MIFARE Plus Compatible Cards & Fobs
MIFARE Plus is NXP's drop-in AES-128 upgrade path for MIFARE Classic infrastructure, offering backward-compatible SL1 mode (readable by Classic readers) and fully secure SL3 mode (AES-128, not cloneable) on a single card platform.
MIFARE Plus operates at 13.56 MHz per ISO/IEC 14443 Type A and implements AES-128 hardware encryption while maintaining physical and protocol compatibility with MIFARE Classic readers in SL1 mode, making it the preferred migration card for operators retiring CRYPTO1 without replacing all readers simultaneously. At SL3, the card's authentication, data confidentiality, and message integrity are all protected by AES-128 and the card cannot be cloned, putting it on par with DESFire EV1 in practical security — though DESFire EV2/EV3 remain preferred for new multi-application deployments.
MIFARE Plus specifications
- Brand / OEM
- NXP Semiconductors
- Technology
- Contactless smart card (ISO/IEC 14443 Type A)
- Frequency
- 13.56 MHz
- Chip
- NXP MF1PLUS (EV2: MF1P(H)x2); available in 2K and 4K memory variants; AES-128 hardware encryption; security levels SL0–SL3; 4-byte or 7-byte UID
- Bit formats
- 26-bit Wiegand (H10301) in SL1 mode (Classic-compatible), 37-bit Wiegand in SL1 mode, AES-secured proprietary formats in SL3 mode
- OEM part numbers
- MF1SPLUS6001DUD, MF1SPLUS8001DUD, MF1PLUS6001DUD, MF1PLUS8001DUD, MF1SPLUS6011DUD, MF1SPLUS8011DUD, MF1SEP10y1UD
Our compatible MIFARE Plus credentials
American Key Cards manufactures non-OEM credentials engineered to work with your existing MIFARE readers — no hardware changes, encoded to your facility code and card-number range.
Can MIFARE Plus cards be copied?
No. MIFARE Plus relies on secure encryption, so it cannot be cloned from an existing card. This is a security strength, not a limitation of our service.
Where MIFARE Plus is used
- Legacy MIFARE Classic reader infrastructure being upgraded to AES security (SL3 migration path)
- Campus access control requiring backward reader compatibility during phased rollout
- Public transit systems transitioning from Classic to AES credentials
- Enterprise access control with mixed Classic and AES reader fleets
- Healthcare and government facilities requiring a Classic-to-AES upgrade path
Compatible readers
Related formats
You might also need
MIFARE Classic 1K
MIFARE Classic 1K is the world's most-deployed contactless smart card format, running at 13.56 MHz with 1 KB of CRYPTO1-protected memory across 16 sectors — widely used in legacy access control and hotel lock systems but known to be cloneable.
View compatible cardsMIFARE DESFire EV2
MIFARE DESFire EV2 is NXP's second-generation multi-application secure card with EAL5+ certification, AES-128 encryption, anti-relay proximity check, and Transaction MAC — not cloneable, widely deployed in enterprise and government access control.
View compatible cardsHID iCLASS SE
HID iCLASS SE is the second-generation 13.56 MHz smart card platform, introducing Secure Identity Objects (SIOs) and AES encryption to make credential cloning technically infeasible.
View compatible cardsMIFARE Plus — FAQ
Is MIFARE Plus secure against cloning?
It depends on the security level. In SL1 (MIFARE Classic backward-compatibility mode) the card uses CRYPTO1 and is cloneable. In SL3, the card operates entirely on AES-128 and cannot be cloned — all authentication, confidentiality, and integrity are AES-protected. AKC supplies Plus cards in SL1 by default; SL3 personalization requires the operator's AES keys.
Can MIFARE Plus cards work with my existing MIFARE Classic readers?
Yes — in SL1 mode, MIFARE Plus is fully backward compatible with MIFARE Classic 1K or 4K readers. The card responds exactly as a Classic card would. This makes it ideal for phased infrastructure upgrades where readers are replaced over time.
What is the difference between MIFARE Plus SL1, SL2, and SL3?
SL1 uses CRYPTO1 (Classic-compatible, cloneable). SL2 uses AES-128 for authentication but CRYPTO1 for data confidentiality — a transitional mode. SL3 uses AES-128 for authentication, communication confidentiality, and integrity — fully secure and not cloneable. Most security-conscious deployments target SL3.