July 2010


At HID Global, we recognise the critical role that developers play in the success of our embedded solutions business. At the same time, we also are the first to admit that we can do more to support them and make it easier for developers to adopt our technology solutions.

At the beginning of the year, we set out to improve the level of support we provide to our customers and we have invested a significant amount of time in the last six months to understand the best way to do so.  We want to ensure we provide the developer community with everything they need to make their products a success and in the most accessible way.  To this end, to coincide with the release of the latest version of the identiCLASS™ reader platform for e-government, we are pleased to be launching our first dedicated developer tool kit.

The ‘plug and play’ tool kit will provide a link to a secure, online developer portal with access to all the relevant technical resources, tools and documentation developers require, from product certification and application notes to up-to-date product guides.

The tool kit has been developed in consultation with a number of our long-standing partners and benchmarked against leading developer programs across other industries.  The feedback we have received from our partners who have already trialled the tool kit has been extremely positive. Our plan is to make the tool kit available for all HID Global embedded products in the future and to continue to build on the platform by introducing more tools, such as moderated developer forums and a searchable knowledge management database.

If you are a developer for HID Global and have any suggestions or recommendations on how we can improve the HID Global developer tool kit, please contact me at [email protected].

I’d love to hear your ideas.


In the wake of the recession, competition in the marketplace is at its most fierce and a resultant trend has emerged among retailers. In an effort to attract and retain customers, a growing number of organisations are turning to loyalty card schemes, and reaping the benefits of higher profitability in the process.

Loyalty cards offer a win-win opportunity for both retailers and consumers. For the consumer, they are a convenient way of stacking up points and rewards for future purchases and gaining 'special' access to discounts and promotions. Whilst for the retailer, they provide deep insight into customers purchasing behaviours and spending patterns.
Whilst most loyalty cards currently in issuance are 'non-technology' cards, loyalty cards using smart card technology are fast growing in prominence. Encompassing a read-write memory chip or RFID-based contactless technology, smart cards offer additional speed, security and a faster route to ROI than their 'non-technology' counterparts. Such advancements have therefore seen retailers gravitating towards smart card loyalty schemes.
Albeit loyalty card issuance offers clear advantages, it would seem that many of us are failing to get the most out of them. Recent research commissioned by the Subway chain shows that the UK are sitting on a whopping £5.2 billion of unused loyalty card points!
Instant issuance, however, has come to the fore as the approach for retailers to boost loyalty card usage. Wal-mart has embraced instant issuance successfully, installing 5000 printers across its US store network. The immediacy offers retailers an early chance to incentivise their customers to start collecting points, spending money with them there and then.
Above all, the major concern for retailers is to ensure that their customers never experience 'loyalty card fatigue'. With consumers constantly faced with alternative ways to spend their money and earn rewards, retailers need to stay one step ahead of the game with their loyalty card schemes. We are an increasingly tech savvy society, so when it comes to loyalty cards, rightly, we are demanding higher levels of security and convenience. Smart card-based schemes are thus well placed to support retailers in keeping their customers satisfied, engaged and attracting the next wave of loyal customers!


Earlier this year, we announced the HID Global Trusted Identity Platform™ or TIP, the framework for future secure identity products and solutions.


We shared our vision for a “virtual identity vault” that serves known endpoints, such as credentials, readers and printers, on a secure Internet connection, within a published security policy. We call this a bounded-type system, where all the devices attached to it are known and therefore trusted to exchange information securely.


We spent three years developing this new system that will be able to support all kinds of different nodes—readers, cards and (in the very near future) near-field communication-equipped mobile devices. Each is registered as a “trusted node” and transactions can take place anytime.


Today, HID Global is taking a big step forward in making that vision of a trusted, virtual and on-demand identification network a reality. We’ve partnered with INSIDE Contactless, a leader in NFC chip technologies and one of a handful of companies driving the NFC trials currently underway around the globe.


With INSIDE, we’ll be allowing NFC-enabled phones to hold the same market-leading iCLASS® access control and credentials information as our physical smart card. By holding your phone near a reader, you’ll be able to access buildings, unlock a laptop, gain network access, and do much, much more. Because Internet connectivity is part of every smartphone, you also will be able to use your phone for a host of activities that were previously unheard of. You’ll still get identification and physical access control, but you will be able to merge your credentials with other web services and real-time communication.


Expect to hear more from us in the coming months about virtual credentials, and plan to see the first NFC-driven iCLASS virtual credentials in 2011.



The benefits of smart card technology to business and to employees are hard to dispute. But privacy advocates worry that this highly sophisticated technology could jeopardize the security of personal data.

They also fear that chips used in the access control cards in your pocket could enable the cardholder to be tracked without their knowledge and against their will.

These concerns are grounded in misconceptions over just how technologies based on RFID (radio frequency identification) actually operate. In fact, contactless access control technologies operate at RFID frequencies which cannot be read from a distance. And most of these applications do not store or use any personal data, with the cardholder’s privacy protected by using a unique identifier instead of personally identifiable information (PII). From a privacy perspective, user control is of paramount importance. Contactless access control technologies support user control by allowing users to allow their credentials to be read only when the user presents the credential to a reader for physical or logical access.

In May 2009, the EC introduced a framework to establish best practices for privacy and data protection in RFID implementations. The new guidelines have been well received by consumer groups and manufacturers as an important step towards improving transparency and guaranteeing data security and privacy for the individual. But they have direct implications for all companies that use contactless smart cards in secure access control applications.

Access control databases often contain personal data - even though the smart cards themselves do not - so solution providers and users need to bear this in mind when installing and updating systems. The privacy impact assessment (PIA) has been highlighted by the EU recommendations as a practical way to understand how personal data is used in an access control system. The PIA looks at who has access to the data, what data will be collected, how long the data will be held for, and how that data will be used within the organisation. It also incorporates measures to prevent unauthorized access and it is backed up by a clear audit trail and action plan in the event of a breach.
At the present time, the EU recommendations are voluntary standards. But if companies fail to show they are taking them seriously by May 2012, the EC could make these privacy controls law. By addressing privacy and undertaking pre-emptive risk mitigation now, companies can move to allay any concerns and demonstrate to their employees, shareholders and customers that they are tackling data security and privacy issues head on. Indeed, those companies with the foresight to become early adopters of the EU recommendations will find themselves first in line to understand the technologies that can resolve them and ahead of the game when it comes to anticipating critical business issues.