EM Card in Access Control: Types, Security & How to Choose (2026)
May 14, 2026
Leave a message
The 125kHz Card That Still Runs Most Buildings
Walk into any mid-rise office building, residential complex, or industrial park, and chances are the access cards tenants carry in their wallets operate at 125kHz. These are EM cards, proximity credentials built on the EM4100 or TK4100 chipset, and they remain the most widely deployed door-access technology on the planet. Over 73% of organizations globally rely on some form of RFID-based access control (Market Growth Reports), and a significant share of that installed base still runs on EM technology from the early 2000s.
An EM card is a passive, read-only RFID credential. It carries a 64-bit unique identifier (UID) permanently burned into the chip at the factory. There is no battery inside. When the card enters the electromagnetic field of a compatible reader, typically within 2 to 15 cm, the field energizes a copper antenna coil embedded in the card, and the chip transmits its UID via Manchester-encoded modulation. The reader captures that number, sends it to a door controller, and the controller checks it against a database to decide whether the lock opens. Procurement teams searching for an em4100 card for door access are usually looking at exactly this chip, or its pin-compatible clone, the TK4100.
Physically, the standard EM proximity card conforms to ISO 7810 ID-1 dimensions (85.5 mm × 54 mm × 0.76 mm) and is manufactured in PVC, ABS, or PET depending on durability requirements. Operating temperature ranges from −20°C to 50°C. For a deeper look at how RFID chips store and transmit data at the protocol level, Syntek's technical overview covers the signal and encoding fundamentals.
How Does an EM Card Work in an Access Control System?
Every em card access control interaction follows the same signal chain: card → reader → controller → database → electric lock. The EM card reader for access control outputs the captured UID using the Wiegand 26-bit protocol, a decades-old interface that has become the de facto wiring standard in the access industry. Wiegand 26-bit gives EM cards extraordinary reader compatibility: virtually any access controller on the market will accept it.
Because the Wiegand 26-bit payload is a flat, unencrypted number with no session authentication, any device that can intercept the signal between reader and controller can replay that credential. The openness that made 125kHz systems easy to deploy is the same property that makes them easy to compromise.
Typical deployment scenarios where EM-based systems remain dominant include residential community gates, parking garage barriers, factory floor time-attendance stations, and secondary internal doors within larger campuses. For a broader picture of how RFID technology fits into modern access architectures, Syntek's introduction to RFID access control maps out the full ecosystem.
EM Card vs. IC Card vs. CPU Card: What Actually Differs
Most comparison articles lay out a feature table and move on. The table is useful, but the real purchasing implications sit underneath it.
| Dimension | EM Card (ID Card) | IC Card (Mifare) | CPU Card |
|---|---|---|---|
| Frequency | 125 kHz | 13.56 MHz | 13.56 MHz |
| Memory | 64-bit UID, read-only | 1–4 KB, read-write | 8–64 KB+, read-write with OS |
| Encryption | None | CRYPTO1 (Classic) / AES (DESFire) | AES-128/256, on-card crypto engine |
| Cloning resistance | None - cloned in seconds | Low (Classic) to High (DESFire EV3) | Very high - mutual authentication |
| Multi-application | Single function | Moderate (access + attendance) | Full (access, payment, identity) |
| Unit cost (bulk) | $0.08–$0.15 | $0.30–$1.20 | $1.50–$5.00+ |
| Typical use case | Basic door access, parking | Office access, campus cards | Government ID, banking, transit |
Cost ranges based on Syntek's bulk order pricing at 10,000+ unit volumes; actual pricing varies by chip variant, printing, and encoding requirements.
The core difference between an em card and a Mifare card is not just a frequency number. It is the difference between a credential that broadcasts a fixed serial number to anyone listening and a credential that can challenge the reader to prove its own identity before sharing data. Between an IC card and a CPU card, the leap is from sector-level key protection to a full on-card operating system capable of running cryptographic applets, the same architecture that secures bank cards and national IDs.
The Security Truth About EM Cards: What Most Guides Leave Out
Here is where most educational content stops at "EM cards can be copied" and moves on. The reality is more specific, and the specifics matter for anyone making a procurement or upgrade decision.
An EM4100 card transmits its UID in the clear, with no authentication handshake, every time it enters a reader field. Security researchers have demonstrated working clones produced in under 30 seconds using handheld RFID copiers that cost less than $20 (Security Scientist). In 2013, a researcher at Bishop Fox built an Arduino-based 125kHz reader-writer to prove that em4100 rfid card security is, in practical terms, equivalent to photocopying a barcode (Kisi).
But the risk extends beyond someone borrowing a card for a minute. Academic research has demonstrated that high-power antenna setups can read a 125kHz EM card UID from distances up to 3 meters, well beyond a cardholder's awareness that their credential is being captured (MDPI Technologies). That makes "card in your pocket" theft a realistic attack vector, not a theoretical one.
Here is the part that most vendor-written articles will not tell you: upgrading from EM to Mifare Classic does not solve the problem. Mifare Classic's CRYPTO1 cipher was academically broken years ago, and open-source tools (MFOC, MFCUK) can crack sector keys from a single card interaction. Consumer devices like the Flipper Zero have brought Mifare Classic cloning into hobbyist territory. The genuine security upgrade path leads to Mifare DESFire EV2 or EV3, which use AES-128 encryption and mutual authentication, a fundamentally different security model. In a vendor-conducted controlled deployment test, a European security technology firm reported that encrypted smart card deployments reduced card cloning incidents by 96% (Market Growth Reports).
This distinction matters because procurement teams frequently approve budgets for a "Mifare upgrade" without specifying the Mifare variant. The cost difference between a Mifare Classic and a DESFire EV3 credential is roughly 3–5× (based on Syntek's manufacturing pricing at volume), and the security difference is the gap between "breakable with free tools" and "not practically breakable with current methods."
When 125kHz EM Cards Still Make Sense - and When They Do Not
Dismissing EM technology entirely would be as unhelpful as ignoring its limitations. There are legitimate scenarios where a 125khz em proximity card remains the right choice, and knowing the boundary prevents both over-spending and under-protecting.
EM cards remain defensible for internal secondary doors in environments where the perimeter is already secured by higher-grade credentials or biometrics, such as an interior supply closet inside a DESFire-protected office suite. They also fit budget-constrained deployments where the protected assets have low replacement value and the threat model does not include targeted physical intrusion: community recreation rooms, non-sensitive warehouse zones, basic time-attendance where the card is paired with a PIN code for two-factor verification.
EM cards stop making sense the moment the facility handles regulated data, financial instruments, pharmaceutical inventory, or any asset whose compromise triggers compliance consequences. Data centers, financial trading floors, healthcare medication storage, and government installations should not rely on credentials that can be duplicated with a $15 device from an online marketplace.
One scenario that catches organizations off guard is building handover. When a property management company takes over a building, the access card inventory is almost never audited for credential technology type. The handover documents typically record total card quantity, 500 cards, 200 active, but not chip model or operating frequency. The acceptance procedure tests whether each door opens, not whether the credential behind it is encrypted or broadcasting a fixed UID in the clear. This gap sits in the gray zone between the incoming property manager and the outsourced security contractor, each side assuming the other has verified what the cards actually are. Two buildings using the same brand of reader hardware may run completely different card technologies, one secure, one trivially clonable, and the difference is invisible without a deliberate audit (ACS Ltd).
Where the Access Control Card Market Is Heading
The global card-based access control market is valued at approximately $5.75 billion in 2025 and projected to reach $7.84 billion by 2030, growing at a 6.4% CAGR (Mordor Intelligence). Within that market, RFID and NFC technologies account for 57.75% of access control connectivity (Mordor Intelligence). and contactless reader deployments grew 38% between 2022 and 2024.
The technology migration path runs from EM to Mifare Classic to Mifare DESFire to mobile credentials, each step raising the cryptographic floor. Regulatory pressure is accelerating the timeline: the EU's NIS2 directive, for example, extends cybersecurity obligations to physical access infrastructure in critical sectors, making unencrypted door credentials a compliance gap, not just a security preference. The jump from DESFire EV2 to EV3 looks minor on paper, same AES-128 core, but in deployments processing thousands of daily transactions, differences in anti-replay architecture and transaction speed determine whether your rollout stalls at the reader firmware level or runs clean.
For organizations mid-migration, dual-frequency readers (125kHz + 13.56MHz) are the standard transition tool. They allow legacy EM cards and new smart cards to coexist on the same reader during a phased rollout. The operational caution here is that the 125kHz channel remains active throughout the transition period, which means a downgrade attack, presenting a cloned EM card to bypass the newer credential, is possible until the legacy channel is deliberately disabled (ICT). In practice, write the 125kHz channel deactivation into the migration contract as a milestone deliverable with a fixed date, not a planning note that gets deferred every quarter when a handful of old cards remain unswapped.
How to Choose the Right Access Control Card for Your Project
Rather than listing generic selection criteria, here is the decision sequence that, across 17 years of manufacturing RFID credentials in a 3,600 m² facility running 5 production lines at 100,000+ cards per day, we have consistently seen produce the fewest regrets:
- Start with the threat model, not the budget. Define what happens if a credential is duplicated and used by an unauthorized person. If the consequence is someone accesses a gym locker room, EM is fine. If the consequence is access to a server rack or a pharmacy, skip EM and Mifare Classic entirely. Go directly to DESFire EV2/EV3 or CPU cards.
- Then check system compatibility. If the existing access controllers only accept Wiegand 26-bit input and budget does not allow controller replacement, an em card for access control may be the only viable short-term option, but pair it with a secondary factor (PIN, biometric) and document it as a known risk with a 12–24 month controller replacement target, not an open-ended deferral that never actually closes.
- Then, and only then, discuss unit price. The per-card cost difference between EM and DESFire is real ($0.10 vs. $1.50+ at volume, based on Syntek's bulk pricing), but it is a rounding error against the cost of re-carding an entire building after a security incident or a compliance audit finding.
The most common procurement mistake, by a significant margin, is specifying "Mifare card" on a purchase order without specifying Classic or DESFire, a distinction that determines whether the card can be cloned with a $30 consumer device or requires cryptographic effort beyond any publicly documented attack method. Other recurring errors: confusing EM4100 (read-only, fixed UID) with T5577 (rewritable, the chip actually used inside cloning devices); and overlooking reader firmware requirements when moving from 125kHz to 13.56MHz systems.
If your project requires custom-printed EM, Mifare, or DESFire credentials with specific chip configurations, Syntek's RFID card product line covers the full range from standard white cards to fully customized access credentials.
FAQ: Common Questions About EM Cards in Access Control
Q: What is an EM card and how does it work?
A: An EM card is a 125kHz passive RFID proximity card carrying a factory-programmed, read-only UID on an EM4100 or TK4100 chip. The reader's field powers the card's antenna, triggering UID transmission for database verification.
Q: Can EM cards be cloned?
A: Yes. EM cards transmit a fixed ID without encryption, and working clones can be produced in seconds with inexpensive handheld copiers.
Q: What is the difference between an EM card and a Mifare card?
A: EM cards are 125kHz, read-only, unencrypted credentials for basic access. Mifare cards operate at 13.56MHz with read-write memory and support encryption, enabling secure access and multi-application use.
Q: Are EM cards still widely used?
A: Yes. Their low cost, broad compatibility, and simple deployment keep them dominant in cost-sensitive and low-security environments worldwide.
Q: When should I upgrade from EM cards to smart cards?
A: When your facility handles sensitive data, requires audit trails, or must meet regulatory compliance standards. Target DESFire EV2/EV3 with AES encryption, not Mifare Classic.
For sourcing specifications or custom card configurations, reach out through Syntek's RFID card inquiry page.
Send Inquiry