How Changing from Barcodes to NFC Tags Made the Security Services Industry More Trustworthy

Security services is a $132B worldwide industry whose foundation was built on trust. Retailers, local governments, airports, corporate offices, banks, malls, and more trust that guards will execute their assigned patrols at an agreed upon frequency and be present to detect anomalies, deter undesirable activity and to respond when immediate action is necessary. The value of the service is derived from the assured safety of events, facilities, and assets thanks to this scheduled patrol. To prove that value, security companies need high quality and reliable data.

Before Connected Things technology was adopted by the security industry it was nearly impossible to prove the efficiency and completion of duties. A successful service provider could keep diligent records, engage in rigorous guard selection and training programs. However, verifying all actions were executed as promised proved very difficult. Guards could be trained, but once deployed, how could service providers guarantee that patrols were taking place as they should? Paper logs could be utilized, but they leave too much room for error and the honor system doesn’t make a trustworthy business model.

Security providers needed a way to prove to customers that the job had been executed as promised. They needed verifiable and accurate records confirming a guard visited a scheduled list of locations during their shift – proof of presence. Providers also needed a way to identify training and process optimization opportunities within their offering. They needed Connected Things.

Connected Things is the concept of linking a physical Thing to its digital counterpart, bridging the gap between the physical and digital. In the case of security patrols, each guard is a Person with a registered account in the security services software system. The guard has a smartphone with an app (called a Device) to carry with them on their patrols. This makes the Device a reliable proxy for the Person. Connected Things tags are then affixed at the location to be accounted for, making the tag a proxy for a Place.

When a guard on his rounds uses his Device to interact with the tag, a data set of time-coded interactions is built, connecting the Place to the Device used. This sequence is now documented proof that the Person visited the Place in the real world at a particular time. With this technology in place, security firms finally had the ability to prove that a specific guard was present at a specific location at a specific time. This record gives customers data-backed proof in real time that their facility is secure.

Barcodes, specifically QR codes, were the first Connected Things tags to be used to digitize guard check-ins. Barcodes rely on a printed pattern of black and white areas to store information that is read by a reader using visible light from either a dedicated barcode scanner or using ambient light and a smartphone’s camera. Each barcode is correlated within software designed for guard check-ins to the location it is placed, and security guards can easily scan the codes along their tour.

Barcodes are cheap to create and the QR code variety can store an impressive amount of data for their format (huge ones can even store the entire game Snake). They became widely used throughout the industry for their ability to validate services had been rendered as promised.

Barcodes are a great solution for many sectors and have solved tough problems for the security services industry. However, it became quickly apparent that QR codes were not the right Connected Things technology for every job.

To begin with, barcodes are not ideal for low-light locations due to their dependency on physical light. While it is not an insurmountable issue, it is a problem that needs to be addressed in the implementation process. Inclement weather can also wear away at the tag, rendering it unreadable. Finding a spot to affix the tag that is protected from the elements yet still accessible to a visible light scanner is not an achievable feat at all checkpoints.

Barcodes also fall victim to the human element. A bad actor or bored teenager can easily deactivate a barcode with a sticker or a pen; a clear example of the pen being mightier than the sword. Subversion tactics get even more creative as barcodes become more prevalent. Some enthusiasts even train themselves to read linear barcodes by sight.

If a guard is unable to successfully interact with a tag in a particular place, the guard cannot generate a digital record that they were at that place. While Connected Things technologies are extremely reliable when implemented and maintained correctly, subversion by malicious actors is always a threat, and are the main source of technical breakdowns that lead to a failed Connected Things interaction in security settings.

Malicious intent isn’t the only culprit to data fidelity failure. Even the best-trained, professional, and well-intentioned guards can fall victim to their own psychology and seek shortcuts to executing their duties. For example, a guard that is highly knowledgeable about a building they are securing may judge a particular checkpoint on their rounds to be so low risk as to not be mandatory to visit as often as the schedule specifies. They may then find technical workarounds to generate a record of a visit without actually visiting the place by taking a picture of the tag and printing a duplicate. This action breaks the critical assumption that each tag is a proxy for a specific place.

The value of a tag for security providers is its ability to be a perfect unique proxy for a location. The biggest flaw in using barcodes for security applications is that they can be easily duplicated. Technology advanced and suddenly everyone has a camera in their pocket capable of duplicating the barcode and transporting it elsewhere. An easily duplicated tag cannot be relied upon as confirmation that a guard was indeed present at that location at the time of scanning.

While barcodes are cheap to deploy initially, their vulnerability to destruction and duplication means they can be disabled repeatedly. Replacing a barcode tag can incur three types of costs and in the case of security services, all three come into play. First you have the cost of the tag itself. Replacing one might not be a huge blow to the budget, but repeated petty vandalism quickly becomes a costly operational nuisance.

Second is the human time cost. A damaged or disabled tag requires a person to travel to the location to identify the bad tag, remove the tag, come back later to install the new tag, and update the software to correlate the new tag with that location. In situations where tags are being disabled repeatedly, this process is a tedious waste of resources.

Third is the opportunity cost. During the time period between the destruction of the tag to its replacement and establishment within the software, value and revenue can be lost. While a tag is out of commission, digital records are interrupted. Reporting falls back to unreliable analog methods, destroying the continuity and reliability of the data collected for that location. The damage to data quality when tags are out of service cuts to the core of the security industry’s value proposition and is a major liability for the use of barcode tags in a security setting.

Not all projects need the highest quality data, but in the security services world, data fidelity is the difference between success and failure. Barcodes solved many problems for the security services industries, but they did not go far enough for high traffic areas and high value assets. Fixing this shortcoming didn’t require the implementation of a completely new technology, just a shift in one aspect of the Connected Things system – the tag type. Enter NFC tags.

NFC tags have fundamental differences from barcodes that give them the capability of being more secure and provide a more complete data picture than a barcode ever could. While barcodes utilize visible light, NFC utilizes an RF field. NFC tags use an RF signal generated by a reader to energize a tiny integrated circuit that stores data, requiring no separate power source. The information encoded to the tag is stored within the chip versus the visible matrix of markings printed on the surface of the tag, making NFC tags immune to the scribbles that would disable a barcode. An NFC tag requires destruction of the chip or antenna assembly to disable functionality.

Different tags are designed to withstand varying degrees of wear and tear. The array of available NFC tags includes options that can withstand wet conditions, temperature fluctuations, a degree of physical impact, and even laundering. Some NFC tags can even be hidden within products and structures to prevent bad actors from knowing the tag is present. They can be innocuously integrated into a location only the guards are aware of, like behind light switch covers or even embedded in plaster walls. A QR code is quickly identifiable as something with information and purpose, making it a tempting target for opportunists. An NFC tag’s ability to be unseen greatly reduces loss and damage operational costs for the simple fact that only a select few know it exists.

The ability to utilize NFC tags in a more tamper-resistant way already elevates them above barcodes in a security setting, but the benefits go even deeper. Each NFC tag has a chip, each with its own unique identifier (UID), which is a read-only ID encoded by the manufacturer onto the chip. When used correctly, NFC tags are much more difficult to clone than barcodes. While data encoded on an NFC tag can be cloned, this presents a far greater technical challenge than cloning a barcode.

The most secure way to use NFC tags in a security application is to incorporate the tag’s unique, manufacturer-supplied, read-only UID. This UID is immutable—if the tag is functioning it will always be able to identify itself uniquely among all NFC tags. Relying only on the user-encoded NDEF memory leaves NFC tags nearly as vulnerable to cloning as barcodes. Mobile app developers should also ensure their software validates the unique signature of the NFC chip in each tag. This signature offers proof the tag comes from a trusted manufacturer.

More readers are now capable of reading the UID directly off the chip, eliminating the need for earlier workarounds such as UID encoding. In addition to standalone NFC readers, both Android and iPhones can now verify the UID. Android has had this capability since Android 4.4. While iPhones have had a certain level of NFC capability since iPhone 6, iPhone 13 and the soon-to-be-released iPhone 14 are both capable of reading the UID on an NFC tag via native SDKs.

Deployment of Connected Things is well underway on a large scale within the securities services industry. Don’t be surprised if you haven’t heard about it before; this has been accomplished behind-the-scenes for the same reason NFC tags are often hidden from sight. Security firms, including major players like Allied Universal and Trackforce, have been using NFC tags placed at checkpoints within secured areas along the route patrolled by guards.

Beyond the data’s value to customers, security providers also use this information to improve their offerings. This accuracy-rich data also allows companies to recognize opportunities for optimization. By calculating the average time it takes a guard to complete their rounds, they can identify outliers who may need more training to stay efficient. Firms can also build more accurate quotes for customers, having an exact understanding of the manpower that is required to cover similar situations in the past. Depending on the software being used, time stamp accuracy can be calculated down to the millisecond or better, giving firms the opportunity to maximize the use of each guard.

Correctly configured NFC systems are finally giving guard tours the trustworthy assurance of proper execution that firms and customers demand.

While NFC tags are better suited for security than barcodes, it is important to choose the right NFC tag for your application. Each situation and application has unique considerations to insure tags function properly and stay operational as long as possible. It’s best to discuss your specific needs with GoToTags experts, but let’s discuss the biggest considerations you’ll need to keep in mind when choosing an NFC tag.

For security services, NFC Tokens are most commonly used. Tokens are a great option because they are rigid and are designed to hold up to the elements in varying degrees. When you’re looking for the ideal tag for your needs, ask yourself the following questions:

This question brings up several variables. The shape of the mounting surface may inform what type of tag you should use. Curved surfaces require the flexibility of an inlay or sticker. If the mounting surface is metal, electronic, or magnetic, you will need to choose an on-metal tag. These tags have a layer of ferrite shielding that allows the tag to function on these surfaces when a traditional tag would not. Other surfaces have their own challenges that need to be addressed.

Another decision that will be determined by the mounting surface is how you intend the tag to be attached. If it is a material that can be drilled into, you might want a tag that has both adhesive on the back and a center hole for extra secure mounting with a screw or nail.

NFC tags can either be purchased pre-encoded from the GoToTags store or firms can encode their own tags. Whether you buy pre-encoded tags or encode your own, the data encoded on the tags should be optimized for security and to make cloning impossible.

GoToTags works with major security services providers around the globe and has sold millions of NFC tags for security firms. GoToTags often works with corporate offices for tag selection, encoding data, and creates purchasing agreements to facilitate the ordering of NFC tags by field offices. These purchasing agreements allow GoToTags to know the volumes a customer will need in the future and maintain stock levels that are high enough to fill future orders. GoToTags also helps orchestrate general education on NFC, encoding, and security best practices like avoiding UIDs encoded into the NDEF user memory. We can even set up landing pages for field offices to purchase from directly with fast delivery from our locations in the US and Canada.

Pre-encoding by our expert team also ensures that every tag received will have consistent and reliable manufacturing quality. Retailers such as Amazon and its individual sellers do not offer pre-encoding services. If a security firm buys tags from these sources, they should plan to orchestrate encoding themselves after taking delivery of the tags.

The move to use of Connected Things technologies in the security industry has made it clear that the core value offered by security firms rests in their ability to assure customers their data is accurate. As barcode and NFC Connected Things tag technologies both advance and proliferate, firms should continue to ask themselves if their approach is maximizing the value of their data. Contact GoToTags if your firm would like help developing a Connected Things strategy that minimizes vulnerabilities and maximizes data value.