Physical Access Control’s Future in an Increasingly Digital World

This article first appeared on Security Sales & Integration.

Physical access control expected to be dominated by mobile-based access credentials and an increase in cloud-based access control.

As a security system integrator, you probably often wonder what the future of physical access control looks like.

It is likely to be dominated by mobile-based access credentials – biometric authentication, particularly facial recognition (including liveness detection) – and an increase in cloud-based access control with mobile biometric credentials on the mobile device.

Specifically, over the next year, we expect the following:

Reduced need for biometric readers at the door: The increased availability of biometrics – made possible through new cloud-based SaaS access control software (ACS) delivery models – is doing more than making biometrics-based physical access control more ubiquitous.

It is taking the next step of integrating with physical access control-focused mobile app platforms, doing away with the requirement for biometric readers that often come with complicated installations and require ongoing maintenance and service.

These ACS mobile app platforms have the added advantage of also supporting multifactor authentication (MFA) – for instance, requiring two modes of biometric authentication; or biometric authentication and another factor, like a password – for an even more robust layer of security and protection.

Not only do organizations no longer need biometric readers, but allowing users to access secure areas using just their smartphones or tablets can also eliminate the need for traditional access control cards.

Biometric authorization integrated with mobile app platforms can strengthen the overall trend towards completely mobile-based access credentials, enabling physical access control systems of unprecedented simplicity and affordability for businesses, combined with the highest possible levels of convenience, security and speed for end users.

More of What’s Ahead for Physical Access Control in 2025

Support for liveness detection: Heading into 2025, liveness detection will become a more important feature of access control as bad actors look to bring facial recognition evasion techniques from the virtual world into the physical.

It is often said that cyber-threats eventually trickle into the physical world and we’re seeing that today. For example, a fraudster may pull down a picture or video of a person from social media and present that to an app’s authentication interface to gain access to another person’s accounts.

This is known as a spoof or a “presentation attack,” a deliberate attempt to deceive a biometric authentication system by presenting fake or altered biometric data,

To combat these threats, physical access control systems are now implementing liveness detection software much in the same way that digital access control systems have. Liveness detection works in various ways, depending on the biometric modality (face, fingerprints or voice) being used.

When it comes to facial recognition, liveness detection may include “passive” forms that run in the background of a biometric authentication process and don’t require user input, such as a system that scans the user’s face for natural movements like blinking.

“Active” forms of liveness detection, which involve user input, may instruct the user to blink, smile or nod their heads. Genuine users will respond with natural, involuntary movements that can be detected, whereas static images or videos cannot replicate these movements.

Increase in verification performed on mobile devices: According to a recent survey, end users are more comfortable with biometrics than at any time in our history. More than half of consumers polled indicated they use biometric authentication technology regularly, with nearly 50 percent stating they use biometric authentication “often” or “always” to access mobile apps.

Concerns still linger, especially about data breaches and trust in technologies like the cloud. End users still report a tendency to feel more comfortable when biometric data authentication is processed on-device. Although in recent years, significant advances like advanced encryption have been made to protect biometric data processing in the cloud, more is needed to secure matches between a device and a verified individual.

To this end, in 2025, we expect to see more organizations including biometric verification on mobile devices, leveraging the data security options available to them.

When it comes to security investments organizations will place their bets on this year, physical access control is almost always near the top of the list. Biometrics-based systems and increased end user acceptance of biometrics will no doubt play a key role, and organizations will increasingly be seeking fully mobile-based (readerless, badgeless and contactless) authentication experiences.