Why electronic access control should be part of kiosk design
Image courtesy of iStock
|Steve Spatig is the general manager of electronic access solutions at Southco, a global provider of engineered access hardware.|
by Steve Spatig
The self-service industry has experienced tremendous growth in recent years as a result of advances in mobile and computer networking technologies. Unattended transactions have evolved from ATMs, vending machines and self-service fuel dispending to include remote merchandise pickup, parcel exchange, cell phone charging, digital ordering kiosks and many others. All have one thing in common — they are unattended, sometimes remote and store sensitive information or products. Much of this equipment contains personal credit card information or physical currency, and therefore requires a high level of security.
This valuable equipment is often connected to a network and is typically widely distributed and unattended. In many of these applications, the equipment contains actual money for transactions, or it collects sensitive information including credit card and debit card information that is subject to increasingly stringent privacy protection laws such as Payment Card Industry Data Security Standard and General Data Protection Regulation. Therefore, ensuring the physical security of this equipment is vital.
Whether located indoors or outside, these distributed systems include several features that need to be considered when selecting a security solution:
- These kiosks enclose and protect critical equipment — touchscreens, processors, credit card readers and technology that connects to either the internet or proprietary corporate networks.
- They need to be accessed on a routine basis by consumers as well as a variety of personnel performing maintenance, service, or refilling and updating items secured in the enclosure.
- These kiosks utilize high-end industrial design, including large touchscreen interfaces, branding elements and fine design touches to appeal to targeted user settings such as airport terminals, hotel and resort lobbies, and branded retail locations
Electronic access solutions that incorporate electronic locking and access control devices offer a way to improve physical security to self-service kiosks. These solutions can serve as stand-alone access control devices, or they can be connected to a network for remote access control. Most importantly, electronic platforms, while enhancing security, let the operators of unattended kiosks remotely manage routine access in real time by controlling and tracking who, when and for how long that access is granted.
Mechanical versus electronic locks
Until recently, a large proportion of distributed kiosks have used lock-and-key mechanisms to provide the means of access control and physical security. These locks are mechanical rather than electronic, and tracking who has what keys and when they are used (or misused) can be problematic.
Electronic locking technology is a much more robust form of physical security and access control, and provides a higher level of deterrence to vandals, thieves and others trying to steal kiosk equipment, merchandise, credit card data or cash.
An electronic access solution combines three integral elements into one cohesive security system. A complete solution includes an input device, a controller and an intelligent electro-mechanical lock or latch.
The access control device, or user interface, such as a digital keypad, RFID card, biometric reader or Bluetooth reader, reads an electronic credential which is then sent to the controller, which validates the credential. If the user credential is valid, the controller then signals the intelligent latch to lock or unlock the desired kiosk door. Upon actuation, a digital record of activity can be created and archived for future audit trail reporting. If desired, the record can be instantly transmitted via existing network connections built into the kiosk — one more digital record among many that the kiosk is already equipped to communicate across the network to which it is connected.
Electronic access solutions provide the increased level of security and access tracking that is called for by the PCI DSS and GDPR standards referenced above, which require strong access control measures such as assigning a unique ID to each person who could potentially access cardholder data. Incorporating electronic access can help kiosk deployments to be more compliant and provide a more physically secure kiosk solution.
Access for different user needs
Many of today's kiosks and self-service equipment need more than one type of electronic access solution to achieve the required level of access control. For example, a kiosk that rents chargers for electronic devices controls the renter's access through a user interface, such as a credit card reader or mobile device. The user interface is connected to a controller that routes the signal to the appropriate compartment lock.
Repair technicians and inventory managers, however, have very different access requirements. Remote kiosks need to be accessed to restock products or refill cash repositories, and for both routine maintenance and technician access when repairs are needed. Access must be managed and tracked to maintain the physical integrity of the kiosk and its contents, and owners may want to limit access by service personnel to specific areas of the kiosk. With electronic access solutions, operators can remotely issue time-based electronic credentials to service technicians as needed.
For example, an electronic lock could secure a service panel that responds to a technician's access credential — such as a Bluetooth enabled smartphone. The technician will have a dedicated "virtual key" app on their phone. Time-based virtual keys can be sent wirelessly to the app via a cloud-based web portal. To access the secured equipment, the technician touches the access icon within the mobile app, which transmits the encrypted Bluetooth signal to the lock controller, unlocking the door and sending a record of the access via the smartphone app to the kiosk owner via the cloud.
Today's display and self-service kiosks utilize a full range of industrial design techniques to create distinctive, branded units with immediate visual appeal to the audiences they target. Unfortunately, it's often the case that locking mechanisms required for these kiosks aren't addressed until late in the design process.
That desired appeal — the quintessential "high-tech" presence — can be compromised when the locks chosen don't match the overall aesthetic or the locking devices incorporated into the design fail to operate effectively over the long- term, causing quality issues and less than acceptable customer experiences.
Self-service equipment manufacturers can avoid these issues by making locking and access hardware selection a key part of the design process early on. In many cases, suppliers may already have products that can be cost-effectively adapted to integrate smoothly into the kiosk's design.
As self-service equipment continues to evolve and expand into new applications, ensuring the physical security of this equipment will be paramount to the security of not only the kiosk's contents, but also to the personal data of the individuals who use it. Incorporating electronic access solutions into kiosk design early on can help manufactures meet the physical security requirements and aesthetics of the overall design.