A campus credential, more commonly known as a campus card or a campus ID card is an identification document certifying the status of students, faculty, staff or other constituents as members of the institutional community and eligible for access to services and resources. Campus credentials are typically valid for the duration of a student's enrollment or an employee's service.
In 1993, the National Association of Campus Card Users (NACCU) board held its first board meeting at Duke University. The board was composed of thought leaders from Loyola College, Duke University, SUNY Geneseo, and Florida State University. Their vision was to create an organization with the purpose of educating college and university administrators charged with the responsibility for developing card systems by apprising them of newly installed applications, vendor performance, technology platforms, and other matters relating to the marketplace for card systems (National Association of Campus Card Users, n.d.).
Today NACCU consists of campus credential professionals from colleges and universities around the world. NACCU provides its members with opportunities such as webinars, annual conferences, a resource vault, listserv, program assessment resources, and the CampusIDNews publication (formerly CR80News). Membership and activities for NACCU have continued to grow over the years.
In today's complex campus environment, delivery of critical services such as building access, financial transactions, and privilege-based functions (i.e. meal plans, library and recreation facility services, etc.), is dependent on campus credential programs which bring together multiple constituencies, systems, hardware, services, and applications spanning the entire campus community using a single identity (Lv, 2013). Many institutions utilize access control paradigms that assign and revoke access based on structured, reproducible rules tied to their identity management systems (McKee, 2021). The functions of a campus credential program are complex and touch many parts of the campus beyond just the provision of the credential.
Campus credential programs are part of a complex regulatory environment and help institutions comply with laws and policies. Staff who lead these centralized efforts must be knowledgeable of and adhere to multiple institutional/state/provincial/federal regulations such as FERPA, HIPAA, GDPR, PCI DSS/EMV compliance, Red Flag Rules, federal or provincial data privacy laws (Thomas, 2020). Campus credential programs are subject to internal financial and technology audits and internal control assessments.
Campus credential programs can influence and reinforce a sense of belonging for students and other stakeholders. Campus credential professionals need to recognize the impact that a credential and the policies surrounding the credential and its usage can have in shaping a user’s experience. This impact can be particularly salient in helping historically marginalized identities feel a sense of connection and affirmation to a campus environment. For example, the campus credential can play a role in creating a supportive environment in working with the LGBTQ+ community and transitioning students, international students and other populations. Policies dealing with names-in-use/chosen names, pronouns, or other identifying information have an impact on how users navigate the institutional environment, as well as how and where a credential can be used outside of the institution.
Campus credential programs play a supporting role in student health and well-being by enabling university administrators to understand if students are attending class, using dining services, and remaining active with campus academics and campus activities (Kruger et al., 2017). New legislation is pending in the US Senate to require physical credentials (campus cards) to print mental health resources, including the National Suicide Prevention Hotline number, on the back (Hudson, 2021).
The functions of the campus credential, in addition to data storage for the student's identification, vary by University. Some examples of campus credential functions are:
Campus credentials with multiple functions can help simplify internal administrative processes.
Electronic card access has been available on campuses since as early as 1968. Early versions, such as the “VALI-DINE” system at Rochester Institute of Technology, relied on cards with mechanically punched holes to allow access to their dining halls. In the years following, the use of campus credentials and technology has matured. In 1972, California State Polytechnic University installed the first known card-based system utilizing magnetic stripe technology. By 1985, the Harco multi-application, campus-wide system utilizing bar code, Prox contact-based chips and magnetic stripe technology was implemented by Duke University. Technological advances continued to pick up speed with both cashless payment systems introduced by Debitek Inc. and copy machine management introduced by DANYL Corporation in 1986. By the 1990s, universities began linking their campus cards to banks, with Florida State University being the first in 1990. DataCard introduced its first color digital imaging card production system in 1993. In 2001, contactless chip technology cards were introduced and CBORD released the first IP-addressable card reader for campus credential access systems. (Huber, 2007). Technology continued to ramp up, with cloud-based Campus Credential systems growing in popularity in 2005. By 2015, the use of smart devices instead of physical cards soared. And by 2020, wearable credentials, such as wristbands and fobs, gained popularity, along with mobile apps and digital wallets to manage credential functionality (Huber, n.d.).
Today, mobile credential technology is transforming the ways in which students manage their campus experience. The introduction of the campus credential available via Apple and Android smart devices is changing the way students access buildings and pay for goods and services. Mobile credentials build upon generational shifts that impact how students experience their world, communicate, and interact socially (Jaworowski, 2020). By meeting students where they are in terms of technology, the campus credential program can improve student engagement.
Credential programs connect different parts of the campus community around the concept of access. They are increasingly in the forefront of major campus issues, such as the impact of a pandemic. Universities are able to leverage campus credentials to enforce access policies based on testing, symptom monitoring and vaccination status (Duke University, n.d.). COVID-19 has driven the change to mobile credentials to more of a priority as institutions seek ways to provide a frictionless/touchless/self-service means of providing access and identifying people on our campuses.
Beyond the campus environment, campus credentials can be used as voter identification (Hudson, 2019). For example, the State of Alabama accepts the mobile credential as a valid ID for voting if issued by a State of Alabama college or university (Alabama Secretary of State, n.d.). Campus credentials are also accepted as secondary identification by the US State Department for passport application (Travel.state.gov, n.d.).
Campus credential programs have evolved to be essential enterprise systems for campus operations. The business model for campus credential programs is evolving from “plastic card factories” to virtual campus customer service centers offering 24/7 services to stay relevant with technology advances, remote learning and working, and dramatic shifts in generational expectations (Huber, 2017).
As with US/Canadian institutions, the campus card remains the anchor method for student identification in European Higher Education Institutes (HEIs). There is a growing trend among campus administrators and students for the use of hybrid solutions that involve both the campus card and mobile devices to provide campus credentials. In the near future, it is anticipated that fully mobile credentials will be outpace demands for physical credentials, although various mobile devices vendors’ and manufacturers’ ecosystems are currently a barrier as they do not following standardized and homogenized solutions. Both Europe and US/Canada institutions are focused on identification and payments, either at canteens, transportation, discounts, etc. Off-campus, the primary focus is on transportation, student discounts and proof of student status.
Academic mobility is the practice of students and teachers in higher education moving to another institution inside or outside of their own country to study or teach for a limited time. This concept is driving research into the development of a credential which can be used across Europe to provide identification and authentication of students across borders. The primary goal of the European Campus Card Association (ECCA) is to promote the concept of a European Student Card and support the work of the European Commission in this area. ECCA is actively engaged with the European Commission through various research projects to develop a common European Student Card that will support the Erasmus programme. ECCA has recently published a research report on a European Student eID Framework Proposal (ECCA Student eID Framework, 2021). Other research projects ECCA is currently involved in includes ECX-tension (Nealon, 2022).
In the fields of physical security and information security, access control (AC) is the selective restriction of access to a place or other resource, while access management describes the process. The act of accessing may mean consuming, entering, or using. Permission to access a resource is called authorization.
A smart card, chip card, or integrated circuit card is a physical electronic authentication device, used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit (IC) chip. Many smart cards include a pattern of metal contacts to electrically connect to the internal chip. Others are contactless, and some are both. Smart cards can provide personal identification, authentication, data storage, and application processing. Applications include identification, financial, mobile phones (SIM), public transit, computer security, schools, and healthcare. Smart cards may provide strong security authentication for single sign-on (SSO) within organizations. Numerous nations have deployed smart cards throughout their populations.
A personal identification number (PIN), or sometimes redundantly a PIN number or PIN code, is a numeric passcode used in the process of authenticating a user accessing a system.
Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems.
MIFARE is the NXP Semiconductors-owned trademark of a series of integrated circuit (IC) chips used in contactless smart cards and proximity cards.
An electronic identification ("eID") is a digital solution for proof of identity of citizens or organizations. They can be used to view to access benefits or services provided by government authorities, banks or other companies, for mobile payments, etc. Apart from online authentication and login, many electronic identity services also give users the option to sign electronic documents with a digital signature.
Identity document forgery is the process by which identity documents issued by governing bodies are copied and/or modified by persons not authorized to create such documents or engage in such modifications, for the purpose of deceiving those who would view the documents about the identity or status of the bearer. The term also encompasses the activity of acquiring identity documents from legitimate bodies by falsifying the required supporting documentation in order to create the desired identity.
A credential is a piece of any document that details a qualification, competence, or authority issued to an individual by a third party with a relevant or de facto authority or assumed competence to do so.
The Common Access Card, also commonly referred to as the CAC, is a smart card about the size of a credit card. It is the standard identification for Active Duty United States Defense personnel, to include the Selected Reserve and National Guard, United States Department of Defense (DoD) civilian employees, United States Coast Guard (USCG) civilian employees and eligible DoD and USCG contractor personnel. It is also the principal card used to enable physical access to buildings and controlled spaces, and it provides access to defense computer networks and systems. It also serves as an identification card under the Geneva Conventions. In combination with a personal identification number, a CAC satisfies the requirement for two-factor authentication: something the user knows combined with something the user has. The CAC also satisfies the requirements for digital signature and data encryption technologies: authentication, integrity and non-repudiation.
HID Global is an American manufacturer of secure identity products. The company is an independent brand of Assa Abloy, a Swedish door and access control conglomerate. Björn Lidefelt was appointed CEO on 27 January 2020. He succeeded Stefan Widing, who led HID Global for over four years.
A card reader is a data input device that reads data from a card-shaped storage medium. The first were punched card readers, which read the paper or cardboard punched cards that were used during the first several decades of the computer industry to store information and programs for computer systems. Modern card readers are electronic devices that can read plastic cards embedded with either a barcode, magnetic strip, computer chip or another storage medium.
A contactless smart card is a contactless credential whose dimensions are credit-card size. Its embedded integrated circuits can store data and communicate with a terminal via NFC. Commonplace uses include transit tickets, bank cards and passports.
Gemalto was an international digital security company providing software applications, secure personal devices such as smart cards and tokens, and managed services. It was formed in June 2006 by the merger of two companies, Axalto and Gemplus International. Gemalto N.V.'s revenue in 2018 was €2.969 billion.
Digital credentials are the digital equivalent of paper-based credentials. Just as a paper-based credential could be a passport, a driver's license, a membership certificate or some kind of ticket to obtain some service, such as a cinema ticket or a public transport ticket, a digital credential is a proof of qualification, competence, or clearance that is attached to a person. Also, digital credentials prove something about their owner. Both types of credentials may contain personal information such as the person's name, birthplace, birthdate, and/or biometric information such as a picture or a finger print.
Electronic authentication is the process of establishing confidence in user identities electronically presented to an information system. Digital authentication, or e-authentication, may be used synonymously when referring to the authentication process that confirms or certifies a person's identity and works. When used in conjunction with an electronic signature, it can provide evidence of whether data received has been tampered with after being signed by its original sender. Electronic authentication can reduce the risk of fraud and identity theft by verifying that a person is who they say they are when performing transactions online.
Entrust Corp., formerly Entrust Datacard, provides software and hardware used to issue financial cards, e-passport production, user authentication for those looking to access secure networks or conduct financial transactions, trust certificated for websites, mobile credentials, and connected devices. The privately-held company is based in Shakopee, Minnesota and employs more than 2,500 people globally.
University of Business Innovation and Sustainability is a private business school founded in 2006 in Geneva, Switzerland. The schools offers programs globally with international campuses in Geneva, Switzerland as well as Barcelona, Spain. UBIS is currently headquartered in Washington DC, United States.
Apple Wallet, or simply Wallet and formerly known as Passbook, is a digital wallet developed by Apple Inc. and included with iOS and watchOS that allows users to store Wallet passes such as coupons, boarding passes, student ID cards, government ID cards, business credentials, resort passes, car keys, home keys, event tickets, public transportation passes, store cards, and – starting with iOS 8.1 – credit cards, debit cards, and prepaid cards for use via Apple Pay. Wallet was introduced as Passbook with iOS 6 on September 19, 2012. It was renamed Wallet with the release of iOS 9 in 2015. Wallet is also the main interface for Apple Card, Apple's credit card released in the U.S. on August 20, 2019.
Google Wallet is a digital wallet platform developed by Google. It is available for the Android, Wear OS, and Fitbit OS operating systems, and was announced on May 11, 2022, at the 2022 Google I/O keynote. It began rolling out on Android smartphones on July 18, co-existing with the 2020 Google Pay app and replacing the 2018 one.