How Changing from Barcodes to NFC Tags Made the Security Services Industry More Trustworthy

Security services is a $132B worldwide industry whose foundation was built on trust. Retailers, local governments, airports, corporate offices, banks, malls, and more trust that guards will execute their assigned patrols at an agreed upon frequency and be present to detect anomalies, deter undesirable activity and respond when immediate action is necessary. The value of the service is derived from the assured safety of events, facilities, and assets, thanks to this scheduled patrol. To prove that value, security companies need high-quality and reliable data.

Before Connected Things RFID technology was adopted by the security industry, it was nearly impossible to gauge the efficiency or prove the completion of duties. A successful service provider might keep diligent records and engage in rigorous guard selection and training programs. However, verifying all actions were executed to meet expectations could be difficult. Guards could be trained, but once deployed, how could service providers guarantee that patrols were taking place as they should? Paper logs leave room for error, and an honor system is hardly a dependable business model.

Security providers needed a way to prove to their clients that the job they were hired for was being executed as promised. They needed verifiable and accurate records confirming a guard visited a scheduled list of locations during their shift – proof of presence. Providers also needed a way to identify training and process optimization opportunities within their offerings. They needed Connected Things.

Connected Things is the concept of linking a physical Thing to its digital counterpart, bridging the gap between the physical and digital. In the case of security patrols, each guard is a Person with a registered account in the security services software system. The guard has a smartphone with an app (called a Device) to carry with them on their patrols. This makes the Device a reliable proxy for the Person. Connected Things tags are then affixed at the location to be accounted for, making the tag a proxy for a Place.

When a guard on his rounds uses his Device to interact with the tag, a data set of time-coded interactions is built, connecting the Place to the Device used. This sequence is now documented proof that the Person visited the Place in the real world at a particular time. With this technology in place, security firms finally had the ability to prove that a specific guard was present at a specific location at a specific time. This record gives customers data-backed proof in real time that their facility is secure.

Barcodes, specifically QR codes, were the first Connected Things tags to be used to digitize guard check-ins. Barcodes rely on a printed pattern of black and white areas to store information that is read by a reader using visible light from either a dedicated barcode scanner or by using the ambient light from a smartphone’s camera. Each barcode is correlated within software designed for guard check-ins to the location in which it is placed, and security guards can easily scan the codes along their tour.

Barcodes are cheap to create, and the QR code variety can store an impressive amount of data for its format (huge ones can even store the entire game Snake). They became widely used throughout the industry for their ability to validate that services had been rendered to spec.

While barcodes have proven effective in many industries and have addressed significant challenges in security services, their limitations have become increasingly apparent. QR codes, a popular barcode type, have not met expectations in all scenarios. Their susceptibility to damage, limited data capacity, and lack of security make them less suitable for certain applications. This has highlighted the need for more robust and versatile solutions in the realm of Connected Things technology.

To begin with, barcodes are not ideal for low-light or dark locations due to their dependency on physical light. If the barcodes will need to be used in dark environments, this is a problem that needs to be addressed in the implementation process. Inclement weather can also wear away at the tag, rendering it unreadable. Finding a spot to affix the tag that is both protected from the elements and still accessible to a visible light scanner may not be an achievable feat at all checkpoints.

Barcodes also fall victim to the human element. A bad actor or bored teenager can easily deactivate a barcode with a sticker or a pen. A single mark on a barcode can be enough to render it unreadable. Subversion tactics get even more creative as barcodes become more prevalent. Some enthusiasts even train themselves to read linear barcodes by sight.

If a guard is unable to successfully interact with a tag in a particular place, the guard cannot generate a digital record that they were there. While Connected Things technologies are extremely reliable when implemented and maintained correctly, subversion by malicious actors is always a threat to be considered. In fact, it is the main source of technical breakdowns that lead to a failed Connected Things interaction in security settings.

Malicious intent isn’t the only culprit to data fidelity failure. Even the best-trained, professional, and well-intentioned guards can fall victim to their own psychology and seek shortcuts to executing their duties. For example, a guard who is highly knowledgeable about a building they are securing may judge a particular checkpoint on their rounds as low risk enough not to be mandatory to visit as often as the schedule specifies. They may then find technical workarounds to generate a record of a visit without actually visiting the place by taking a picture of the tag and printing a duplicate. This action breaks the critical assumption that each tag is a proxy for a specific place.

The value of a tag for security providers is its ability to be a perfect unique proxy for a location. The biggest flaw in using barcodes for security applications is that they can be easily duplicated. With the technological advancements of our modern era, everyone has a camera in their pocket. This means that everyone with a smartphone is capable of duplicating the barcode and transporting it elsewhere. An easily duplicated tag cannot be relied upon as confirmation that a guard was indeed present at that location at the time of scanning.

While barcodes are cheap to deploy initially, their vulnerability to destruction and duplication means they can be quickly disabled. Replacing a barcode tag can incur three types of costs, and in the case of security services, all three come into play.

1. Cost of the tag itself: replacing one might not be a huge blow to the budget, but repeated petty vandalism quickly becomes a costly operational nuisance.
2. Human time cost: a damaged or disabled tag requires a person to travel to the location to identify the bad tag, remove the tag, come back later to install the new tag, and update the software to correlate the new tag with that location. In situations where tags are being disabled repeatedly, this process is a tedious waste of resources.
3. Opportunity cost: in the time period between the destruction of the tag to its replacement and establishment within the software, value and revenue can be lost. While a tag is out of commission, digital records are interrupted. Reporting falls back to unreliable analog methods, destroying the continuity and reliability of the data collected for that location. The damage to data quality when tags are out of service cuts to the core of the security industry’s value proposition and is a major liability for using barcode tags in a security setting.

Not all projects need the highest quality data, but in the security services world, data fidelity is the difference between success and failure. Barcodes solved many problems for the security services industries, but they did not go far enough for high-traffic areas and high-value assets. Fixing this shortcoming didn’t require the implementation of a completely new technology, just a shift in one aspect of the Connected Things system: the tag type. Enter NFC tags.

NFC tags have fundamental differences from barcodes that give them the capability of being more secure and provide a more complete data picture than a barcode ever could. While barcodes depend on visible light, NFC utilizes an Radio Frequency field (RF field). NFC tags use an RF signal generated by a reader to energize a tiny integrated circuit that stores data, requiring no separate power source. The information encoded to the tag is stored within the chip versus the visible matrix of markings printed on the surface of the tag, making NFC tags immune to the scribbles or weather damages that would disable a barcode. An NFC tag requires the destruction of the chip or antenna assembly to disable functionality.

Different tags are designed to withstand varying degrees of wear and tear. The array of available NFC tags includes options that can withstand wet conditions, temperature fluctuations, a degree of physical impact, and even laundering. Some NFC tags can even be hidden within products and structures to prevent bad actors from even knowing the tag is there. They can be innocuously integrated into a location only the guards are aware of, such as behind light switch covers or even embedded in plaster walls. A QR code is quickly identifiable as something with information and purpose, making it a tempting target for opportunists. In contrast, an NFC tag’s ability to be unseen greatly reduces loss and damage operational costs for the simple fact that only a select few know it exists.

The ability to utilize NFC tags in a more tamper-resistant way already elevates them above barcodes in a security setting, but the benefits go even deeper. Each NFC tag has a chip, each with its own unique identifier (UID), which is a read-only ID encoded by the manufacturer onto the chip. When used correctly, NFC tags are much more difficult to clone than barcodes. While data encoded on an NFC tag can be cloned, this presents a far greater technical challenge than cloning a barcode.

The most secure way to use NFC tags in a security application is to incorporate the tag’s individual, manufacturer-supplied, read-only UID (Unique Identification). If the tag is functioning properly, the UID is immutable. It should always be able to identify itself uniquely among all NFC tags. This is important because relying only on the user-encoded NDEF memory leaves NFC tags vulnerable to cloning. Mobile app developers should also ensure their software validates the unique signature of the NFC chip in each tag. This signature offers proof the tag comes from a trusted manufacturer. Implementing these measures ensures that the NFC tags are significantly less susceptible to the security issues that plague barcode usage.

More readers are now capable of reading the UID directly off the chip, eliminating the need for earlier workarounds such as UID encoding. In addition to standalone NFC readers, both Android and iPhones can now verify the UID. Android has had this capability since Android 4.4. While iPhones have had a certain level of NFC capability since iPhone 6. iPhone 13 and iPhone 14 are both capable of reading the UID on an NFC tag via native SDKs.

The deployment of Connected Things is well underway on a large scale within the securities services industry. Don’t be surprised if you haven’t heard about it before; this has been accomplished behind the scenes for the same reason NFC tags are often hidden from sight. Security firms, including major players like Allied Universal and Trackforce, have been using NFC tags placed at checkpoints within secured areas along the route patrolled by guards.

Beyond the data’s value to customers, security providers also use this information to improve their offerings. This accuracy-rich data also allows companies to recognize opportunities for optimization. By calculating the average time it takes a guard to complete their rounds, they can identify outliers who may need more training to stay efficient. Firms can also build more accurate quotes for customers, having an exact understanding of the manpower that is required to cover similar situations in the past. Depending on the software being used, time stamp accuracy can be calculated down to the millisecond or better, giving firms the opportunity to maximize the use of each guard.

Correctly configured NFC systems finally give guard tours the trustworthy assurance of proper execution that firms and customers demand.

While NFC tags are better suited for security than barcodes, it is important to choose the right NFC tag for your application. Each situation and application has unique considerations to ensure tags function properly and stay operational as long as possible. It’s best to discuss your specific needs with GoToTags experts, but let’s discuss the biggest considerations you’ll need to keep in mind when choosing an NFC tag.

For security services, NFC Tokens are most commonly used. Tokens are an impeccable option because they are rigid and are designed to hold up to the elements in varying degrees. When you’re looking for the ideal tag for your needs, ask yourself the following questions:

This question raises several variables. The shape of the mounting surface may inform what type of tag you should use. Curved surfaces require the flexibility of an inlay or sticker. If the mounting surface is metal, electronic, or magnetic, you will need to choose an on-metal tag. These tags have a layer of ferrite shielding that allows them to function on these surfaces when a traditional tag would not. Other surfaces have their own challenges that need to be addressed.

Another decision that will be determined by the mounting surface is how you intend the tag to be attached. If it is a material that can be drilled into, you might want a tag that has both adhesive on the back and a center hole for extra secure mounting with a screw or nail.

NFC tags can either be purchased pre-encoded from the GoToTags store, or firms can encode their own tags. Whether you buy pre-encoded tags or encode your own, the data encoded on the tags should be optimized for security and to make cloning impossible.

GoToTags works with major security services providers around the globe and has sold millions of NFC tags for security firms. GoToTags often works with corporate offices for tag selection and encoding data and creates purchasing agreements to facilitate the ordering of NFC tags by field offices. These purchasing agreements allow GoToTags to know the volumes a customer will need in the future and maintain stock levels that are high enough to fill future orders. GoToTags also helps orchestrate general education on NFC, encoding, and security best practices like avoiding UIDs encoded into the NDEF user memory. We can even set up landing pages for field offices to purchase from directly with fast delivery from our locations in the US and Canada.

Pre-encoding by our expert team also ensures that every tag received will have consistent and reliable manufacturing quality. Retailers such as Amazon and its individual sellers do not offer pre-encoding services. If a security firm buys tags from these sources, they should plan to orchestrate encoding themselves after taking delivery of the tags.

The move to use Connected Things technologies in the security industry has made it clear that security firms’ core value rests in their ability to assure customers that their data is accurate. As barcode and NFC Connected Things tag technologies advance and proliferate, firms should continue to ask themselves if their approach maximizes the value of their data. Contact GoToTags if your firm wants help in developing a Connected Things strategy that minimizes vulnerabilities and maximizes data value.