Why complex access control wallets aren't the answer for most organisations
The conversation around digital staff IDs often gets hijacked by access control vendors. Their pitch: your employee’s phone becomes their badge, opening doors and turnstiles via NFC or BLE. It’s slick technology. It’s also wildly overkill for most organisations.
If you don’t have a physical access control system (PACS) — and most organisations under 2,000 people don’t — you don’t need an access control wallet. You need a way for people to prove who they are. That’s a different problem with a much simpler solution.
The access control pitch vs reality
Enterprise badge apps require:
- Infrastructure — door readers, controllers, network cabling
- Vendor apps — every person installs and maintains a proprietary app
- Ongoing licences — per-door, per-user, or both
- IT administration — provisioning, deprovisioning, troubleshooting
This makes sense for a corporate campus with 500 doors to secure. It makes no sense for a school checking student IDs at an event, a security firm verifying contractor identity on-site, or an NDIS provider whose support workers need to show credentials at a client’s home.
What most organisations actually need
Strip away the access control complexity and the core need is simple: a verifiable identity credential that the person carries on their phone.
That’s exactly what Apple Wallet and Google Wallet were designed for. A wallet pass is:
- Always on the phone — in the same place as boarding passes and payment cards
- No app required — works natively in iOS and Android
- Visually clear — shows the person’s photo, name, role, and organisation
- Scannable — QR code for instant verification
- Centrally managed — issue, update, or revoke from the admin platform
The person adds their ID to their wallet once. It’s there when they need it. No app to keep updated, no login to remember, no battery drain from a background service.
The friction problem with vendor apps
Every app you ask someone to install is a barrier. For full-time employees at a desk job, maybe the friction is acceptable. For these people, it usually isn’t:
- Casual staff who work a few shifts a month
- Volunteers who give their time but won’t give their phone storage
- Contractors who already have three other vendor apps installed
- Students who will ignore the email and never set it up
- Support workers who visit clients and need to show credentials quickly
Wallet passes eliminate this friction entirely. The person taps a link, adds the pass, and it’s done. No account creation, no app download, no onboarding flow.
Verification without infrastructure
A wallet ID with a QR code is scannable by any phone with a camera. The verifier doesn’t need a special app either — they scan the QR code, and it confirms the person’s identity against your organisation’s records.
This is “good enough” verification for the vast majority of identity presentation scenarios:
- Reception checking a visitor’s ID
- A client verifying a support worker at their door
- Security confirming a contractor on-site
- A teacher checking student IDs at an excursion
- An event organiser validating membership
You don’t need NFC readers, door controllers, or a PACS system for any of these.
Cost comparison
| Approach | Per-person cost | Infrastructure | App required |
|---|---|---|---|
| Mobile credential via enterprise PACS (e.g. HID Origo, LenelS2 BlueDiamond) | A$15-40/person/year on top of PACS licensing | Door readers, controllers, network cabling, server licensing | Yes (vendor app) |
| Standalone digital ID app (proprietary mobile credential) | A$5-15/person/year | None for verification; sometimes vendor scan-app required | Yes (vendor app) |
| Manual visual ID (printed lanyard only) | A$2-8 per card + reprint costs on changes | Card printer, blanks, ribbons | No |
| Wallet pass (Apple/Google) via CaptrID | Included in plan from A$49/month total, not per-person | None | No |
The wallet pass approach isn’t just cheaper — it’s cheaper and lower friction and easier to manage. The only trade-off is that you don’t get physical access control, which most organisations don’t need.
Where the cost actually lives
Sticker price is only part of the story. The real cost of an access control wallet deployment usually breaks down something like this:
- Licensing: per-user mobile credential licence, often A$15-40/user/year on top of the underlying PACS licensing
- Infrastructure: door readers that support mobile credentials (Bluetooth Low Energy or NFC) typically cost A$400-900 per reader. A 200-employee site with 30 doors is A$12,000-27,000 upfront before any monthly fees
- Implementation: integrator labour for installation, network configuration, PACS integration, and user provisioning workflow. Quotes for small-to-mid deployments routinely land between A$15,000 and A$50,000
- Ongoing administration: provisioning, deprovisioning, lost-phone reissues, troubleshooting “why won’t the door open” tickets. Significantly higher overhead than email-based wallet pass distribution
- App maintenance burden: vendor apps require user training, occasional re-authentication, and OS-update breakage. None of this disappears with mobile credentials — it shifts from the security guard to the helpdesk
For a 500-person organisation moving from manual printed badges to a mobile-credential PACS, the first-year all-in spend often clears A$50,000. The wallet-pass equivalent for the same population on CaptrID’s Business plan is A$2,990/year (A$249/month billed annually) — and that includes the photo capture, approval workflow, card design, and printing as well, not just the digital credential.
Implementation timeline
Beyond cost, deployment timelines are wildly different:
- Mobile credential via PACS: 4-12 weeks for a small-to-mid deployment, longer for multi-site. Includes hardware procurement, network/firewall changes, vendor app rollout, training, and parallel-run with existing badges. Often requires an integrator on the critical path.
- Standalone vendor digital ID app: 2-6 weeks. Faster, but still requires user-facing app rollout, password reset support, and a parallel period while users learn the new tool.
- Wallet pass via CaptrID: Same day. Issue a pass from the admin portal, the recipient gets an email or SMS with an “Add to Apple Wallet” or “Add to Google Wallet” link, and the pass is on their phone in under 30 seconds. No app, no account, no training.
When you do need access control
If you genuinely need to control physical access to spaces — server rooms, restricted floors, secure facilities — then yes, an access control system is appropriate. But that’s a security infrastructure decision, not an identity credential decision.
You can still use wallet IDs for identity presentation everywhere else, and integrate with a PACS system only for the doors that need it. The two aren’t mutually exclusive — most organisations that genuinely need access control end up with wallet IDs for the 95% of staff who only need identity verification, and PACS credentials for the small subset whose doors actually matter.
A practical decision framework
When deciding between wallet IDs and an access control mobile credential, ask:
- Do we have a physical access control system installed today? If no, a mobile credential adds infrastructure costs that wallet passes avoid. If yes, you might extend the existing PACS for the doors that need it and use wallet IDs everywhere else.
- Does our workforce work in one location? If most of your people are at one site with controlled doors, a mobile credential may earn its keep. If your workforce is distributed (NDIS support workers, school photographers, security contractors, sales reps, remote teachers), the credential never touches a reader anyway — it’s used for visual or QR verification, which wallet passes do natively.
- What are we asking the verifier to do? A receptionist scanning a QR code with their phone needs zero infrastructure. A door reader scanning a BLE credential needs hardware, software, and integration. The “infrastructure on the verifier side” is the hidden cost most pitches gloss over.
- What’s the cost of one extra app to our people? Casual staff, volunteers, students, and contractors are all sensitive to app friction. Every install request is a drop-off point. Wallet passes have zero install overhead because the wallet is already on the phone.
- What happens when someone leaves? Revocation on a wallet pass is a database flag — the QR verification page flips to revoked instantly, and a push notification deactivates the pass on the device. Revocation on a mobile credential involves the PACS admin, the credential vendor, and possibly a reissue cycle.
If your answers point toward distributed people, identity-only use cases, and low IT overhead — which describes the majority of Australian schools, RTOs, NDIS providers, care providers, and security firms — wallet IDs are the right answer.
The bottom line
Don’t let access control vendors convince you that every staff ID needs to open a door. Most organisations need identity presentation, not access control. Wallet passes in Apple and Google Wallet solve that problem elegantly, at a fraction of the cost, with zero app friction.
CaptrID issues digital IDs via Apple and Google Wallet with QR verification — no app required. Learn about Wallet IDs or start a free trial.