"Unfortunately, the equipment needed to perpetrate these attacks can be quite inexpensive and is widely available," explains Scott Lindley, Farpointe Data president. "If the card system is hacked, there can be major problems. At the university, years of research can be tampered with or lost. At the hospital, HIPPA rules are very stringent and the penalties for having them breached can be severe. No administrator wants to be ultimately responsible for causing injury to an employee or visitor because somebody gained unauthorised entry via the card system. That's why we're emphasising this at ISC East."

Besides providing 2-factor authentication via combination card reader/keypad units, Farpointe suggests three other options. Maxsecure provides a high-security handshake, or code, between the card, tag and reader to help prevent credential duplication to ensure that readers will only collect data from these specially coded credentials. No other facility will have the reader/card combination that only it gets from its integrator. Only their readers will be able to read their cards or tags and their readers will read no other cards or tags.

At manufacture, readers, cards and tags can be programmed with the Valid ID algorithm, cryptographically ensuring the integrity of the sensitive access control data stored on the card or tag. With Valid ID, readers scan through the credential's access control data searching for data discrepancies, which may occur during the counterfeiting, tampering or hacking of a contactless smartcard. Valid ID is an additional layer of protection to Mifare authentication, operating independently, in addition to, and above this standard level of security. In use, Valid ID allows a smartcard reader to effectively verify that the sensitive access control data programmed to a card or tag is not counterfeit.

With the card validation option, cards and readers are programmed with a fraudulent data detection system. The reader will scan through the credential's data in search of discrepancies in the encrypted data, which normally occurs during credential cloning.