© 2017 HID Global Corporation/ASSA ABLOY AB. All rights reserved. HID, HID Global, the HID Blue Brick logo, and the Chain Design are trademarks or registeredtrademarks of HID Global or its licensor(s)/supplier(s) in the US and other countries and may not be used without permission.2017-04-12-hid-pacs-dangers-csn-ig-en PLT-03299

DOWNLOAD THE REPORT HERE

Download our full report ‘Dangers of CSN-only Smart Card Readers’ to get the full details and find out more about this issue. If you understand the security risks of CSN-only readers, you can make sure the proper security mechanisms are in place at your facilities that will help to properly protect your personnel and property.

1 Annex K of ICAO NTWG Biometrics Deployment Technical Report, International Civil Aviation Organization (ICAO), 2015 2 Eurosmart, Cybersecurity vs. User Convenience: Demystifying the Debate, January 20173 ICMA International Card Manufacturers Association, 2014-2018 Global Card Market Trends & Forecasts: The Next 5 Years?, March 2015

WHY IS THIS A PROBLEM?• A CSN is just a number. It has no in-built security and was never intended for anything other than anti-collision

• CSN-only readers ignore the credential data stored in the secure area of a contactless smart card

• If you know what you are doing, you can build a device to clone or simulate the CSN of a contactless smart card and bypass all the security a smart card is supposed to give you

46% 46% of cards produced in 2017 will be smart cards3

70%70 million physical access control contactless cards will be produced in 20172

57% of access control cards are smart cards357%

“There is no protection in use of a CSN because this is often set in software by chip manufacturers and can be changed.”1

WHAT IS CSN?CSN stands for Card Serial Numberand is the unique card serial number ofa contactless smart card. Allccontactless smart cards contain a CSN as required by the ISO specifications 14443 and 15693.

A CSN IS LIKE A HOUSE NUMBERIt is used to identify the card and everybody needs to be able to see it,so it can be so it can be read without any securityor authentication.

Contactless smart cards are one of the most secure identification technologies available – but they have to be used properly. Using a CSN-only smart card reader actually disables their built-in security mechanisms. This summary explains the technology and why using CSN-only readers can give you a false sense of security.

The Dangers of CSN-only Smart Card Readers