Why Proximity Cards Are Putting Your Organization at Risk of Account Takeovers

The threat of account takeovers (ATOs) is becoming increasingly prevalent for businesses across industries with a majority (83%) of organizations in a research report indicating they had been impacted by an account takeover attack at least once over the past year. Once cybercriminals gain access to just one account it can take organizations an average of 11 months to resolve the breach. 

And what is the most common entry point in breaches? Credential compromise caused by unsecure credential solutions. The widespread use of passwords and outdated credential technologies like proximity (prox) cards and iCLASS cards are putting organizations at risk and causing financial, operational and reputational fallout.

While the investment is significant and change management can be complex, the time to start the migration to more secure credentials  is now. Be the organization that prioritizes proactive prevention versus having to deal with the cost of reactive damage control.

Key takeaways:    

• What are account takeovers (ATOs)?   
• Why are proximity cards and iClass cards considered unsecure?
• What risks do outdated credential technologies pose to organizations?

The Growing Threat of Account Takeovers

Account takeovers are a form of identity theft where attackers use stolen credentials to gain access to user accounts. These credentials can be obtained through various means, such as phishing, credential stuffing, and malware. For instance, phishing emails trick users into disclosing their login information, while credential stuffing involves using automated tools to test stolen credentials across multiple sites. Once inside, attackers can siphon funds, steal sensitive data, and even use the compromised accounts to launch further attacks.

The financial impact of ATOs is staggering. According to IBM, the average corporate breach costs nearly $5 million. Beyond the immediate financial losses, organizations also face long-term consequences such as damaged reputations, loss of customer trust, and potential legal liabilities.

Vulnerabilities of Proximity and iCLASS Cards

While they were once the industry standard, prox and iCLASS cards are now among the weakest links in authentication. Proximity cards, commonly used for physical access control, operate at a low frequency (125 kHz) and lack encryption, making them highly susceptible to cloning and other attacks. These cards can be easily duplicated using inexpensive devices available online, allowing unauthorized individuals to gain access to secure areas, business applications and more.

iCLASS cards, while offering slightly better security than prox cards, are not immune to vulnerabilities. These cards use simple encryption methods that can be cracked with relative ease. For example,iCLASS SE reader configuration cards have been found to contain sensitive data that can be extracted and used to create malicious credentials. This makes iCLASS cards vulnerable to cloning, downgrade attacks, and unauthorized access.

Risks Posed by Outdated Credential Technologies

The use of outdated credential technologies like prox and iCLASS cards poses significant risks to organizations. These risks include:

• Unauthorized Access: Cloned or stolen cards can be used to gain unauthorized access and manipulate systems, override controls, steal personal data and disrupt operations.
• Data Breaches: Compromised credentials can be used to access sensitive data, resulting in data breaches that can have severe financial and reputational consequences.
• Account Takeovers: Weak credential technologies make it easier for attackers to perform ATOs, leading to financial losses and operational disruptions.
• Compliance Issues: Organizations that fail to upgrade their security measures may fall out of compliance with industry regulations and standards like GDPR, HIPAA, and ISO 27001, leading to potential fines and legal repercussions.

When analyzed on an industry-specific scale, outdated credentials can mean hospital patient data being accessed by unauthorized parties, supply chains being disrupted causing plants to pause operations or payment methods being exposed within retail and financial institutions.

The Importance of Moving to Secure Credential Solutions

Given the increasing threat of account takeovers and the vulnerabilities associated with prox and iCLASS cards, it is crucial for organizations to transition to more secure credential solutions. Modern credential technologies offer enhanced security features that can help mitigate the risks posed by outdated systems. 

• Encrypted Smart Cards: These cards use advanced encryption and embedded microchips to provide a higher level of security. They are ideal for organizations looking to implement multi-factor authentication and maintain a familiar form factor.
• Mobile Credentials: Digital ID badges stored on smartphones offer a convenient and secure alternative to physical cards. Mobile credentials leverage the built-in security features of smartphones, such as biometric authentication, to enhance security.
• FIDO Passkeys: These cryptographic credentials eliminate the need for passwords and provide phishing-resistant authentication. FIDO passkeys are ideal for organizations looking to move beyond password-based authentication.

Investing in secure credential solutions not only helps protect against account takeovers but also ensures compliance with industry standards and enhances overall security posture. Moving to secure credentials is more than a hardware upgrade — it’s a strategic investment in your organization’s secure future.

Interested in learning how to start the transition to more secure credentials? Our white paper outlines why this transition should be a top security initiative with details on possible upgrade paths that could be right for your organization. Fill out the form below to receive the white paper in your inbox.