Late 2015 and early 2016 have proven to be a critical time period in the development of mobile credentials, as the projects involving this technology are now moving from the pilot stage to fully delivered systems. IHS estimates that in 2015 there were fewer than 2 million mobile credentials downloaded; however, by 2020 the global market for mobile credentials is expected to grow at a compound annual growth rate (CAGR) of 140 percent to reach 136 million downloads. The use of mobile credentials will soon become a significant credential form factor, as 20 percent of all credentials will be mobile by 2020, according to the IHS Access Control Intelligence Database - Mobile Credentials report.
Mobile credentials are currently more commonly used in North America and Western Europe, where a high penetration of high-end smartphones, and a focus on more security innovation, makes mobile-based credentials a natural fit. Most of the projects that have already come to fruition have been in the commercial, government and education sectors, where the number of credentials needed – and the budgets to pay for them -- has allowed these systems to be installed.
The commercial sector will remain the major driver of mobile credentials from 2015 to 2020, growing at a CAGR of 139.2 percent. By 2020 there will be 71.7 million downloads, representing more than half of the entire commercial market. The commercial sector is expecting significant growth, as mobile credentials are a natural fit for many office workers.
Offices normally do not require a large number of access-control-secured doors, once workers have entered the building, because opening a smartphone application is less frustrating, if it only has to be done now and then. It is not uncommon for large commercial companies, particularly in Western Europe, to issue a company smartphone to employees. A smartphone supplied by the enterprise is covered by that enterprise’s IT security policy, so the IT department has a large amount of control on what apps are installed on the company-issued devices. Doing so minimizes the risks associated with workers being targeted by malware via apps.
Within the commercial sector, the hospitality market will also play a substantial role in demonstrating the use of mobile credentials. There are huge convenience benefits for hotel guests who use their smartphones to check in and check -out, open their hotel room doors, and order room service via one application. Both Starwood and Hilton hotel chains have incorporated all of these functions into their smartphone applications. The hospitality market is currently the best use case example on the market for mobile credentials and should help increase user adoption in other vertical markets by introducing the technology to the mass market.
Education will also be an excellent market for mobile credentials. The high proportion of young people with high-end smartphones means that there will be fewer end-user barriers to the use of mobile credentials. Re-issuing cards is common in the education market, as there is a high turnover of students every year. The high turnover inflates the cost, in terms of money and time, of issuing physical credentials, meaning that mobile credentials could be an attractive solution.
The government sector is also expected to experience a rise in mobile credential use, since it is an efficient access-control management mechanism. By removing the need for physical credentials, the repeated re-issuance costs and personnel needed to manage those credentials are also reduced, allowing for human resources to focus on other tasks. In the United States, for example, the Federal Information Processing Standards (FIPS) 201-2 update in special publication 800-157 concerning derived credentials reveals that the U.S. government is actively investigating how to include mobile credentials into its security plans. Special publication 800-157 examines how to best use mobile credentials, when a personal identity verification (PIV) card would be impractical, rather than replacing PIV cards completely. The government sector also tends to issue smartphones to its employees, requiring the enforcement of stringent cybersecurity rules. While the “bring your own device” situation would not be acceptable to many government IT networks, by leveraging government-issued smartphones, cybersecurity is more easily managed.
The use of smartphones has disrupted a variety of industries -- from transportation tickets, to payments, to identity confirmation -- and the security industry will also be affected by these changes. The mobile credentials market will be led by governmental, commercial and education sectors, but it is likely the use of mobile credentials will affect all of the vertical markets in the security industry.