Our access control platform uses QR codes containing a secure token number to allow visitors to gain entry to your premises.
Using QR codes for access provides a fantastic visitor experience. One reason for this is that they can easily be shared to visitors in advance. You might think this makes them less secure - below we show how they maintain the security of your premises.
Three key considerations to ensure that QR code visitor access remains secure:
When they are issued their QR code
How you have configured the Proxyclick access control integration
The locations where the QR code readers are deployed
Let’s take a closer look at each of these points.
1️⃣ When they are issued their QR code
You are in full control of when you issue your visitor a QR code.
Would you like to initially provide visitor access to a low-risk area such as a parking lot?
- Send the QR code with the visitor invitation email.
What about providing access to a more secure location, such as a lounge within your building or through turnstiles?
- It then makes sense to give the QR code after the visitor has identified themselves during check-in.
Would you like to make use of both scenarios? Take a look at our next point...
2️⃣ How you have configured the Proxyclick access control integration
Proxyclick’s access control integration can upgrade the access permissions of a visitor as they progress through the check-in process.
Prior to check-in, you can provide a low level of access, designed to allow convenient entry into semi-protected areas. Once a visitor is marked as on-site or checked-in, their access can be upgraded to allow them to enter areas of greater security. Between arrival and checking-in, you can have a process to verify their identity.
This also applies to wrapping up their visit - Proxyclick can deactivate access so that the QR code no longer allows access.
3️⃣ The locations where the QR code readers are deployed
You typically would not deploy QR code readers throughout the building; only installing them where visitors will need to easily be granted access. This may encompass both low and high security areas, but only be located where you want your visitors to have unattended access.
💡 Keep in mind that visitors are only on site to meet someone, were invited by a trusted person, and are typically not expected to access the entire building unattended.
Some additional points to consider when looking at the use of QR codes:
Proxyclick QR codes may be:
- Emailed to visitors in advance
- Only emailed upon arrival after checking-in
- Not emailed at all: you can choose to print the QR onto a badge after the visitor checks-in
QR codes add a lot of value to the guest experience, minimizing the manual process of assigning and handing out physical access cards or tokens
This also means you save on the admin involved in manually managing this process and the potential security risk of human error or cards not being returned
QR codes can be printed and shared, but there is traceability of this in the ACS
Physical cards can also be handed to the wrong person, passed back to allow a second person through, or simply used to allow multiple access attempts
Proxyclick QR codes are also time limited; only active during the meeting time and tied in with specific actions such as checking-in and checking-out.
The first option above offers a scenario where you have a balance between the positive aspects of QR codes while no longer worrying about them being shared to people you never invited in. This brings QR codes closer to the use of physical cards without having an awkward manual process involved.
How we handle QR token numbers to ensure security
We generate QR token numbers within a set range, typically a minimum range of 10 million, to ensure each is secure
They are allocated randomly so there is no way to predict the tokens that will be generated
Once a token number has been allocated and used, the same token number will not be reissued for a period of time to prevent reuse.