classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn

Hi-Tech Security Solutions Business Directory
Residential Estate Security Handbook 2018

Selecting your biometric solution
September 2017, Residential Estate (Industry), Access Control & Identity Management

We know biometrics can solve many access and identity related problems, but what does one need to know when shopping for a biometrics solution. The sad reality is that all biometrics are not created equal, and while it may be a budget bonus to buy your products over the web at a cheap price with free shipping, you may be buying a world of trouble.

Then there’s the challenge of selecting an installer or systems integrator to advise you and do the installation of the biometric solution. Can you rely on the chap in the bakkie to set up the system properly, including the server and backups (and the security)? Can you count on them to support you over the long term?

We asked a few people to give us some insights into how an estate manager should go about making sure the biometrics and service provider chosen makes the grade. We also asked what needs to be done, or changed, with PoPI (the Protection of Personal Information Act) just around the corner.

Installer selection

So, what does a good biometric (or even a good access control) installer need to know? What questions should the security manager ask to see if they make the grade?

Marius Stoop and Marcel Kooiman from Security & Communication Warehouse say that a sound solution methodology is key to the standard offering. Further, a detailed requirement statement will help clarify the ability to meet the requirement. A good question would be to find out where similar systems have been implemented successfully, as well as:

• Understanding of the terms involved with access control is a good indicator if the installer is knowledgeable in the field.

• All access control systems require a firm understanding of IP networks, hence the installer needs to be able to set up a basic network.

• Operation of the software is easy once the IP setup is complete, if the installer can set the network up, the software training is usually the easiest part of the solution.

Andrew Levell-Smith from Regal Distributors says, “The simplest and most effective way of selecting an installer is to ask for references. Don’t only ask for reference sites, but actually visit them. Quality of installation is largely a matter of taste. Make sure that you like what you see and not only what you hear from others who may have different preferences to you. Ask their previous clients about their experiences.”

Embracing and extending this thought, PinnSec’s MJ Oosthuizen adds that the estate should ask to see the system or product in their own environment. “Enrol two or three users and test it for yourself. Too many products and offerings are made by integrators that work from a datasheet, without realising the true relevance of the product.”

Other issues Oosthuizen raises include whether fingerprint biometrics work in all environments on the estate. Additionally, what is the verification time for a user to be granted access, and what is the longevity, scalability and support on the system?

Selecting the technology and brand

How does one make the decision about which technology and which biometric modality to choose? Every vendor will tell you that their products are fast and secure, which is important, but what makes the technology work in the real world?

“In my opinion, speed and accuracy of the transaction in addition to the quality of the device should be a major consideration for residential estates with many tenants, visitors and contractors,” says Levell-Smith. “It is essential that devices that have international quality certifications, independently tested algorithms that aid in the accuracy and speed of transactions.”

Oosthuizen adds that, whether we like to admit it or not, budget outweighs requirements on many occasions. Considering a vendor requires one to look at the scalability of the system, and the ability to upgrade and grow the system as budget/requirements changes. “The time the proposed system takes for authentication (especially in high traffic or visitor access areas) needs to be considered as well as the longevity of the proposed system.”

Just as reference sites are crucial, so is the ability to develop specialised features the estate may require, note Stoop and Kooiman. “Many advances have been made through development and integration. Some new features, like recording the conversation of a visitor at registration, stored in a centralised database where the visitor can be audited and reviewed, should be considered as valued features.”

They add that access control boils down to three basic flavours:

• Memorised PIN: A very crude and ineffective access control method.

• Card: An intermediate option, card systems provide better security and are easier to install than biometrics, but are not as secure.

• Biometrics: This can be fingerprint, facial, iris scanners and many more. Though difficult to roll out, the system gives excellent security and is easy to use if set up correctly. It is well known that fingerprints are not always viable for all persons, so a mixed biometric/card system is recommended.

Levell-Smith agrees, noting that it is important to note that fingerprints do change as we get older, and even with all the advances in fingerprint technology, there are still fingerprints that simply cannot be captured. “So systems that are able to use multiple token types like cards, PINs and fingerprints should be considered above devices that only authenticate a single token type.”

And as an additional, although (we hope) unnecessary warning, he adds that there is a vast difference in terms of functionality, price and quality between the lower-end devices and top-tier devices. This is clearly evident in the pricing of a biometrics system. The old adage of ‘you get what you pay for’ is certainly apt when considering biometrics devices or systems.

“I would not recommend facial recognition devices for a residential estate until it is a proven method of accurate recognition under multiple environmental conditions. Having said that, there have been some amazing breakthroughs in this method of biometric recognition and it is definitely one to watch for the future.”

When selecting a vendor, Stoop and Kooiman advise that good communication between the vendor and their supplier is the key to a system. Brands that build their own readers and supply their own software are a must, as it eliminates many issues when software or firmware fixes are needed. A good variety of readers is also good, as customers can be very picky about device aesthetics.

Personal information management

When one has made the decision as to which vendor and biometric range to use, the challenges are not over. PoPI has been dragging its heels for many years, but it will eventually become a reality. This means estate managers will be responsible for the way their staff handle personal information – such as fingerprints and other identity data.

Moreover, people are increasingly worried about where and how their private information is stored, notes Oosthuizen. How secure is the data? Where is it stored (on a PC workstation in the guardhouse at the estate entrance)? One needs to ask the question on what the relevance of the requested information is. If there is no live and direct feed to a database to verify details like an ID number, any information, fictitious or real, becomes irrelevant.

Some key aspects of PoPI, according to Levell-Smith, are:

• How is the personal information processed?

• What reasonable measures are in place to ensure the personal information collected is secure?

• What reasonable measures are in place to ensure the personal information collected will not be used for or distributed to any third party?

• What reasonable measures are in place to ensure the personal information collected is only held for the necessary period?

In terms of fingerprints, it is important to ask how the actual fingerprint is processed. Is it possible to recreate the fingerprint from the collected template? Is the actual fingerprint image stored or simply the unique minutia information? Has a reasonable effort been made by the manufacturer to ensure that fingerprints cannot be copied and used on a device to gain access? This is commonly known as liveness detection or ‘fake and live detection’.

“What measures are in place to ensure that the personal information is deleted after a certain period or when the resident moves out?” Levell-Smith asks.

Data encryption and a chain of data custody can address most of the PoPI concerns, says Stoop and Kooiman. Also, the flexibility of the enrolment and management software and process should be able to help manage these requirements.

“The estate should always ask the level of the software’s encryption. Encrypted data is safe data. The estate should also be aware that they need to manage their own passwords and access to the system. It is also recommended that the supplier is not a state-owned company, experience has taught us that the state can and will abuse their access to other people’s systems, the WannaCry scandal should serve as a warning here.”

At the end of the day, selecting a biometric solution for an estate (or anywhere for that matter) is different from selecting a boom for your gate. Not to discriminate against booms, this equipment needs to be able to open and close hundreds or even thousands of times per day in large estates. However, your biometric solution needs to work fast, accurately and the estate also needs to secure the information collected and stored in accord-ance with regulations. Choosing the cheapest solution is not an option. You can always revert to a guard opening the boom if the electronics fail, but if your biometrics and data management fail, you will be compromising your security and your legal obligations.

For more information, contact:

• Pinnacle Security Solutions, +27 (0)11 990 6000,,

• Regal Distributors, +27 (0)11 553 3300,,

• Security & Communication Warehouse, +27 (0)12 653 1005,,

  Share via Twitter   Share via LinkedIn      

Further reading:

  • Trust but continually verify
    November 2018, Technews Publishing, This Week's Editor's Pick, Access Control & Identity Management, Integrated Solutions, IT infrastructure
    Hi-Tech Security Solutions looks at access and identity management and asks some industry players what ‘zero trust’ and ‘least privilege’ access means.
  • The expanding role of IT in access control
    November 2018, Technews Publishing, This Week's Editor's Pick, Access Control & Identity Management, IT infrastructure
    What role is IT playing in the world of physical access control and how far will its role expand in future?
  • Taking augmented identity to the world
    November 2018, Technews Publishing, This Week's Editor's Pick, Access Control & Identity Management, Integrated Solutions
    Hi-Tech Security Solutions spoke to Gary Jones, VP Global Channel and Marketing biometric access and time solutions) at IDEMIA (formerly Morpho) about his career with the company and its new vision of Augmented Identity.
  • Tracking biometrics into a brave new digital world
    November 2018, This Week's Editor's Pick, Access Control & Identity Management, Integrated Solutions
    The industry is increasingly transitioning from unimodal to more integrated multimodal biometric solutions for more accurate identity verification and faster real-time results.
  • A better approach to fingerprint biometrics
    November 2018, This Week's Editor's Pick, Access Control & Identity Management
    Not all optical biometric fingerprint scanners are created equal. The type of sensor used has a powerful impact on speed, accuracy, reliability and portability.
  • The right access decisions
    November 2018, Technews Publishing, This Week's Editor's Pick, Access Control & Identity Management
    Making the right access control decision depends on what you want secured and how secure it should be.
  • Digital channels and the evolution of ID
    November 2018, This Week's Editor's Pick, Access Control & Identity Management, IT infrastructure
    While the concept of identity (ID) remains unchanged, the rapid evolution of digital technology has dramatically extended both its application and form factor.
  • Fingerprints protect privacy for AIDS testing
    November 2018, This Week's Editor's Pick, Access Control & Identity Management
    A creative, progressive NGO uses biometric fingerprint scanning to redefine confidentiality and AIDS treatment in South Africa.
  • 2D barcode scanners
    November 2018, Excellent ID, Products, Access Control & Identity Management
    The latest-generation eSkan 2D barcode scanner from EXID includes a touchscreen that enables users to manually enter additional details.
  • Centurion hosts second Access Automation Expo
    November 2018, Centurion Systems, News, Access Control & Identity Management, Perimeter Security, Alarms & Intruder Detection
    Centurion Systems has taken its Access Automation Expo national, visiting Durban and Cape Town for the latest events.
  • MorphoWave Compact launched in SA
    November 2018, IDEMIA , This Week's Editor's Pick, Access Control & Identity Management, News
    IDEMIA South Africa recently invited partners, consultants and end-users to the official local launch of its touchless fingerprint reader, the MorphoWave Compact.
  • 14 TB HDD for surveillance
    November 2018, Regal Distributors SA, Products, IT infrastructure
    Seagate’s SkyHawk hard disk drives (HDDs) provide the optimum combination of performance, high capacity (now 14 TB) and reliability.

Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Terms & conditions of use, including privacy policy
PAIA Manual
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.