Access Control Credential Readers Explained: Proximity Cards, Smart Cards, Key Fobs, and Mobile Credentials

In any access control system, the credential reader is the front line — the hardware that decides whether to let someone in. While much of the access control conversation focuses on controllers, locks, and software, the reader is what end users interact with every single day. Choosing the right reader type has a major impact on security, user experience, installation complexity, and long-term system scalability.

In this guide, we break down the most common credential reader technologies used in commercial access control systems: 125 kHz proximity cards, 13.56 MHz smart cards, key fobs, PIN pads, and mobile credentials — explaining how each works, where each excels, and the key differences you need to know when specifying a system.

How Do Access Control Readers Work?

A credential reader is a device mounted at the door (or gate, or barrier) that reads a presented credential and sends the data to the access control panel or controller. The panel compares the credential data to a database of authorized users and either grants or denies access.

The reader communicates with the controller via standard wiring protocols — most commonly Wiegand (the traditional 26-bit format) or OSDP (Open Supervised Device Protocol, the modern encrypted alternative). The type of communication protocol affects security, cable run length, and compatibility with controllers.

For more on how access control hardware works together, see our overview of Best Access Control Hardware for High-Traffic Commercial Buildings.

1. 125 kHz Proximity Cards (Prox Cards)

Proximity cards — commonly called "prox cards" — are the most widely installed access credential technology in the world. They use 125 kHz radio frequency identification (RFID) technology. When a card is held near a reader, the reader's radio field powers the card's passive antenna, which transmits a fixed identification number to the reader.

How they work:

• Passive technology — no battery in the card
• Typical read range: 1–3 inches (proximity requires near contact)
• Card contains a fixed, unencrypted credential number
• Common formats: HID Prox, EM4100, AWID

Advantages:

• Extremely low cost per card
• Durable, reliable, long card lifespan
• Enormous installed base — compatible with hundreds of legacy systems

Limitations:

• Fixed, unencrypted credential data can be cloned with readily available devices
• No mutual authentication — the reader cannot verify the card is genuine
• Not recommended for new high-security installations due to cloning vulnerability

Despite their security limitations, 125 kHz proximity cards remain in use across millions of facilities. Many organizations are in the process of upgrading to smart card technology, but budget and legacy system constraints often slow the transition.

2. 13.56 MHz Smart Cards (MIFARE, DESFire, iCLASS)

Smart cards operate at 13.56 MHz and represent a major security upgrade over traditional 125 kHz prox cards. Rather than transmitting a fixed unencrypted number, smart cards use cryptographic protocols for mutual authentication between the card and the reader — meaning both the card and the reader verify each other's identity before any credential data is exchanged.

Common smart card technologies:

• MIFARE Classic — An older 13.56 MHz standard from NXP that is widely deployed but has known vulnerabilities. Better than 125 kHz prox but no longer considered high security
• MIFARE DESFire — A more secure NXP standard using AES-128 encryption. Considered strong for most commercial and institutional applications
• HID iCLASS — HID Global's proprietary smart card platform, available in standard iCLASS and the more secure iCLASS SE/Seos variants
• SEOS — HID Global's latest credential standard, designed to support both physical smart cards and mobile credentials on the same infrastructure

Advantages of smart cards:

• Cryptographic mutual authentication prevents cloning attacks
• Can carry additional data (biometric templates, employee records, printing information)
• Works on the same card format as contactless payment and many transit systems
• Required for many government and high-security applications (PIV, FICAM compliance)

Limitations:

• Higher card cost than 125 kHz prox
• Requires smart card capable readers (not compatible with legacy prox-only readers)
• Migration from 125 kHz to smart card requires replacing both cards and readers, often a phased process

3. Key Fobs

Key fobs use the same underlying RFID technology as cards — either 125 kHz or 13.56 MHz — but in a small, compact form factor that can be attached to a keyring. For end users who do not want to carry an access card, fobs offer a convenient alternative.

From a security standpoint, the fob's security level is entirely determined by its underlying technology: a 125 kHz fob has the same cloning vulnerability as a 125 kHz card, while a 13.56 MHz smart fob (such as HID iCLASS or DESFire) provides the same encryption-based security as a smart card.

Best use cases for key fobs:

• Small businesses and office environments where users prefer a keyring-sized credential
• Parking garages and vehicle access where a keyring-mounted credential is convenient
• Supplemental credentials for employees who already have another primary credential

If you are specifying a request-to-exit (REX) device alongside your reader for doors that require egress detection, our Request to Exit Kits (REX) collection has options for every application.

4. PIN Pads and Keypads

PIN pad readers replace (or supplement) card credentials with a numeric code. Users enter a PIN on a keypad to request access. PIN pads are often combined with card readers in multi-factor authentication setups — requiring both a card and a PIN — for high-security applications.

Standalone PIN pad: The user enters only a PIN. Simple, no credential to lose. However, PINs can be shared, written down, or observed by others (shoulder surfing), making standalone PIN access less secure than card-based systems in most commercial contexts.

Card + PIN (multi-factor): Significantly more secure than either alone. The card proves something the user has; the PIN proves something the user knows. Appropriate for server rooms, data centers, pharmacy storage, and other high-value areas.

Advantages of PIN pads:

• No physical credential to lose or forget
• Low cost to issue and revoke credentials (just change the PIN)
• Required for some two-factor/multi-factor access control policies

Limitations:

• PINs can be shared, guessed, or observed
• Keypads wear unevenly, making frequently used digits visible over time (use a vandal-resistant, hardened keypad to mitigate this)
• Slower entry flow in high-traffic scenarios

5. Mobile Credentials

Mobile credentials represent the newest category of access control credential technology. Instead of a card or fob, the user's smartphone acts as the credential — communicating with the reader via Bluetooth Low Energy (BLE) or Near Field Communication (NFC).

The credential is issued digitally to the user's phone via a mobile app (such as HID Mobile Access or Allegion Engage). When the user approaches the reader, the phone communicates with the reader's BLE radio and authentication occurs — no physical card required.

Advantages of mobile credentials:

• No physical card to issue, lose, or replace — significant administrative savings in large facilities
• Credentials can be issued and revoked instantly via software
• Modern encryption standards (often better than legacy 125 kHz systems)
• Supports "tap to access" (NFC) and hands-free "twist and go" features (using phone motion + BLE)

Limitations:

• Requires a smartphone; not practical for all user populations (visitors, contractors, employees without compatible devices)
• Reader must support BLE/NFC mobile credentials — not all legacy readers do
• Bluetooth range can vary with building materials and phone placement
• Relies on users keeping their phone charged and the app installed

Mobile credentials work alongside physical electric strikes and electronic locks. See our article on Electric Strikes Explained for more on integrating readers with locking hardware.

Multi-Technology Readers: Bridging Legacy and Modern Systems

One of the most practical product categories in access control today is the multi-technology reader — a reader that can accept both 125 kHz prox cards and 13.56 MHz smart cards (and sometimes mobile credentials) simultaneously.

Multi-technology readers are the ideal solution for facilities in transition. You can replace all your readers with multi-tech models first, then issue new smart cards to users gradually — without any disruption to access. Old prox cards continue to work during the transition, and new smart cards work from day one.

Major reader manufacturers including HID Global, Allegion (Schlage), and ASSA ABLOY all offer multi-technology reader lines.

Reader Mounting and Wiring Considerations

Readers are typically surface-mounted on the wall or mullion adjacent to the door, or flush-mounted in a single-gang electrical box. Key considerations when mounting readers include:

• Height: ADA guidelines recommend mounting controls (including readers) between 15 and 48 inches above the floor for accessibility
• Proximity to metal: Metal surfaces can interfere with RFID read range; use spacers or anti-metal pads as needed
• Wiring: Standard reader wiring uses a 4–6 conductor cable; OSDP readers may require a 4-conductor shielded cable for RS-485 communication
• Outdoor vs. indoor ratings: Outdoor readers should be rated at minimum IP55 or IP65 for weather resistance; vandal-resistant models are recommended for exposed or high-risk locations

Choosing the Right Reader Technology

• New system, security-conscious: 13.56 MHz smart card reader with DESFire or iCLASS SE/Seos credentials
• Legacy system upgrade: Multi-technology reader (125 kHz + 13.56 MHz) to allow phased migration
• High-security area: Multi-factor reader (smart card + PIN) with OSDP communication
• Modern enterprise facility: Mobile credential-capable reader (BLE/NFC) with smart card backup
• Budget-constrained application: 125 kHz prox is acceptable for low-security interior doors; avoid for exterior or high-value areas

Final Thoughts

The credential reader is one of the most visible — and most consequential — components in an access control system. Specifying the right reader technology for each application ensures that the system provides the security level you need, scales as your requirements evolve, and delivers a smooth user experience for everyone who uses it every day.

At SNTRY Supply, we carry a full range of access control hardware to complement your reader infrastructure — from electric strikes to power supplies to request-to-exit devices. Our team of commercial hardware specialists can help you build a complete, integrated access control solution from credential to controller.