SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image

Creating a secure and welcoming environment with automated visitor management

Tue, 22nd Mar 2022
FYI, this story is more than a year old

How can organisations create safe working environments that people actually want to visit?

For many, visitor management systems are the answer. Visitor management systems are becoming increasingly commonplace as part of facility management strategies for government buildings, workplaces, schools and medical facilities.

When combined with self-service technology, these systems become an important first step in a visitor's journey, offering a pleasant and frictionless experience for customers, contractors and employees.

Safety first — the problem of human error

Yesterday's reception areas ran entirely on human power. A visitor would enter the building and head to security or a welcome desk, where they told the attendant or receptionist the purpose of their visit while providing identification. That attendant would then verify the visitor with the building occupant and type the visitor's information into the system to create a visitor pass.

Unfortunately, humans are prone to error. Information can easily be keyed incorrectly, the building employee could be hard to find, and the visit may be unexpected. With the possibility of dozens of visitors arriving at once, each needing access to different areas to connect with different people, a receptionist or security attendant could easily become overwhelmed.

In addition, they're not only expected to be on top of the visitor schedules but also able to at spotting fraudulent IDs from different states and countries. It's easy to see how an individual could be granted access to the wrong area or allowed to enter somewhere that should be restricted to vetted employees and contractors.

Automating for a warm, secure welcome

On the other hand, an automated visitor system virtually eliminates user error, establishing a more secure building for visitors and staff alike. Sophisticated self-service systems allow visitors to register themselves at multiple kiosks rather than waiting for a security attendant.

Modern self-service kiosks often feature a document reader that simply scans a credential verifying their visit and scans their identification depending on the level of security needed.

Removing the task of manually entering information into a security system speeds up the registration process while leaving reception and security staff free to better cater to the needs of visitors and staff alike.

From documents to data tokens — understanding credentials

What we refer to as "credentials" are typically either a document, card or data token issued to an individual by a third party that grants them access to the premises while on site. These credentials can include a visitor badge, printed or digital QR code (2D barcode), a radio frequency identification card or government-issued IDs such as passports or driving licenses.

Following a visitor's registration, one or more credentials or tokens can be used while navigating the building. This includes a final check-out before leaving the site — a crucial last step for fire safety and contact tracing purposes.

For more secure applications in data centres, schools or government buildings, government-issued IDs can also be used to enrol a visitor before providing them with access to secure areas on-premises.

Common Types of Credentials

Let's take a closer look at the common types of credentials that a visitor management system can process.

  • QR codes - High user familiarity, low-cost issuance, extremely fast decoding of data
  • RFID cards - tags - High level of security - encryption, programmable - reprogrammable, contactless technology
  • Government-issued IDs - Highest level of assurance, automatic enrolment using personal data, allows use of facial recognition technology

Understanding Readers

Once a visitor has registered and been issued a credential, that data token or ID document needs to be read by a device at a point of entry. These readers are usually positioned on a reception desk or fitted to an unattended self-service kiosk alongside other peripherals for printing badges or issuing access cards.

Readers are often connected via USB to a host PC with the visitor management or access control software running locally. Embedded computing and Internet of Things (IoT) technology allow highly capable devices to communicate directly with a server or cloud service via a local area network for easy deployment and integration. IoT-ready devices are widely used today in airports and public transport networks to improve passenger flow and experience.

The best visitor management systems can accept whichever credential an organisation is currently using. For example, a building with multiple tenants may have multiple security systems.

In one company, the internal person attaches a QR code to the meeting invite; when the visitor arrives, they'll scan that code at the kiosk. Meanwhile, another may simply request a visitor arrive, register on the enrolment kiosk and scan their Drivers Licence or National ID card.

Security requirements can also be dependent on the type of visitor. After all, an interview attendee poses a lower threat than a contractor, so the credentials required should reflect this.

In this case, an organisation may wish to issue the prospective employee a temporary barcode to be read from their phone or a printout when they arrive on site. However, as the contractor will have access to secure areas, enrolling them using their government-issued ID would be prudent.

Ideally, both the temporary barcode and government ID can be read and verified on the same device.

Accurately - efficiently capture data

The use of multi-modal devices such as the ATOM identity document reader allows an organisation to automatically capture personal data, barcodes and high-resolution images of the presented ID.

Using sophisticated optical character recognition technology, personal data such as the holder's name, document number and address can be automatically read from the ID and output to the visitor management system. This data can then be used to enrol a new visitor or cross-check against a list of pre-registered visitors or employees.

Images of an ID captured using multiple wavelengths of light (white, infrared and ultraviolet) to expose the printed visible and invisible security features can be used to complete automatic authentication.

A wide range of authentication techniques is used to determine whether the document is genuine or not, including detecting optically variable inks, UV pattern matching, and cross-checking of personal data in the machine-readable zone, visual inspection zone and biometric chip.

For further assurance in self-service or partially attended applications, a facial image extracted from the document data page or biometric chip can be used to complete a 1-to-1 face match with a live image of the document holder to ensure the visitor is who they report to be.

This ability to read different national IDs, barcodes, RFID cards and even EU Digital COVID-19 Certificates on a single device allows a visitor management system to accommodate a much wider range of visitors.

The future of visitor management starts now

The world is becoming ever more connected due to global trade - cultural exchange. As a result, organisations and workplaces are transforming from national to international entities at an unprecedented rate. The systems used to manage the multitude of individuals attending a site need to be as flexible and dynamic as the organisations deploying them.

Multi-modal devices provide a simple, single touchpoint for all types of visitors across an entire global organisation for a safer — and simpler — world.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X