By 2020, organisations using smartphones instead of physical access cards (PACS) in offices and restricted premises will increase to 20% from less than 5% recorded in 2016, according to Gartner.

PACS technology, which includes physical cards issued to individuals, is widely deployed across multiple industries to secure access to facilities (buildings, offices, data centres, plant rooms and warehouse), to ensure that only authorised individuals (employees, contractors, visitors, maintenance staff) get access to specific locations.

Mobile technology is already widely used for logical access control. Phone-as-a-token authentication methods continue to be the preferred choice in the majority of new and refreshed token deployments as an alternative to traditional one-time password (OTP) hardware tokens.

Gartner projects that the same kinds of cost and user experience (UX) benefits will drive increased use of smartphones in place of discrete physical access cards. Smartphones using technologies and protocols such as Bluetooth, Bluetooth LE, and near field communication (NFC) can work with a number of readers and PACS technology.

One of the easiest ways to use a smartphone's access credentials is to integrate them—via a data channel or via Wi-Fi—into the access control system and "unlock the door" remotely. This approach requires no change to reader hardware.

Using smartphones can also simplify the integration of biometric technologies. However, this can also pose security risks when an outsider gains possession of an authorised person’s phone. "We recommend that security and risk managers work closely with physical security teams to carefully evaluate the UX and total cost of ownership benefits of using access credentials on smartphones to replace existing physical cards," said David Anthony Mahdi, Gartner research director.