RFID (Radio Frequency IDentification) cards interact via wireless technology when used together with specific RFID devices. A device with writing capacity engraves codes on the card by radio frequency with the identity attributed to the person who carries it, and each time the person presents the card to a receiving device, it reads that identity. The person’s identity on the card can then be used to open a door, or to make an electronic signature, for example.

Today’s mobile devices with NFC technology can also work as cards or as card reading and writing devices. Thanks to this, we can, for example, pay with our smartphone in a payment terminal, which recognizes it as the bank card of the owner of the device. Or even another smartphone can be used as a payment terminal to read RFID cards.

With regard to electronic signatures in the pharmaceutical industry, the use of RFID cards allows convenient and fast authentication to prove identity, as opposed to the use of codes that have to be remembered and modified with efficient anti-hacker policies. It is also an inexpensive and simple technology to incorporate. However, it has a number of drawbacks that make it unusable as the sole means of authentication for employees in the pharmaceutical industry. In the banking sector, for example, being aware of these difficulties, they added a second authentication factor through the additional use of a PIN or password. But of course, this means that in the pharmaceutical industry the password system is still used, and the use of RFID cards would not be adding value.

Even with the substantial benefits they offer, the cards are not without certain challenges and drawbacks. Common challenges include:

• Loss or misplacement of cards allowing unauthorized access:

If a card is lost or stolen, there is a risk of accessing unauthorized areas, accessing production software to obtain restricted information or improperly using machinery. This compromises the security of the environment, leading to identity theft.

• Greater ease for identity fraud:

In environments without additional authentication measures, the risk of identity fraud through the use of RFID cards becomes significant. This not only leads to the possibility of unauthorized actions when accessing environments or equipment under another individual’s ID, but also opens the door to scenarios where an individual could sign manufacturing tasks on behalf of another employee, compromising the data stored in the system. This vulnerability comes from the fact that the cards are prone to misplacement and easily susceptible to being found by third parties. Similarly, the transfer of cards from hand to hand between employees is easier, which increases the likelihood of misuse. This risk of identity theft not only threatens operational security, but also leads to serious breaches of the integrity of system records and data.

• Data protection failure:

Depending on the case, some RFID cards store information on the chip, so a lack of adequate protection could leave it vulnerable to unauthorized access and possible data manipulation. This underscores the importance of implementing robust security measures to safeguard the integrity and confidentiality of the information collected.

• After hours limitations:

The limitations extend outside working hours, where the unavailability of IT support staff could create challenges in the immediate resolution of card-related problems. To illustrate these limitations, we consider a hypothetical scenario: If an employee forgets or loses his electronic signature card, he will be forced to document his actions on paper. Later, when regaining access, they will have to manually enter all actions into the management software they use, potentially resulting in delays in updating information, gaps in records, loss of forms, and poor traceability of actions taken.

• Work overload for the IT department:

An additional challenge is related to the overload of work that falls on the IT team in the management of RFID cards. This process involves purchasing the cards, recording the identity of each employee on each card, and then handing them over. When an employee’s card is lost, forgotten, damaged or stolen, a new one must be made, which involves additional effort. In addition, in cases of forgetfulness, the collection of the previous card must be managed to prevent the employee from having multiple cards. In short, this process generates a significant workload for the IT team, affecting efficiency and generating a constant flow of administrative tasks related to RFID cards.

• Card duplication:

RFID card duplication poses a significant risk, as the ability to make unauthorized copies could lead to improper access. This situation increases the likelihood of fraudulent identifications, compromising system security and jeopardizing the integrity of user identification. The threat of duplication highlights the importance of implementing robust security measures to mitigate this potential risk.

It is essential to underline that, according to the guidelines established by the European Medicines Agency (EMA), the exclusive use of RFID cards for user identification is not considered a sufficiently robust method.

Detailed information can be read in “Concept Paper on the revision of Annex 11 of the guidelines on Good Manufacturing Practice for medicinal products – Computerised Systems”. Specifically, paragraph 28 details the modification of chapter 12 of Annex 11 and states the following:

The perfect solution is to deploy biometric identification as an electronic signature. Using this method, users can easily perform automatic identification by simply looking at an iris sensor (iris biometrics) in any environment including clean rooms, placing the fingerprint on a fingerprint sensor (fingerprint biometrics) in environments where gloves are not worn, or looking at a camera in environments where the face is not covered (facial biometrics).

The regulations themselves establish that with the use of biometrics no other identification factor is needed, recognizing the maximum security that its use provides.

With biometrics, we identify ourselves through aspects inherent to our very nature. This provides a high level of security, as it is impossible for someone to physically steal or copy us. Unlike cards that can be duplicated or stolen, biometrics offers convenience, security, efficiency and time savings. We invite you to read our article “Biometric electronic signature in pharmaceutical manufacturing processes“ where you can learn more about the use of biometrics as an ideal solution for employee identification.

Discover how Verázial ID Pharma solves all employee identification problems in pharmaceutical manufacturing processes.

Contact us for a demonstration and/or personalized study.