Access card cloning poses a serious threat to business security. Our latest feature explores the risks, real-world insights from expert Mike Nash of Third Millenium - and practical steps to protect your access control system from security risks.
In today's fast-moving digital world, it’s easy to assume that threats come from complex hacks and sophisticated breaches. But one of the most alarming vulnerabilities in security systems today is deceptively simple: access card cloning.
Access cards - widely used for building entry, restricted zones and secure systems - may seem like safe, everyday tools. But beneath that sense of security lies a growing threat that’s catching many businesses off guard.
At the recent Security Event 2025, CIE sat down with Mike Nash and Third Millennium to dig deep into this pressing issue. The message was loud and clear: cloning access credentials is terrifyingly easy -and many businesses have no idea how exposed they are.
In the context of access control, card cloning refers to the unauthorised copying of the data stored on an RFID-enabled card. That copy can then be used by bad actors to gain entry into secure areas - bypassing layers of protection without setting off alarms.
As Mike Nash explained, “It's all too easy to get hold of malicious devices where you tap and RFID card, tap it again and it’s cloned. And the scary thing is, nobody really knows. Nobody’s aware that this is so easy to do”.
Unfortunately, they don’t need to be expert hackers. Basic cloning devices can be bought online for as little as £20 - cheap, accessible and disturbingly effective.
When a cloned card falls into the wrong hands, the risks escalate rapidly:
Cloned cards put your premises at risk and compromise the security of your access control system. And the consequences go far beyond physical security breaches. Attackers can erase access logs, making it hard to even know how or when the breach occurred.
In the words of Mike Nash: “We’ve been at so many events... demoing how easy it is to clone a card. And it is terrifying.”
Many legacy access systems still use low-security RFID cards, which are easy to read and copy. In these systems, the card simply sends a fixed code to the reader - if someone intercepts that signal, they can duplicate it.
It’s not just about the card - it’s the whole ecosystem; including readers, credential formats and backend controllers.
Fortunately, solutions are available - and they’re not out of reach. According to Mike Nash, it’s about understanding your risk profile and choosing the right mix of technologies.
He recommends:
Secure options include:
You don’t need to rip out your entire access system to improve security. Here are five actionable tips to help reduce your risk today:
Review what types of access cards are in use. If you're still using low-frequency or unencrypted RFID cards, it's time to consider an upgrade.
Move towards secure encrypted credentials such as MIFARE DESFire or HID iCLASS SE. These offer advanced protection against cloning.
Add layers to your access protocol. Combine card credentials with PIN codes or biometrics for more secure entry.
Unusual access times or repeated entries can be red flags. Investigate discrepancies quickly and thoroughly.
As Mike Nash emphasises: “Call us. Speak to the specialists. We’ll give you free advice. You can send us card samples for testing”
For organisations ready to strengthen their security posture, Third Millennium offers a suite of future-ready access readers designed with security at their core.
The Third Millennium range includes:
From mobile-ready readers to dual-authentication models, Third Millennium’s solutions are engineered for environments where trust and protection are paramount.
Available in the UK exclusively through CIE-Group, this cutting-edge range is already helping businesses across sectors - from corporate offices to data centers - stay ahead of modern threats.
The most dangerous part of card cloning isn’t just the technology - it’s the false sense of security many organisations operate under. If your access system hasn’t evolved in years, now is the time to re-evaluate.
As Mike Nash puts it, “We just want to build awareness really, of the dangers of card cloning and the security around it.”
So take the first step. Audit your systems. Ask the tough questions. And don’t wait for a breach to force change.
Let the CIE system design team help with your next access control projectFor more information on the Third Millenium Access Reader range, contact CIE-Group today and enhance your organisation's security infrastructure with the highest standard in security systems; please call the team on T. 0115 9770075 or email [email protected]
|