Keycard and Biometric Access Control for DFW Office Buildings

 A keycard that still works for a tenant who moved out six months ago is not a security system. It is a liability, and it is one of the most common findings when we audit access control in DFW office buildings every day. The credential database at most multi-tenant towers was bolted together over a decade of tenant turnover, and nobody fully trusts it.

 Modern keycard platforms, biometric overlays, and elevator integrations can give a property manager real-time visibility into who is in the building and when their access expires. The work is choosing the right credential mix and aligning policy with Texas law before the first reader is installed.

Why DFW office buildings need a layered approach

 Office buildings across Dallas-Fort Worth face a different access-control problem than a single-tenant headquarters. A typical Class A tower in Uptown, Las Colinas, or Legacy West mixes professional services tenants across multiple floors with a ground-floor retail bay, a shared parking garage, and a loading dock that sees 30 vendor visits a day.

A layered approach acknowledges that no single technology handles every scenario. The credential at the lobby turnstile, the reader on the elevator panel, and the biometric scanner at a tenant's secure file room each do different jobs. When they share a credential database and an audit log, the property team gets a coherent picture. When they do not, you end up with three vendors, three reports, and no answer to "who was on the 14th floor at 11:47 p.m."

Common pressure points that drive a layered design:

• After-hours pivot when the lobby officer leaves, and the building goes to credential-only access
• High tenant churn in coworking and flex-office floors
• Vendor and contractor access for HVAC, janitorial, and IT work
• Package and food-delivery traffic concentrated at lunch and end of day
• Garage and skybridge entries that bypass the main lobby

Keycard credential options

Not every office building needs the most advanced credential on the market. The right choice depends on tenant mix, budget, and how often the building issues and revokes cards.

Magnetic stripe cards are the legacy option, cheap to print but trivial to clone and rough on readers. Most DFW office buildings still running mag stripe at the perimeter are doing so because a full reader replacement has not been budgeted, not because it is the right answer.

Proximity (125 kHz prox) cards removed the physical swipe, but the underlying protocol is unencrypted and well-documented in the cloning community. A visitor with a pocket reader can capture a prox credential in seconds. For low-risk interior doors prox is still serviceable. For lobby and garage entries it is end-of-life.

Smart cards (13.56 MHz contactless) use mutual authentication and encryption between card and reader. Cloning is far harder, and the credentials can hold additional data such as biometric templates or expiration dates. Most new DFW office building deployments are landing here.

Mobile credentials run on a tenant's phone over Bluetooth or NFC. They reduce the operational load of card printing, lost-card replacement, and tenant onboarding. The tradeoff is dependency on the tenant's device and battery, and a need for a fallback credential when the phone fails. A blended deployment, with smart cards as the baseline and mobile as an opt-in, fits most office portfolios.

 The Security Industry Association ( SIA ) maintains the OSDP (Open Supervised Device Protocol) specification that governs how readers talk to controllers. Specifying OSDP-capable readers during a retrofit avoids vendor lock-in and keeps the door open to credential upgrades without rewiring.

When to add a biometric layer

Biometrics belong on top of a keycard system, not instead of one. The combination of "something you have" (the credential) plus "something you are" (the biometric) raises assurance and fits most office-building threat profiles.

Three biometric modalities show up most often in office buildings:

• Fingerprint readers at executive suites, IT rooms, and tenant secure-storage areas
• Facial recognition at lobby turnstiles for higher-security tenants
• Iris recognition at very high-assurance interior rooms, less common in commercial office space

The right question is not "should we add biometrics" but "where does the cost of a credential compromise justify a second factor." A trading-floor tenant and a law firm's evidence room have very different answers than a marketing agency's open floor.

Texas biometric law and compliance

Texas Business and Commerce Code Section 503.001, the state's biometric privacy statute, governs how businesses in Texas can capture, store, and use biometric identifiers. Before deploying a biometric reader in a DFW office building, the property team and any tenant rolling out biometrics should work with legal counsel to confirm the program aligns with Section 503.001 and any applicable federal or contractual obligations.

Themes that come up in counsel reviews include notice and consent at enrollment, limits on selling or sharing biometric identifiers, retention and destruction requirements when the business purpose ends, and reasonable care in storing the template.

Practical implications: do not enroll a tenant's employees into a biometric system without that tenant's written sign-off, do not store raw biometric images when a one-way template will do, and do not let a biometric database outlive the access-control system that uses it.

Elevators, turnstiles, and parking gates

The credential at the lobby is only useful if it follows the visitor into the building. Three integrations carry most of the weight in a DFW tower.

Destination dispatch elevators read the credential at the lobby kiosk and route the user to the correct floor. Tenants only reach floors they are authorized to use, and the audit log records the floor request, not just the building entry. An elevator modernization project is the natural time to wire destination dispatch into the access-control platform.

Optical and waist-high turnstiles enforce one-credential-one-person flow at the lobby, which is harder to do with a swing door and an officer. They also create a clear failure mode for tailgating and a clear log entry when someone forces through.

Parking and garage gates extend the same credential into the vehicle stream. For DFW properties with shared or adjacent garages, integrating the gate reader with the building's access-control platform avoids the situation where a former tenant still has a garage clicker that nobody thought to deactivate.

After-hours model

The hardest hours for an office building are usually 8 p.m. to 6 a.m., weekends, and holidays. The lobby officer has gone home, the cleaning crew is moving floor to floor, and a handful of tenant employees are working late.

A well-designed policy adjusts automatically. Tenant credentials that were valid 9-to-5 drop to a smaller set of authorized floors after hours. Vendor credentials carry an expiration date and time, not an indefinite grant. Destination dispatch routes after-hours users only to their own floor. The audit log flags any reader event outside its normal pattern for review the next morning.

 The Texas Department of Public Safety Private Security Bureau, at Texas DPS , regulates the officers who staff these environments. Access-control technology and licensed officer coverage are two sides of the same plan.

The officer overlay

 Technology by itself does not greet a visitor , deescalate an upset tenant, or respond when a reader fails on a Sunday morning. A licensed officer at the lobby turns the access-control system from a data source into a service.

 Most DFW office buildings staff a tier-1 unarmed guard at the lobby during business hours, with an after-hours officer covering the building through the night. Higher-risk tenants, such as a financial institution or healthcare tenant, may layer in armed coverage or off-duty law enforcement at specific entries.

Texas DPS licensing baseline

Officers staffing an access-controlled lobby in Texas have to be licensed through Texas DPS:

• Level II, the non-commissioned (unarmed) officer license, requires 6 hours of board-approved training before assignment
• Level III, the commissioned (armed) officer license, requires 45 hours of board-approved training plus firearms qualification

 When evaluating a security provider , ask for current Level II and Level III certificates for the officers proposed for the post, not just for the company license.

What this means for your DFW office building

A modern access-control program is rarely a rip-and-replace. It is a sequence: audit the credential database, retire credentials that should no longer be active, plan a reader upgrade path on OSDP-capable hardware, scope where biometrics justify the cost and the Section 503.001 work, and align the technology stack with the officer coverage plan.

Frequently Asked Questions

Keycard or mobile credential for a new DFW office tower?

A blended approach fits most properties. Smart cards as the baseline give the building a vendor-neutral default, and mobile credentials layered on top reduce the cost of issuing and revoking access for high-turnover tenants. Avoid going exclusively mobile until the fallback flow has been tested for dead batteries, lost phones, and tenants who decline the app.

How should we handle privacy concerns about biometric scanners?

 Treat biometrics as a separate program with its own notice and consent process. Enroll only the people who need higher assurance, store templates rather than raw images, and destroy data when the purpose ends. Communicate the program to tenants in writing before deployment.

Does Texas biometric law restrict what we can do in an office building?

Texas Business and Commerce Code Section 503.001 sets the rules for how businesses can capture, store, and use biometric identifiers in Texas, including informed consent, limits on disclosure, and reasonable care in storage. Building owners and tenants should review the specific deployment with counsel before enrolling employees or visitors.

What does a retrofit cost for an older office building?

Cost depends on door count, existing wiring, elevator vintage, and whether the controllers are being replaced. The variables that move the budget most are destination dispatch elevator integration, garage gate work, and the credential transition itself.

Can we integrate access control with our existing elevators?

Most modern elevator control systems can be integrated with an access-control platform, though older non-destination-dispatch elevators may need a modernization to fully participate. If your building is planning an elevator modernization in the next three to five years, that is the right time to scope the access-control integration alongside it.

Next step

Cascadia Global Security designs and staffs access-control programs for office buildings across the DFW metroplex, from Class A towers in Uptown to suburban office parks in Plano and Las Colinas. If a tenant turnover or a recent incident has surfaced gaps in your credential system, a 30-minute walk of the lobby and the after-hours flow is usually enough to identify the first three fixes. Reach out through Get a Quote or call (800) 939-1549 and we will pair you with a corporate and commercial security manager who works the DFW market.