The most widely available types of RFID (Radio Frequency Identification) cards have a built-in and unchanging identification code. The fact that the cards themselves are not designed to be reprogrammed means that the cloning process must be an internal activity on the RFID computer server. A cloned card will still have its own unique serial number but will have identical access and user credentials to the original card. The most common situation where RFID card cloning is necessary is when issuing guest RFID access cards to facility visitors.
Scan both the unassigned RFID card and the card to be copied at any facility RFID reader. Record each card that was scanned in a notebook. Write down the location of the RFID reader that was used.
Cross-reference the time(s) recorded in the notebook by checking the security access log on the RFID control/server computer. The security access log will be viable immediately after opening the RFID control program on most systems; if it is not, consult the user's manual for your facility's specific RFID reader system for additional instructions. Record all user defined variable information relating to the card to be cloned in the notebook.
Click “Add new card” in the card maintenance menu of the RFID control program. This can also be done in some programs by right-clicking the event log entry when the unassigned card was used. Input the same user defined variables as the card being cloned, as recorded in the notebook. Some RFID control software will not allow two cards with the same name; in this case add a number to the end of the name. For example, the clone of “Guest Card” can be named “Guest Card2” and be a clone in all other respects.
Write a note in all relevant logbooks, such as the RFID software additional notes field or the building security general log, detailing what card was cloned, who it will be issued to and why.
Scan the cloned card at a door that the original card has access privileges to open. If the card opens the lock, then the cloning has been successful. Issue the card to the client.
Adding a slight variation to cloned cards names can help differentiate between individual guests, which can be helpful if the situation requires it.
Be sure to keep careful track of who receives spare cards.
Make sure that individual user groups, such as each company in an office building, know that missing guest cards constitute a major security threat and need to be reported missing so that they can be deactivated on the control computer.