Can Indala FlexPass Cards Be Cloned? PSK vs. FlexSecur Explained
Standard Indala FlexPass 26-bit cards — the most common Indala credential found in commercial and residential buildings across North America — can be reproduced from their facility code and card number data. If your system uses base FPCRD or FPISO cards without the FlexSecur encryption layer, compatible replacement cards programmed to your site’s specifications are available directly from American Key Cards. If your system uses Indala ASP / FlexSecur, that is a different situation entirely: those credentials cannot be copied or sourced from any third party, and this article explains exactly why.
What Indala FlexPass Actually Is
Indala FlexPass is a 125 kHz passive proximity credential originally developed by Motorola and later acquired by HID Global. It is widely deployed in legacy commercial office buildings, multi-tenant residential properties, universities, and parking facilities.
The format operates on the same 125 kHz carrier frequency as HID Prox — but the similarity stops there. Indala uses PSK (Phase Shift Keying) modulation for its air interface, while HID Prox uses ASK/FSK modulation. These are two distinct electrical signaling schemes. A card designed for one system cannot be read by a reader designed for the other, even though both frequencies are identical. This is one of the most common sources of confusion among facility managers who assume any 125 kHz card will work in any 125 kHz reader.
The chip inside an Indala FlexPass card is a proprietary 172-bit read-only RFID coil, PSK-modulated, and not interchangeable with HID Prox hardware. When a card passes through an Indala reader — such as an HID Indala 603, 610, FP4511A, or FP3521A — the reader decodes the PSK signal and forwards the standard 26-bit Wiegand data stream to the access control panel. The panel sees the same facility code and card number it would see from any Wiegand credential.
OEM Part Numbers
The primary Indala FlexPass card SKUs are FPCRD-SSSMW-0000 (ISO card) and FPISO-SSSCNA-0000 (printable ISO card). These are the standard, unencrypted 26-bit variants. The OEM reader part numbers most commonly found in the field are FP4511A (mullion) and FP3521A (single-gang). American Key Cards supplies compatible cards and key fobs for these installations, programmed to your facility code — compatible by specification, not affiliated with HID Global or Motorola.
The 26-Bit Format: What the Data Looks Like
Indala FlexPass 26-bit uses the standard H10301-compatible Wiegand output format: a facility code from 1 to 255 and a card number from 1 to 65,535. The reader handles the PSK decoding; the panel receives identical data to what it would receive from any other 26-bit Wiegand credential.
| Parameter | Standard Indala FlexPass 26-Bit |
|---|---|
| Carrier frequency | 125 kHz |
| Modulation (air interface) | PSK (Phase Shift Keying) |
| Wiegand output | 26-bit H10301 |
| Facility code range | 1 to 255 |
| Card number range | 1 to 65,535 |
| Encryption | None (base format) |
| Cloneable | Yes |
| FlexSecur variant | Not cloneable (see below) |
| AKC compatible card | Yes |
Because the underlying 26-bit data is unencrypted and the format is well-documented, a card programmed to the same facility code and card number as an existing card will function identically in any Indala PSK reader. This is the basis for how compatible replacement cards work — and why the honest answer to “can Indala FlexPass be cloned?” is yes, for the standard 26-bit format.
Why Compatible Cards Are Different From Cloned Cards
There is an important distinction worth making clearly.
Cloning typically refers to copying a specific credential by electronically reading it and writing that data to a blank card — often without the cardholder’s or facility manager’s knowledge. It is associated with unauthorized duplication.
Compatible card production is something different. American Key Cards programs cards to the facility code and card number range that you, the system owner, provide when placing an order. This is the same process used by any authorized access control installer or card bureau. You are issuing new credentials to your own system — not copying someone else’s. The technical mechanism (programming a card to a known facility code and card number) is the same, but the context and authorization are entirely different.
If you are a property manager who needs 20 replacement cards for a building using Indala 603 readers, you provide your facility code and the card numbers you want, and we produce programmed cards that work on your system. No existing card needs to be present.
Identifying Your Indala Reader
Before ordering, confirm that your building actually uses Indala readers. The most common Indala readers in North American buildings are:
- HID Indala 603 FlexPass reader — compact single-gang profile, reads standard Indala PSK cards
- HID Indala 610 Mid-Range reader — longer read range, used in higher-traffic entrances
- HID Indala FP4511A Mullion reader — slim form factor for narrow door frames
- HID Indala FP3521A — standard proximity reader
These readers carry HID Global branding (since HID acquired the Indala product line from Motorola). If you see “Indala” or “FlexPass” on the reader housing, or find model numbers like FP4511A or FP3521A in your documentation, you are working with an Indala PSK system and will need Indala-compatible credentials — not standard HID Prox cards.
For more detail on confirming your format, see the full Indala FlexPass 26-bit format guide.
The FlexSecur Exception: Where Cloning Is Not Possible
The picture changes completely if your system uses Indala ASP / FlexSecur credentials.
FlexSecur adds a site-specific encryption layer to the Indala 125 kHz platform. Before a FlexSecur card is manufactured, the card data is encrypted with a unique key assigned to your specific site. Only the FlexSecur-configured ASP+ reader on your site holds the matching decryption key. A FlexSecur card from Site A will be rejected outright by a FlexSecur reader from Site B — even if the facility code and card number are identical.
Because the encryption key is site-specific and is held exclusively by HID Global, no third party — including American Key Cards — can produce compatible FlexSecur replacement cards. There is no workaround. If you have FlexSecur cards, you must source replacements through HID Global or an authorized Indala ASP+ dealer. Standard Indala 26-bit cards will also not work in a FlexSecur reader; the reader rejects any card that does not pass the decryption check before even forwarding data to the panel.
You can identify FlexSecur cards and readers by looking for the “ASP” or “ASP+” designation in the reader model number, or by checking your original installation documentation for the FlexSecur option. The physical card may look identical to a standard Indala card, which is another reason to verify with your installer.
For a full explanation of the FlexSecur format and why third-party supply is not possible, see our guide on Indala ASP / FlexSecur.
How Standard Indala 26-Bit Compares to Related Formats
If you are researching Indala credentials, you may also encounter the Indala 27-bit format. This is a proprietary Indala-specific structure (not based on H10301) that expands the facility code field to 13 bits, supporting up to 8,191 unique facility codes instead of 255. It uses the same PSK modulation and Indala reader hardware but requires the reader and panel to be configured for 27-bit output. Standard 26-bit and 27-bit Indala cards are not interchangeable on the same system. American Key Cards also supplies Indala 27-bit compatible cards for installations using the extended format.
Ordering Compatible Indala FlexPass Cards
To order AKC Indala FlexPass 26-bit compatible cards or key fobs, you need two pieces of information:
- Facility code — a number from 1 to 255, printed on your existing cards or available from your installer’s records
- Card number range — the specific card numbers you want programmed (1 to 65,535 per facility)
Cards are programmed before shipment. There are no minimum order quantities that would force you to overbuy. Compatible cards work as drop-in replacements in existing Indala 603, 610, FP4511A, and FP3521A reader installations.
Because compatible cards cost significantly less than OEM replacements sourced through HID Global’s distribution channel, the savings compound quickly on multi-unit residential buildings, parking facilities, and campus installations where credential turnover is regular.
A Note on Security for Indala 26-Bit Systems
Standard Indala 26-bit credentials — like all unencrypted 125 kHz proximity cards — offer convenience and reliable read performance, but they do not provide strong identity assurance. Any reader equipped with commercially available RFID tools can capture the credential data from a card within read range, and that data can be used to produce a functional copy.
If your security requirements include clone-resistance, the correct path is to upgrade to a 13.56 MHz smart card platform with mutual authentication (such as MIFARE DESFire EV2/EV3 or HID iCLASS SE) rather than relying on Indala PSK to prevent duplication. The honest answer is that no 125 kHz proximity format without a hardware encryption layer — HID Prox, AWID, Indala, Kantech ioProx — can prevent a determined attacker with the right equipment.
What compatible cards do provide is a legitimate, cost-effective way for building managers to issue replacement credentials for their own systems without going through OEM dealer channels.
Ready to Order Indala FlexPass Replacement Cards?
If you manage a building or campus running Indala 603 or 610 readers and need compatible 26-bit FlexPass cards or fobs, American Key Cards can supply them programmed to your facility code with no dealer account required. Visit our Indala FlexPass 26-bit format page to confirm compatibility, or contact us with your facility code, card number range, and quantity — we will confirm availability and turnaround time.
Frequently asked questions
Can standard Indala FlexPass 26-bit cards be cloned?
Yes. Standard Indala FlexPass 26-bit cards carry no encryption. The facility code and card number data are transmitted in the clear during a read, and those values are all that is needed to produce a functioning replacement card. A card programmed to the same facility code and card number will operate identically in any Indala PSK reader.
What is the difference between standard Indala 26-bit and FlexSecur?
Standard Indala 26-bit (FPCRD, FPISO) transmits unencrypted PSK-modulated data and can be reproduced from known facility and card numbers. FlexSecur (Indala ASP) adds a site-specific encryption layer between card and reader. Without the site encryption key — held exclusively by HID Global — FlexSecur cards cannot be duplicated by any third party.
Will an HID ProxCard work in an Indala reader?
No. Indala and HID Prox share the same 125 kHz carrier frequency but use fundamentally different air-interface modulation schemes. Indala uses PSK (Phase Shift Keying); HID Prox uses ASK/FSK. The two systems are electrically incompatible at the card-to-reader layer, even though both deliver standard 26-bit Wiegand data to the access control panel.
What information do I need to order compatible Indala FlexPass replacement cards from American Key Cards?
You need your facility code (a number from 1 to 255) and the card number or range you want programmed (1 to 65,535). Both values are typically printed on your existing card label or are available from the original system installer's records. We program each card to your exact specifications.
