applications.

The four- or five-digit PAC is randomly generated by the PT-GUEST system and allows for a single entry and exit through the perimeter entrances.

PACs are valid for a customisable time period, but expire 24 hours from first use at the entry point, and visitors exceeding this time allocation will have to visit the administration office to request a manual exit. PT-GUEST does, however, also cater for long-term visitors that can be pre-authorised to have multiple accesses to the estate or business park over an extended period of time.

Powell says that in instances where sites have perimeter and internal access points, the PAC will be allocated to allow single entry and exit access to the main gate, but multiple access to the access control points en route to the destination.

It will deny access into any other area within the estate not allocated to the visitor. This prevents visitors from driving haphazardly around estates, thereby adding a further security element to the access control process. PT-GUEST, IXP and Portal have grown to accommodate combinations of over 50 configurable settings which cover a large variety of site preferences and security requirements.

This includes the use of in-lane biometric enrolment or proximity cards, Bluetooth printing for PAC information slips with disclaimers, on-scanner acceptance of terms and conditions and so forth. With each new implementation, new requirements are discussed and inevitably added to the feature list of the next bi-monthly release.

The success of any PAC-driven pre-authorisation access visitor management system is dependent on a collaborative relationship between the system supplier, the contractor, consulting engineer and the estate manager/homeowners association.

The system should furthermore do what it claims to do and should both have verifiable reference sites and be fully supported by the supply chain.

Share