BIOMETRIC TERMINALS

TECHNICAL BULLETIN

RECOMMENDATION TO RAISE SECURITY LEVEL

OF ACCESS CONTROL SYSTEMS April 2022

In the current international context, IDEMIA recommends reevaluating, and increasing protection measures of
systems where Biometric Terminals are used for Access Control.

BACKGROUND

Due to international tensions, several administrations have recommended to reinforce protections against
cybersecurity attacks, for instance: the French Agence Nationale de Sécurité des Systèmes d’Information(1) and
the UK National Cyber Security Centre(2).

For a given organization, the Physical Access Control system of a premises is part of its protection measures,
as it prevents physical intrusion in the IT infrastructure. Such a threat, combining both physical and logical
attacks, is referred to as a hybrid. An example of a hybrid threat is when an attacker penetrates a controlled
area to plug an infected USB drive into a machine of sensitive importance.

As a result, increasing the security level of the Access Control System should be considered as part of vigilance
reinforcement.

As the Biometric Terminal is a component of the Access Control system, IDEMIA recommends reevaluating its
configuration, environment, and usage. A few themes are listed below for your consideration.

SECURITY AND PERSONAL DATA PROTECTION: GENERAL GOOD PRACTICES

IDEMIA recommends enhancing the security of your installation by installing the biometric terminals in an IP
(Internet Protocol) network behind a security system and, when possible, isolating it from the business network
and the Internet.

IDEMIA would also like to highlight available documentation that explains best practices and recommendations
in terms of security and personal data protection. If you are a registered customer, you can find these documents
on the IDEMIA customer portal, otherwise please ask your IDEMIA products reseller:

 GDPR (General Data Protection Regulation) compliance package - here

 Recommendations for a Secure Installation – here

MONITORING

IDEMIA recommends sensitive access points be supervised, for instance with video surveillance cameras, and
with motion detectors.
Repeated access denied events reported from a single access point, either in a short timeframe or during
periods of idle activity, could be the signs of an intrusion attempt. Such warnings may be activated from the
supervision center of the access control system.

1/2
Recommendation to raise security level of access control systems April 2022
 MULTI-FACTOR AUTHENTICATION

Switching from single to multi-factor authentication, while impacting user convenience, is a way of improving
system security. All IDEMIA Biometric Terminals allow multi-factor authentication of users: combining biometric
identification with a card or password, and even combining biometric identification, card, and password.

BIOMETRIC TECHNOLOGY

All IDEMIA Biometric Terminals provide two parameters that can be configured separately:
 a biometric threshold, to set the False Acceptance Rate
 an anti-spoofing feature with four configuration levels: disabled, low, medium, high.

Please refer to the product documentation for more information and select the security level that is most
adapted to your system, use case, and environment.

SECURITY UPDATES

IDEMIA is committed to improving products, including their security. As highlighted in a previous

communication(3), new firmware versions will soon be made available for Biometric Terminals, enhancing the
default configuration.

From a more general standpoint, we encourage you to keep your system up to date with the latest software
versions from our Customer Portal(4).

NEED SUPPORT?
In case you need support or assistance, please contact the following support services by email or phone.

Region Email Phone

North America [email protected] +1 888 940 7477
South America [email protected] +1 714 575 2973
Europe, Middle East, Africa [email protected] +33 1 30 20 30 40
Asia, Pacific [email protected] +91 8929159665
India [email protected] +91 1800 120 203 020

SYNTHESIS

Should you use Biometric Terminals, IDEMIA recommends revisiting the risk assessment of your system in the
new international context. This may require you to reinforce the security configuration of the system.

REFERENCES

(1) https://www.ssi.gouv.fr/actualite/tensions-internationales-renforcement-de-la-vigilance-cyber/
(2) https://www.ncsc.gov.uk/news/organisations-urged-to-bolster-defences
(3) New default security configuration for MorphoWave SP
(4) https://biometricdevices.idemia.com/

2/2
Recommendation to raise security level of access control systems April 2022