Plastic Card ID Systems Hold the Key to Building Security

You may not have given it much thought, but your wallet probably contains half a dozen photos of you. This does not make you conceited. Photo IDs - in the form of your driver's license, employee identification card, membership cards, bank cards and any number of credit cards - have become a staple of everyday life. We count on our smiling faces to get us places and, once there, we count on our magnetic stripes or bar codes to purchase what we need to keep us smiling.

Issuers of cards, meanwhile, get peace of mind and a great deal of information. This is particularly true in the athletics, fitness and recreation industry. Banks and credit card companies issue photo IDs primarily to protect themselves, and the end user, against fraud. Sports facility operators, though, utilize cards in myriad ways, from facility security and equipment rental to the performance of fitness assessments and the gathering of demographic data for marketing purposes.

Marce Miller, now a consultant with The Sports Management Group, gained a great deal of experience with security issues as a facility manager at Santa Fe (N.M.) Community College and at Genoveva Chavez Recreation Center, also in Santa Fe. She describes ID cards as a simple but fundamental part of a comprehensive building security program.

"Aside from tracking the data that cards give you, it's really important to look at your pass distribution and facility access as a customer-service function," Miller says. "Customers these days are pretty savvy; they are computer-literate and they have high expectations. If you don't have a fairly sophisticated check-in system, they get frustrated that they're not being serviced as well as they ought to be."

THE SYSTEMS are more sophisticated nowadays, and ID cards look snappier and more professional than ever. Photos produced digitally are of better quality than old-style film-based cards, and card printers have improved, allowing a variety of graphics to be custom-produced on the spot. A fairly recent development is the proliferation of security marks (such as holograms) that make cards difficult for counterfeiters to reproduce.

Where card technology has improved exponentially is in the areas of information storage and retrieval. Magnetic stripes are far from obsolete, and yet so-called "smart cards" can hold up to 100 times more information on their embedded computer chips. Microprocessor smart cards go even one better - they can store huge amounts of information and can be programmed to act on the information - for example, by forbidding entry to certain areas of a facility.

Take a walk through a health club with a cardholder and it's a brave new world, indeed. A club member approaches the front desk, where her card is scanned by a staff member and photo ID visually checked. Or, she slides her card through a card reader, and her photo appears on a computer monitor. If her membership has lapsed, or if her membership is valid only during off-peak times, she may be automatically barred entry at the turnstile.

Once she's been identified as a member in good standing, both she and the club begin to reap the benefits of the system. The member might automatically receive a printout of her workout history, a reminder of the aerobics-class schedule or other information pertinent to her profile. The club's computer gathers information from the member, beginning by logging in the time of her visit. Information gleaned from this visit will be added to that member's profile, which might include anything from billing information to medical limitations. Later, club management will be able to run a report of that day's business - who was in the club, from what demographic group, when they came in and how long they stayed.

Programmed point-of-sale data might allow the member to be billed automatically for pro-shop or juice-bar purchases. It might also set daily limits on (or forbid purchases by) children utilizing a family pass. Club management, meanwhile, might be able to gather sales information to stay on top of inventory control. The member's locker information - which locker, what combination - might be stored on the card, eliminating the headache caused by forgotten numbers. A card-based locker system might be used, in which the member surrenders her card to the locker, retrieving it with a key when finished. Entry into certain areas might be limited by on-site card readers, augmented with staff oversight. Equipment rental might be as easy as the swipe of a card or the wave of a bar-code wand.

METAPHORICALLY SPEAKING, the wand is apt, for the system certainly seems to work like magic. That said, there are a number of potential complications, not the least of which is the difficulty of integrating separate ID-based systems.

In the club realm, this hardly ever comes up - although it might increasingly do so should linked fitness equipment systems continue their march forward. No matter how they're configured, ID-operated fitness equipment can be extremely valuable, for the same reasons ID-based security systems are. But how they're configured makes a difference. Systems in which users must manually record information at kiosks have the disadvantage of depending on users to record information accurately - or at all. Systems that utilize chip-embedded keys or separate ID cards to log user information have the disadvantage of depending on users to remember and hold onto their keys and cards.

And, of course, should facility management wish to integrate the information gathered at the exercise machines into the database created by its front-desk ID system, all bets might be off. "The only way we'd consider that kind of system is if it used our members' regular ID card, so they're not carrying two," says Danny Tanner, vice president of marketing with Spare Time Inc. of Sacramento, Calif. "It's bad enough making them carry one."

The college recreation setting is where most integration complications have ensued. Rec administrators whose rec centers utilize campus-wide ID systems largely sidestep this issue - they avoid the hassle of managing their own system, but can only gather information the university administration wants them to see.

The simplicity of that arrangement is what appealed to Bob Sinclair, director of facility management at Ferris State University, which two years ago completed the renovation of its recreation center. The center's front-desk card reader is linked via phone lines to the university's system, which is used mainly in the school's dining halls. The rec department had to pay for the scanner and pays a fraction of a penny per scan to the university's telecommunications department - a bargain, Sinclair says, since "the university does all the work." Still, things can only get more complicated; Sinclair just purchased a second scanner in anticipation of a new outdoor equipment rental program that will originate in the rec center, and the university is moving toward a deal with a local bank to produce combination student IDs/bank cards.

Jill Schindele, director of the year-old Anteater Recreation Center at the University of California at Irvine, says she spent the entire year prior to opening trying to convince a series of facility software manufacturers to modify their programs for college use, but was repeatedly rebuffed. UC-Irvine's student IDs, accepted at the rec center, have a magnetic stripe and a bar code. Faculty and staff, as well as university affiliates who want rec-center memberships, are issued separate rec-center membership cards. It's a system that Schindele says "works fairly well" - it beats the cost and hassle of issuing secondary ID cards to all students - but what Schindele was hoping for was a system that could avoid a situation where "students swipe their card in this line over here and faculty and staff in that line over there." In addition to having both types of memberships integrated at the front desk, Schindele says, "We also wanted the ability, since we offer a lot of classes and intramurals, to sign up students just by swiping their ID cards, and all their information would already be in the system."

Trouble is, the registrar's office is in charge of issuing IDs to students, and UC-Irvine's registrar was not at all excited about the possibility of rec center security at the cost of a non-secure student database.

"The university is very protective of student information, and we've tried to make the administration feel better by saying that we don't need social security numbers," says Schindele. "We're only asking for a very minor amount of information, but still, connecting to an outside company has to be approached carefully, and I'm not sure rec administrators are the people who should be doing that."

Nor are many software manufacturers keen to enter into a market that may necessitate modifications of their software by virtually every university. Schindele was able to convince UC-Irvine's registrar's office to modify part of its ID program, but she found software companies less enthusiastic about tampering with the architecture of their programs. Add to that the promise of Web-based registration systems and the difficulties of integrating these into university-based systems - and, well, "it's really kind of confusing out there," Schindele says. "Controlling user access in and out of the building is not a problem. That's a comparatively easy thing. But then, all these options are simple independently. The problem comes when you're trying to go a step above and have a fully integrated system."

One complication that's common to all types of recreational buildings is finding a system that can accommodate the whole range of ID classifications. The student/faculty/community user split at college rec centers isn't present at public rec centers - all community members are equal in the eyes of the ID system - but public centers (and other rec facilities) still must deal with the split between users and employees.

Ideally, an ID system will be able to log the comings and goings of employees as well as users. In addition, it should be able to place limitations on different classes of employees. At Spare Time's 10 health-club franchises, front-line employees are given a membership to the club of their choice - they use a standard member's card so that they don't appear to dues-paying members to be circumventing the access system - and club managers carry a "gold card" that allows them to use all 10 clubs.

Miller says that at Chavez Rec Center, community members pay one fee to access everything in the building - they swipe their card, and that's that. Employees have their own IDs and their own employee entrance, which is equipped with a separate card reader. Employees' cards can be programmed to limit access - for example, part-time lifeguards might have cards that forbid entry except when they're scheduled to work. In addition, access to users' information - from phone numbers and addresses down to minute details of their family pass - is strictly limited by the system. Employees' individual computer codes can have database limitations programmed into them.

Ken D'Amato, director of recreation for the City of Greeley, Colo., is of two minds on the security issue. On the one hand, as he has overseen the gradual tweaking of 15-year-old Greeley Recreation Center, he has added or is considering a number of security improvements. He has already decided on separate swipe-card access to the newly renovated weight room and the new climbing room, which is located inside a converted racquetball court. He's currently looking at adding a lobby-area turnstile that would be accessed by ID card, a chip-based key that employees could carry instead of conventional keys, and a palm-reading ID system for employees that would be located at the building's two main perimeter doors.

On the other hand, D'Amato plans to stay with a system whereby users can enter the center with any valid card - even if it's not theirs - and can be buzzed in by front-desk staff if they've forgotten their photo ID.

"It's part of the trust system," D'Amato says. "There's a point of being overly secure. We're not a prison; we're not a lockdown facility. We should be greeting people as they come in and providing good customer service."

AS EASY AS IT MIGHT BE to imagine a system that can effectively take staff members out of the security equation, leaving them free to serve facility users, the human dimension should not be ignored. Staff members, for instance, will be vital to Greeley's carded climbing wall and fitness center, to make certain one user doesn't hold the door open for 40 others to enter cardless. (Even the trust system has its limits.)

Another tweak to Greeley's security system is coming in January, when its contract with a security service runs out and "an internal customer-services representative" takes the place of the security guard.

"Our rep will be in a staff shirt and hold the same authority as the guard," D'Amato says, noting that the contracted guards didn't carry a weapon and weren't authorized to make arrests. "All they could do was call the police and maybe detain people and gather information. Well, we might as well perform that role in a nice way, and have someone on the staff who has the authority to represent us and invoke the rules and policies of the center."

The trouble is, most staffs aren't big enough to oversee "150,000 square feet of rec center," as D'Amato describes Greeley. That's why humans use nonhuman touches such as surveillance cameras and alarm systems to be their eyes and ears throughout the center. D'Amato, who (for instance) reviews gym altercations on videotape, says the public feels "more comfortable" seeing the sign posted inside the entrance warning patrons that cameras monitor activities within.

"When they designed this - boy!" D'Amato exclaims. "It had an open lobby. People walked in the door and could immediately go in three different directions, and if somebody was talking to you at the front desk you might not see someone else slip down a hallway or into the elevator."

Miller credits the explosion of square footages with sparking the rise of security savvy, from ID systems to surveillance cameras to motion detectors to delay locks (alarmed crash-bar doors that wait 20 seconds before opening to admit unauthorized users). The Chavez Center had all but the latter, and staff could access software data that tracked when all doors opened, and whether by authorized or unauthorized users. It was a sophisticated system necessitated by the building's 170,000-square-foot area and multitude of code-required emergency exits.

Sadly, Miller adds, it was also necessitated by the sort of modern-day realities that brought metal detectors into the Chavez Center on Teen Night.

"I've seen some huge changes in the industry," she says. "People, especially people with kids, are now hyper-conscious of all the bad things that can happen. Columbine kind of blew everybody away, as far as what they expect now from public buildings. They want to know that if they drop their kids off that they're going to be safe. It's sad that it's necessary, but then again it's not a bad thing for people to be taking a good hard look at. It would be short-sighted to just assume your community doesn't need it."