Reader Technology Comparison
The reader is the part of an access control system that a person actually touches, taps, or waves at. The technology behind it decides how hard the credential is to clone, how the reader talks back to the controller, and how much the install costs. This article walks through the main families an integrator will specify in Canada today.
125 kHz Proximity (Legacy)
Low-frequency 125 kHz prox cards, the classic HID Prox and EM4100 families, are still everywhere. They are cheap, they read fast, and they work in the cold. They are also insecure. The card sends a fixed number in the clear, with no encryption and no mutual authentication. A handheld cloner bought online can copy one in seconds. Treat 125 kHz prox as identification, not security. Plan to migrate any site that uses it for doors that matter.
13.56 MHz Smart Cards
High-frequency 13.56 MHz smart cards solve the cloning problem with on-card cryptography. Two families dominate:
- MIFARE DESFire EV3 uses AES-128 mutual authentication and encrypted, diversified keys per card. It is an open ecosystem with many reader vendors.
- iCLASS Seos is HID’s credential platform, also AES based, with a managed key model and a credential that can live on a card or a phone.
Both resist casual cloning. The security depends on the keys actually being changed from the factory default and managed properly. A DESFire card running in plain UID mode is no better than prox.
OSDP vs Wiegand
The reader-to-controller link matters as much as the card. Wiegand is the old standard. It is one-way, unencrypted, and a wire tap at the reader can capture or replay credentials. The Open Supervised Device Protocol (OSDP), an SIA standard, replaces it. OSDP runs over two-wire RS-485, supports many readers on one bus, and, with Secure Channel (SCP) enabled, encrypts the link with AES-128 and detects tampering. Specify OSDP with Secure Channel on new work. Wiegand-to-OSDP converters exist for phased upgrades.
Biometrics
Fingerprint, face, and iris readers add a “something you are” factor. They suit high-security areas, data centres, and places where credential sharing is a real risk. Trade-offs: higher cost, slower throughput, environmental sensitivity (cold, gloves, dust), and privacy obligations under Canadian privacy law for storing biometric templates. Most deployments pair a biometric with a card or PIN rather than using it alone.
Mobile, NFC, and BLE
Mobile credentials put the card on a phone, held in a secure element or trusted execution environment. Near Field Communication (NFC) needs a tap. Bluetooth Low Energy (BLE) works at a distance and supports the wave to unlock gesture. Mobile cuts the cost and logistics of plastic cards and supports remote issue and revoke. It depends on the phone, the app, and the user, so most sites run it alongside cards rather than replacing them outright.
Comparison Table
| Technology | Security | Relative Cost | Best Use |
|---|---|---|---|
| 125 kHz prox | Very low (clonable) | Low | Legacy only, low-risk doors |
| 13.56 MHz (DESFire EV3 / Seos) | High (AES) | Medium | Standard for new installs |
| OSDP Secure Channel link | High (encrypted bus) | Low to medium | All new reader wiring |
| Biometrics | High | High | Restricted, high-value areas |
| Mobile (NFC / BLE) | High | Medium | Distributed sites, frequent turnover |
Listing and Compliance
For most regulated and insured installations in Canada, the reader and the panel it connects to should carry a UL 294 listing, the standard for access control system units. UL 294 covers endurance, attack resistance, and reliability. Specify listed equipment, confirm the listing covers the actual model and firmware, and keep the documentation for the authority having jurisdiction.
References
Last updated 2026-06-14.