All Collections
Integrations
🔐 Access Control
Visitor access: why QR codes are a great option
Visitor access: why QR codes are a great option

Answering your access control + QR code security concerns

Andy Orwell avatar
Written by Andy Orwell
Updated over a week ago

Our access control platform uses QR codes containing a secure token number to allow visitors to gain entry to your premises.

Using QR codes for access provides a fantastic visitor experience. One reason for this is that they can easily be shared to visitors in advance. You might think this makes them less secure - below we show how they maintain the security of your premises.

Three key considerations to ensure that QR code visitor access remains secure:

  1. When they are issued their QR code

  2. How you have configured the Proxyclick access control integration

  3. The locations where the QR code readers are deployed

Let’s take a closer look at each of these points.

1️⃣ When they are issued their QR code

You are in full control of when you issue your visitor a QR code.

Would you like to initially provide visitor access to a low-risk area such as a parking lot?
- Send the QR code with the visitor invitation email.

What about providing access to a more secure location, such as a lounge within your building or through turnstiles?
- It then makes sense to give the QR code after the visitor has identified themselves during check-in.

Would you like to make use of both scenarios? Take a look at our next point...

2️⃣ How you have configured the Proxyclick access control integration

Proxyclick’s access control integration can upgrade the access permissions of a visitor as they progress through the check-in process.

Prior to check-in, you can provide a low level of access, designed to allow convenient entry into semi-protected areas. Once a visitor is marked as on-site or checked-in, their access can be upgraded to allow them to enter areas of greater security. Between arrival and checking-in, you can have a process to verify their identity.

This also applies to wrapping up their visit - Proxyclick can deactivate access so that the QR code no longer allows access.

3️⃣ The locations where the QR code readers are deployed

You typically would not deploy QR code readers throughout the building; only installing them where visitors will need to easily be granted access. This may encompass both low and high security areas, but only be located where you want your visitors to have unattended access.

💡 Keep in mind that visitors are only on site to meet someone, were invited by a trusted person, and are typically not expected to access the entire building unattended.


Some additional points to consider when looking at the use of QR codes:

  • Proxyclick QR codes may be:
    - Emailed to visitors in advance
    - Only emailed upon arrival after checking-in
    - Not emailed at all: you can choose to print the QR onto a badge after the visitor checks-in

  • QR codes add a lot of value to the guest experience, minimizing the manual process of assigning and handing out physical access cards or tokens

  • This also means you save on the admin involved in manually managing this process and the potential security risk of human error or cards not being returned

  • QR codes can be printed and shared, but there is traceability of this in the ACS

  • Physical cards can also be handed to the wrong person, passed back to allow a second person through, or simply used to allow multiple access attempts

  • Proxyclick QR codes are also time limited; only active during the meeting time and tied in with specific actions such as checking-in and checking-out.

The first option above offers a scenario where you have a balance between the positive aspects of QR codes while no longer worrying about them being shared to people you never invited in. This brings QR codes closer to the use of physical cards without having an awkward manual process involved.

How we handle QR token numbers to ensure security

  • We generate QR token numbers within a set range, typically a minimum range of 10 million, to ensure each is secure

  • They are allocated randomly so there is no way to predict the tokens that will be generated

  • Once a token number has been allocated and used, the same token number will not be reissued for a period of time to prevent reuse.


If you have any questions or feedback, please contact support@proxyclick.com or send us a message on the live chat.

Did this answer your question?