Why Enterprise Mobile Credential Pilots Keep Stalling
The pattern is remarkably consistent. A CSO champions a mobile credential pilot. IT provisions 200 employees. The pilot works. Satisfaction scores are high. The business case looks promising.
Then the CSO requests budget for full deployment — and the conversation changes.
The three walls
Enterprise mobile credential pilots hit three walls when they try to scale.
Wall 1: Per-user economics. The pilot budget absorbed the credential cost for 200 users — maybe $2,000/year. Full deployment at 5,000 users is $50,000/year. The CFO asks why the company should pay an ongoing per-user fee for something that replaces a one-time badge cost. The CSO doesn’t have a good answer because there isn’t one. The economic model doesn’t improve at scale — it gets worse. The per-user credential tax is the fundamental structural problem.
Wall 2: App adoption resistance. Proprietary mobile credential systems require employees to download the vendor’s app, create an account, and keep the app installed. For a 200-person pilot of tech-savvy early adopters, this works. For a 5,000-person deployment that includes facilities staff, contractors, and employees who resist installing work apps on personal phones — it doesn’t. IT ends up managing a support queue for app installation issues instead of focusing on security.
Wall 3: Cloud dependency for door access. Most mobile credential systems validate credentials against the vendor’s cloud for every door opening. This means every door in the building depends on internet connectivity and the vendor’s cloud availability. IT security teams flag this during the full deployment review: “What happens when the vendor’s cloud goes down? All doors fail?” The vendor says “local fallback mode” — but the fallback is often a degraded experience with limited functionality. For facilities managing critical infrastructure, data centers, or regulated spaces, a cloud dependency for door access is a non-starter.
What breaks the pattern
Pilots scale when the three walls are removed.
Remove per-user fees. If the credential isn’t a vendor-issued proprietary token but a verification of the employee’s existing government-issued digital ID, the per-user fee disappears. The software platform has a cost — but it’s per-station or per-site, not per-user. The economics improve with scale instead of getting worse.
Remove the app requirement. If the credential lives in the employee’s native phone wallet (or is verified directly from their digital driver’s license), there’s no proprietary app to install, no account to create, no app update to manage. IT support tickets for “my mobile credential app isn’t working” go to zero.
Remove cloud dependency for door access. If access decisions happen on the panel — locally, against a cached credential manifest — then cloud outages don’t affect door access. The cloud handles enrollment, manifest distribution, and analytics. It’s never in the critical path of a door opening. IT security signs off because the architecture matches their threat model.
These three changes — identity-based credentials instead of vendor-issued tokens, wallet-native instead of app-dependent, on-panel decisions instead of cloud-dependent — are the architectural differences between pilots that stall and deployments that scale.
The existing infrastructure question
The fourth question that kills pilots: “Does this require ripping out our existing access control system?”
If the answer is yes — new panels, new readers, new PACS software — the deployment timeline extends from months to years, and the capital cost dwarfs the operational savings. The pilot stalls because the full deployment is a construction project, not a software rollout.
The KeyShare approach deploys as software on existing Mercury controllers with a configuration tab inside existing PACS consoles (LenelS2, Genetec, Acre, RS2, Access It). The only physical change is NFC reader upgrades at the door edge — and those can be phased by floor, building, or priority zone. The PACS infrastructure, the panel wiring, and the access rules remain unchanged.
That’s the difference between a pilot that scales in weeks and a pilot that stalls in budget review.
See how identity-based access deploys on your existing infrastructure →
