or, The Hitchhiker’s Guide to Fear and Loathing at a Public Library Reference Desk



Scanning Library Cards on Smartphones

   February 8th, 2011

Scanning library card barcode from smartphoneSomething I really like about smartphones are apps like CardStar and Key Ring - they let you input the numbers from all the club and rewards cards from your keychain and display the barcode on your phone.

Patrons also use these apps for their library card numbers, and some libraries aren't sure how to handle the library-card-on-smartphone situation. It hasn't really come up in my library, but I know our traditional scanners won't read barcodes off a smartphone screen. So, I thought I'd do some research to find out what it would take to accommodate these patrons.

The reason it doesn't work is because traditional barcode scanners are designed to read laser light reflected off a solid surface. Smartphone screens are emitting light, so an entirely different technology is needed.

The scanners that can read barcodes on smartphones are called CCD scanners (what that stands for is less important than a short description or a compare/contrast between CCD and traditional laser scanners).

After learning this, I started looking around at the different models and costs of CCD scanners. I stumbled across a Quora post mentioning a company called FaceCash* which sells scanners for $30. That's cheap enough for experimentation, so I contacted Aaron Greenspan (FaceCash founder) and bought one.

And it worked. I plugged it into a computer's USB port, held it up to an iPhone with a library card displayed on it, and Beep, the scanner read it just like it should. I'm always shocked when tech things work right out of the box. And happily, the scanner also reads** regular barcodes too.

So now, for just $30, my library can accommodate those patrons who make their lives easier*** through mobile technology.

Recent studies show this is fast becoming the standard in the business world - especially airlines. So the only question is whether or not libraries are willing to honor "virtual" library cards.

I don't see why not. It doesn't seem like fraud would be any more of an issue with this than with regular library cards. When we sign up a patron for a new library card, we give them a wallet card and a keychain card - so already there is more than one copy of the card in existence, which means more than one person could be using it. Since we don't make people show a picture ID when they present their library card, people could already be using someone else's card and we'd never know. Besides, if it's good enough for the TSA and airline security, I think we can manage.

But best of all, accepting these means that it's easier for patrons to bring their library card with them to the library. This is both better customer service and will save staff time in not having to look patrons up. Now that I have this scanner, I just have to wait for a patron to come in who needs it - what a strange feeling to be ahead of the curve.

 


FaceCash - Pay with Your Face*FaceCash is a new way to pay for things - you add money to your FaceCash account, and install the FaceCash app on your phone. Then when you're in a store or restaurant that accepts FaceCash, the app displays your account barcode for the business to scan, and also a picture of your face, so the clerk can verify that you are actually you. With more and more personal data being stored in phones, the visual verification is a great idea. If my library charged fines, I'd want to sign up us to accept FaceCash.

**One limitation of CCD scanners is their short range - just a couple inches, compared to 8-10" range of traditional scanners. Plus, the scanner I bought is trigger-operated, rather than motion-operated like our existing scanners. So, even though it can read both physical and digital barcodes, I don't think we'll swap out what we've got for it, but instead just plug it in and use it when a smartphone patron comes to the desk.

***I like just about anything that reduces waste and clutter. These apps let you store useful information easily, instead of lugging around a whole deck of various cards, and that makes life better. Read a few more tips to simplify your wallet, so you don't end up like George:
George Costanza and his wallet




Tags: , , , , , , , , , , , , , ,


40 Responses to “Scanning Library Cards on Smartphones”

  1. Med bibliotekskortet i mobilen « Peter Alsbjers blogg! Says:

    [...] Army Librarian har ett intressant inlägg om hur man kan skanna streckkoder – som t ex bibliotekskort – med hjälp av en [...]

  2. Chris Says:

    Word, my company did this for the local zoo. They encourage all their patrons to the special events to use the paper-less tickets emailed to their cell phones. It’s a big hit with the customers as well. Our first run through I sat at the gates in case of technical difficulties, and MANY of the guests commented on how cool it was. Sadly, at least half of them also printed out their tickets “just in case” the digital ones didn’t work.

  3. Twitter Trackbacks for Swiss Army Librarian » Scanning Library Cards on Smartphones :: Brian Herzog [swissarmylibrarian.net] on Topsy.com Says:

    [...] Swiss Army Librarian » Scanning Library Cards on Smartphones :: Brian Herzog swissarmylibrarian.net/2011/02/08/scanning-library-cards-on-smartphones – view page – cached Swiss Army Librarian is a blog by Brian Herzog mostly about library and technology issues relating to public libraries Show influential only (1) $(‘#filter-infonly’).change(function() { var el = $(this); var url = document.location.href; var checked = el.attr(‘checked’); if (checked) { document.location.href = url + ((/?/.test(url)) ? ‘&’ : ‘?’) + ‘infonly=1′; } else { document.location.href = url.replace(/[?&]?infonly=1/,”); } }); [...]

  4. Jason Says:

    Actually you can get long-range CCD scanners. Some time ago we moved to nothing but USB WASP 8905 scanners with stands. They work great. (And I’ve also used them to scan my PC screen when working on a barcode project or two!)

    They’re a whole lot more than $30 though, I’ll have to keep this place in mind when we need replacements.

  5. Brad Czerniak Says:

    Barcode-saving apps are a nifty tool, but there are many inherent security risks associated with them.

    A quick aside: The “Recent Studies” links are both articles about users scanning barcodes using their phones’ cameras — for instance QR codes or UPCs — not about using phones AS barcodes.

    Barcodes are just a mechanism for encoding information into something reliably machine-readable. They are not secure in-and-of themselves. Airline ticket barcodes are probably implemented in such a way to make forging digital boarding passes quite difficult. Additionally, those codes are only one part of the airport security/anti-theft process.

    Library barcodes, on the other hand, tend to be sequential numbers, often with a prefix of a few digits to avoid collisions between libraries. If a would-be hacker can reasonably guess the common digits of a barcode (say, 8 out of 14 digits), they need only guess 6 digits. That’s only 100,000 possible barcodes. If all they want to do is check out a book as someone else, for instance to disable a gate security mechanism, they should be able to access an account pretty quickly.

    Often barcodes are the only authentication factor implemented by a library. Considering how much we value our patrons’ privacy and security, this fact is really scary.

    One way an enterprising hacker could compromise an easily-guessable barcode system is with a smartphone-compatible barcode “fuzzer” and an unattended self-checkout station.

    Another attack vector: who says the barcode has to be a library card number? I don’t know about Chelmsford’s Sirsi-Dynix system, but Millennium’s circ module lets you scan/type either a barcode or a patron’s name into the text field to bring up their patron record. So I could produce a barcode that would bring up my (or anyone else’s whose name I know) patron record. This could be used to prank an enemy or for social engineering purposes.

  6. Brian Herzog Says:

    @Brad: I’m sorry about the “Recent Study” links – I guess I can attribute that to tunnel vision. I’ve edited the post accordingly.

    I do agree with you that no security system is infallible. If someone really wants our books without being responsible for them, I think just stealing them is easier than trying to spoof some other patron’s barcode.

    I would be hesitant with a system that permits search-by-name, but it seems the security loophole there doesn’t have to do with the barcode, but with that someone can search by name – what’s to stop a patron from just typing in someone else’s name?

    Our staff interfaces all do lookups based on a single barcode, but any patron interface requires both the patron’s barcode and PIN (our self-check machines don’t have scanners that can read from smartphones). It is likewise not impossible to crack, but it is another layer of security.

    I see this more as a customer service angle than a security one – like anything else, if we find it is being abused, we can always reassess and revise.

  7. Adam Steele Says:

    The only problem I can see is that at our university library, we require patrons to have some sort of photo ID. If we can’t match a face to a face to a name we won’t check out their books. Maybe it’s too much, but when it’s $600 nursing books going out, we like to be sure.

    Sure, my bank has the technology to scan my driver license into their system so all I need is my 5 digit number, but this is not a part of any of the majors ILSs I know.

  8. Brian Herzog Says:

    @Adam: I worked at the KSU reference desk while in library school, and I don’t think they did that in the main library. That’s impressive security – and not a bad idea. It might be overkill for a public library (we don’t even require patrons to present their card to check out in my library), but I don’t think it’s unworkable if it’s worth it. It’s all just a balance of risk and reward – the risk of someone gaming the system and the library losing materials versus the reward of minimal barriers to access. $600 nursing texts seem to warrant it, but James Patterson novels might not.

  9. Brian Herzog Says:

    @Brad: I forgot to mention another method of barcode security – I don’t think the barcodes in my consortium aren’t just sequentially numbered. I’m pretty sure they all include a check digit, to prevent people just guessing someone else’s number. ISBN also uses a check digit to make sure it’s a valid number, and I think we use a similar but different method for calculating check digits – it won’t stop someone creating a completely dummy barcode that fits all of our other criteria (like you said – 14 digits, certain starting numbers, etc), but it does help protect other patrons’ barcodes from being spoofed.

  10. Carla Says:

    There is a *huge* issue with scanning smartphones instead of cards. CardStar lets you enter *any* number and produces a barcode for it. So anyone’s library card number can be entered and used to checkout. When we give out cards, we remind patrons they are liable for anything checked out and to keep them safe like credit cards. If you’re not using the wallet or key card, destroy it. Would you check out to someone who “knew” their number and could tell you but had no ID? Very dangerous territory–very easy to spoof the account number and run off with valuable materials.

  11. Brian Herzog Says:

    @Carla: The policy in my library is that we do not require patrons to present their card when checking out (if they don’t have their card, we will look them up by their name). So for us, since we don’t require them to present their physical card, having them give us a digital card is really no different than them telling us their name. I know this policy wouldn’t fly in every library, but it works pretty well for our community.

  12. Alan Says:

    For many libraries, this is a case of sacrificing security in order to seem current with technology. What Carla said is correct. Just because library cards have barcodes doesn’t mean you should treat them as casually as rewards cards.

    This is particularly troublesome when it comes to self-checkout, where, if you permit smartcard scanning, there is zero opportunity to observe someone spoofing a library card number.

    Some people point out that the system already has holes in it, so what’s the big deal? But just because security is not 100% effective doesn’t justify intentionally reducing it even further.

    Allowing smartphone scanning will mean that whenever a patron claims that an item is mistakenly checked out to them, we’ll no longer have any basis to challenge them.

    I like smartphones, but letting them be a proxy for a library card is a poor use of technology.

  13. Tweets that mention Swiss Army Librarian » Scanning Library Cards on Smartphones :: Brian Herzog -- Topsy.com Says:

    [...] This post was mentioned on Twitter by Easter M. DiGangi, Kerri H @ SCLS. Kerri H @ SCLS said: have your patrons asked about scanning library card from their smartphone? http://bit.ly/gcdc8K We tested- our current scanners won't work. [...]

  14. Lauren Says:

    What if it was set up as part of a library app where you had to log into your library account with a pin before you could bring up the bar code? That would actually add security to the process since patrons would have to know their pins.

  15. Brian Herzog Says:

    @Lauren: That’s a great idea – I’m not sure if a card is built into library apps, but that would add a bit of security. It wouldn’t stop people from recreating their cards with apps CardStar and Keyring, but if the library only scanned cards from their own apps, and self-checks required a PIN, then that would indeed make things more secure.

  16. Links of Interest : February 18th, 2011 « A Modern Hypatia Says:

    [...] grocery, or whatever) card and carry the device, not the card. Brian at Swiss Army Librarian has a great post on the issues of using scanned barcodes on mobile devices, and looks not only at the policy piece, but at the technology one (many scanners won’t [...]

  17. Using your smart phone to check out books | jilldweber Says:

    [...] the whole story here: Swiss Army Librarian Reports on using Smart Phones to check out books This entry was posted in Uncategorized. Bookmark the permalink. ← Apropos of Nothing [...]

  18. Infobib » Smartphone ersetzt Bibliotheksausweis? Says:

    [...] Idee stammt vom Swiss Army Librarian, der wiederum auf Vagabondages verweist. Mein Umsetzungsvorschlag, um Sicherheitsbedenken entgegen [...]

  19. Melanie Says:

    Here at a library in WI, a South Central Library System member, our policy is a library card or photo id for check out. we also require that a patron bring or remember their barcode and pin to use the computers. If the library app lets more than one card be scanned then the user could use other peoples accounts for check out and computer use, In our library computer usage is restricted to cardholders account. Also we had had problems with family members running up huge fines on their cards and using all card holders accounts to avoid paying and racking up bills from over one hundred to several hundred dollars. I personally don’t think that it is a good idea unless the app is restricted to one card.

  20. Brian Herzog Says:

    @Melanie: this is definitely something that depends on local circulation policies. But we need to make sure that we’re not disallowing cards on smartphones because of reasons that people can get away with with physical cards. For instance, what’s to stop someone from logging into a computer with an actual library card, then handing it to someone else and letting them log in on a different computer at the same time?

    I think what we need are better policies and better tools. Computer timer software doesn’t allow simultaneous logins, or an ILS that can link cards to prevent the abuse of shopping around family members’ cards. Technology is the solution, not the problem, and cards on smartphones are a reality for many patrons, so hopefully we can come up with a system to effectively accept them.

  21. Melanie Says:

    Our computer software Telus doesn’t let the same barcode log in at one time. We do monitor usage and explain the policy of not using another patron’s card as well as point out the policy posted right there at the computer station.The policy is to prevent patrons being upset with other patrons gaming or chatting when they are looking for jobs, doing resumes ect. trying to be fair to all because kids who chat or game have as much right to the computer as those who dont. And I agree it would be nice to come up with the technology to prevent the abuse of other family members cards and /or the library itself. Its just disheartening to see those who are costing the library thousands of dollars in replacement costs thus shrinking what is available to purchase for the rest of the community. Not saying those with smart phones would abuse the system.

  22. Neue Technik: Benutzerausweis auf dem Handy « Nachrichten für öffentliche Bibliotheken in NRW Says:

    [...] Der Einsatz von mobilen Endgeräten tritt auch immer stärker in den bibliothekarischen Alltag. Auf dem englischsprachigen Blog „ Swiss Army Librarian“ berichtet Brian Herzog von dem  Einsatz neuer Handscanner um Bibliothekskunden den Einsatz von Apps zur Darstellung des Bibliotheksausweises zu ermöglichen. Dabei ist es dem Nuzter möglich, den Barcode seines Bibliotheksausweises mit Hilfe seiner Kamera in die App zu lesen. Die Anwendung  bildet  danach den Barcode auf dem Handy-Display ab. Sogenannte CCD-Scanner sind anschließend in der Lage den digitalen Barcode zu verwerten. Mit den Scannern können auch konventionelle Barcodes gelesen werden. Den vollständigen Artikel finden Sie unter: http://www.swissarmylibrarian.net/2011/02/08/scanning-library-cards-on-smartphones/ [...]

  23. Brian Herzog Says:

    @Melanie: In regards to smartphones, it seems the best security is to also require the patron’s PIN when they use it. We require it for some transactions now, but maybe it should be more universal – and it should be something the patron would remember, so it shouldn’t add any burden on them.

  24. New Providence tower reaches the fitting-out stage | Electronics, Gadget, Computer Says:

    [...] iPhone and CCD Scanner Image by herzogbr Read about scanning barcodes from smartphones on my website. [...]

  25. Bibliotheksausweis der neuen Generation « Blog der Stadtbibliothek Salzgitter Says:

    [...] Quelle: Swiss Army Librarian [...]

  26. VEDow Says:

    From public library stand point:
    How many of us know every single person who walks up to the checkout desk? Do we always double check the name that comes up (we use Millennium) with the person in front of us? The smartphone app would be no different, no worse than a customer handing staff a card for checkout. (I can’t speak to self-check, etc). To me – there is no difference. The only thing I can require my staff to do, for every checkout, is to verify name and address. That adds time to the transaction.. And, frankly, we have few problems w/ checkouts by someone posing as someone else. Most problems arise with family members (mostly parents!) using whatever card comes to hand, or has no fines/overdues on it. And even that is a low percentage. I say – go w/ what will help the patron, while keeping potential issues/problems in mind.

  27. Top 14 Things Marketers need to know about QR codes « Reviews for Everyone Says:

    [...] and CCD scanner Year peak of herzogbr Read more about the scanning of bar codes of smartphones on my website . Top 14 Things Marketers need to about QR codes Know A comprehensive guide to start using a 2D [...]

  28. iLibrarian » QR Code Roundup: 10 Resources for Librarians and Educators Says:

    [...] Herzog at the Swiss Army Librarian writes about Scanning Library Cards on Smartphones. This is a very interesting article about how we can offer convenience for patrons who want to [...]

  29. Swiss Army Librarian » Scanning Library Cards on Smartphones :: Brian Herzog | Bibliothèque et Techno | Scoop.it Says:

    [...] Swiss Army Librarian » Scanning Library Cards on Smartphones :: Brian Herzog Swiss Army Librarian is a blog by Brian Herzog mostly about library and technology issues relating to public libraries… Source: http://www.swissarmylibrarian.net [...]

  30. finger scan Says:

    I must say thank you very much and looking forward to seeing your article soon.

  31. Darleen Says:

    Hi – Do you know what the brand of the FashCash scanner is that works? As we have tried the Wasp and it is not working well at all, but we require to be able to read Barcodes from smartphones – format 12 EAN preferable.

  32. Brian Herzog Says:

    @Darleen: I don’t know, but in talking with some other librarians, it looks like the FaceCash scanner isn’t quite up to library requirements. It definitely works, but doesn’t come with a stand, and requires pulling a trigger to scan a card, instead of being motion-activated.

    The Groton, MA, library did a little more research and ultimately went with the Unitech MS335 (http://www.geminicomputersinc.com/ms335-xug.html) – long range, USB, and on a hands-free stand, $103 with stand and free shipping. The only problem they had was that it didn’t read the barcodes on newer library cards. Apparently they are Codabar encoded and the scanner ships with Codabar support turned off. They contacted Unitech and tech support sent them a barcode to enable Codabar support, and that seemed to fix everything.

  33. Shorten urls service make money Says:

    of course like your web site but you need to check the spelling on quite a few of your posts. A number of them are rife with spelling issues and I to find it very bothersome to inform the reality then again I will definitely come back again.

  34. Two phones and a barcode | Civica Library & Learning Blog Says:

    [...] One of the neat things that can be done with smart phone applications is storing barcodes. [...]

  35. bank credit reference letter sample Says:

    bank credit reference letter sample…

    [...]Swiss Army Librarian » Scanning Library Cards on Smartphones :: Brian Herzog[...]…

  36. Chocolate hills Says:

    rEward berries storage units is a present that will arrives filled with selection of many fruits. It may either be generated with the person or even purchased in any shop who’ll …special valentine

  37. Swiss Army Librarian » CCD Scanner at the Circulation Desk :: Brian Herzog Says:

    [...] Circulation Desk    February 15th, 2012 Almost exactly a year ago, I posted about scanning library cards on smartphones. While the FaceCash scanner I ordered worked, it wasn't designed to be used for library purposes, [...]

  38. Scanning Library Cards on Smartphones « adinfbu Says:

    [...] Herzog @ Swiss Army LibrarianSee on http://www.swissarmylibrarian.net Partager:TwitterFacebookJ'aimeJ'aime  article ← Article [...]

  39. World of Gadgets | Scanning a Library Card on an iPhone Says:

    [...] Scanning a Library Card on an iPhone Image by herzogbr Read about scanning barcodes from smartphones on my website. [...]

  40. Librageous! » Blog Archive » Hello, Do You Have Your Smartphone? Says:

    [...] Over at Swiss Army Librarian, there’s a fantastic write-up of the idea, along with a fantastic discussion in the comments.  Check it out here! [...]