ICT Protege GX / WX Compatible Proximity Card Guide
ICT Protege GX and WX access control systems accept standard 125 kHz proximity cards on reader ports configured for Wiegand input — no ICT-branded credential is required for those readers. American Key Cards supplies compatible 125 kHz proximity clamshell cards and key fobs, programmed to your facility code and card number range, that work as drop-in replacements on ICT’s standard prox reader ports. If your Protege installation uses ICT’s encrypted 13.56 MHz DESFire smart card credential (the tSec or G-Prox II), that card cannot be reproduced by any aftermarket supplier — we address both scenarios honestly below.
What Is the ICT Protege System?
ICT (Integrated Control Technology) is a New Zealand-based access control and security manufacturer whose Protege GX and Protege WX platforms are dominant in Australasia and growing across commercial and enterprise installations in North America. Protege is a full-featured access control system — integrated with intrusion detection, video, and building management — that supports both legacy proximity credentials and ICT’s modern smart card ecosystem.
The platform has Gallagher/Cardax heritage in its reader architecture, meaning it is designed to be flexible across credential types rather than locked to a single format. That flexibility is what makes standard 125 kHz proximity cards a practical option for many Protege installations, particularly those that were commissioned with legacy prox readers or that are managing a phased credential upgrade.
Two Credential Types on One Platform
ICT Protege systems can operate with two fundamentally different credential technologies simultaneously, and it matters which type your readers use before you order any replacement cards.
Standard 125 kHz proximity credentials operate at 125 kHz using an EM4100-class passive IC. These cards output 26-bit Wiegand data (H10301 format) to the access panel and require no cryptographic exchange with the reader. They are what most ICT Protege installations in commercial buildings currently use on door readers, and they are what American Key Cards supplies. OEM part numbers for the proximity-only card and fob are PRT-CRD-H (card) and PRT-FOB-H (fob).
ICT DESFire smart credentials operate at 13.56 MHz using MIFARE DESFire EV1 with ICT’s proprietary sector encoding. The relevant OEM credentials are the tSec card, PRT-CRD-DES, and the dual-technology G-Prox II card. These credentials carry an encrypted application on the DESFire chip that is tethered to ICT’s issuance infrastructure. No aftermarket supplier — including American Key Cards — can reproduce or clone them. If your Protege installation exclusively uses DESFire credentials, you must source replacements through ICT or an authorized ICT dealer.
The distinction matters because buying the wrong credential type results in cards that do not read, not cards that read incorrectly.
Which ICT Readers Accept Standard Proximity Cards?
The following ICT reader models accept standard 125 kHz proximity cards on their prox input:
- ICT Vario Prox Card Reader — 125 kHz only; reads standard EM4100 and Wiegand prox cards
- ICT tSec Combo reader — dual-frequency (125 kHz + 13.56 MHz); accepts standard prox cards when configured for Wiegand proximity input
- ICT tSec Extra Combo reader — same as above with added Bluetooth support
- Legacy Gallagher/Cardax proximity readers — where Protege GX has been installed into an existing Cardax infrastructure using backward-compatible Wiegand input
- Any third-party Wiegand 26-bit reader connected to a Protege controller
The tSec Combo and tSec Extra Combo are ICT’s current multi-technology readers. They support both credential types, so a site can run standard prox cards on one door and DESFire credentials on another — or transition from prox to DESFire gradually without replacing hardware.
ICT Protege Format Specs
The standard proximity layer on ICT Protege systems uses the same format as the broader 26-bit Wiegand ecosystem:
| Property | ICT Protege 125 kHz Prox | Detail |
|---|---|---|
| Frequency | 125 kHz | Passive inductive, read range 2–8 cm typical |
| Chip | EM4100-class 125 kHz IC | Same technology family as most standard prox |
| Bit format | 26-bit Wiegand H10301 | 1 even parity + 8-bit facility code + 16-bit card number + 1 odd parity |
| Facility code range | 0–255 | Encoded at manufacture |
| Card number range | 0–65,535 | Encoded at manufacture |
| OEM card part | PRT-CRD-H | ICT-branded ISO card, standard prox encoding |
| OEM fob part | PRT-FOB-H | ICT-branded key fob, standard prox encoding |
| Cloneable | Yes | No encryption; reproducible from facility code + card number |
For the DESFire layer: PRT-CRD-DES and tSec card credentials operate at 13.56 MHz with ICT’s proprietary DESFire EV1 application encoding. These are not cloneable and cannot be sourced from any third party. The G-Prox II card combines both layers in a dual-technology body.
How to Identify Your Proximity Format
Before ordering any replacement credentials, confirm that your ICT Protege doors are running standard proximity readers, not DESFire-only readers.
Look at the reader hardware. The ICT Vario Prox reader has “Prox” in its product name and has no NFC antenna visible. The tSec Combo has a distinct logo and usually a color ring indicating multi-technology support. Reader labels and installation documentation will list the model number.
Look at your existing cards. ICT’s standard proximity cards (PRT-CRD-H) typically have a card number and facility code printed on the label or card back. ICT DESFire credentials (PRT-CRD-DES, tSec card) will often be labeled as “tSec” or show a contactless smart card symbol alongside the ICT branding. If the card has only a single logo or serial number with no smart card symbol, it is likely a standard prox credential.
Check your Protege GX or WX configuration. The Protege software shows credential type in the card holder database. If card numbers are short numeric values with a facility code field, those are standard Wiegand proximity credentials that AKC can supply.
AKC’s Compatible Cards for ICT Protege
American Key Cards supplies the AKC ICT Protege-Compatible 125 kHz Proximity Card and AKC ICT Protege-Compatible 125 kHz Proximity Fob — both programmed to your exact facility code and card number range before shipping.
These are compatible by specification, not affiliated with or endorsed by Integrated Control Technology Ltd. The cards use the same EM4100-class 125 kHz IC and the same 26-bit Wiegand H10301 encoding as ICT’s PRT-CRD-H and PRT-FOB-H products. They will read on any ICT reader or Wiegand-compatible reader configured for standard proximity input.
Our cards are available in clamshell and ISO form factors. Key fobs are available in standard keyring format. If you need sequential card numbering (e.g., cards 201 through 250 with your facility code printed on the label), specify that when ordering.
Can ICT Protege Proximity Cards Be Cloned?
The standard 125 kHz proximity side of the ICT Protege credential is not encrypted. An EM4100-class card stores its facility code and card number in plain form on the IC, and that data can be read with commercially available RFID tools. A blank T5577 chip programmed with the same facility code and card number will function in a standard prox reader.
This is a property of the 125 kHz proximity technology broadly — not specific to ICT. The same is true of HID H10301, AWID 26-bit, EM4100, and most other legacy 125 kHz credentials. See our HID H10301 format guide for more on how the 26-bit Wiegand ecosystem handles this.
For organizations that need cryptographic credential protection, ICT’s DESFire smart card ecosystem (tSec credentials, G-Prox II) is the appropriate upgrade path. Those credentials use MIFARE DESFire EV1 with ICT’s proprietary sector encoding and cannot be cloned. See our MIFARE DESFire overview for context on why 13.56 MHz smart credentials are meaningfully different from 125 kHz proximity cards.
Why Standard Prox Cards Are Still Common on Protege Systems
Several practical factors keep standard 125 kHz proximity relevant on ICT Protege installations:
- Legacy infrastructure. Properties migrating from Cardax or Gallagher installations often have 125 kHz readers already wired to the Protege controller that are not due for hardware replacement.
- Cost. Standard 26-bit proximity credentials are significantly less expensive than DESFire smart credentials per card — important for high-turnover environments or large deployments.
- Mixed-mode flexibility. Protege GX and WX manage standard prox credentials and DESFire credentials in the same database. The ICT tSec Combo supports both technologies per-door, so operators can transition gradually.
ICT Protege’s 125 kHz prox side is part of the broader 26-bit Wiegand H10301 ecosystem. Unlike AWID or Kantech ioProx — which use proprietary air-interface encoding — ICT’s prox layer uses the open EM4100/26-bit Wiegand protocol. Cards programmed for ICT Protege prox readers will also read on any other Wiegand 26-bit reader, and ordering is straightforward: supply a facility code and card number range.
The ICT-specific element is the DESFire smart card layer — the tSec and G-Prox II credentials — where ICT has introduced proprietary technology that ties credentials to its issuance infrastructure. That layer is genuinely locked. The 125 kHz prox layer is not.
What to Have Ready When Ordering
Before placing an order for ICT Protege-compatible proximity cards or fobs, have the following ready:
- Your facility code (0–255), found on existing card labels or in the Protege GX/WX credential database
- The card number range you need programmed (0–65,535)
- Quantity and form factor — clamshell card, ISO card, or key fob
- Any sequential numbering or printing requirements for the card surface
- Confirmation that your readers are configured for standard 125 kHz proximity input (not DESFire-only)
If you are unsure whether your readers accept standard prox cards, contact us before ordering and we will help you confirm compatibility based on the reader model numbers at your doors.
Ready to Order?
American Key Cards ships ICT Protege-compatible 125 kHz proximity cards and fobs directly to property managers, security managers, and integrators — no OEM dealer account required. View the full ICT Protege format details for technical specifications, or contact us to get a quote with your facility code and card number range. We program every order to specification and ship ready to enroll in your Protege system.
Frequently asked questions
Can American Key Cards supply credentials for an ICT Protege system?
Yes, for installations where readers are configured for standard 125 kHz proximity input. ICT Protege GX and WX platforms accept EM4100-class and 26-bit Wiegand cards on legacy prox reader ports. AKC supplies compatible clamshell cards and fobs programmed to your facility code that read directly on ICT's 125 kHz proximity readers. We cannot supply ICT's encrypted DESFire smart card credentials.
Does ICT Protege require ICT-branded cards, or will standard prox cards work?
Standard 125 kHz proximity cards work on ICT Protege reader ports configured for Wiegand input — no ICT-branded credential is required. The ICT tSec Combo reader is a dual-frequency device that accepts both standard prox cards and ICT's DESFire smart credentials depending on reader configuration. Many Protege deployments in commercial buildings continue to run on standard proximity cards.
What is the difference between ICT's G-Prox II credential and a standard prox card?
The G-Prox II is ICT's dual-technology credential combining a 125 kHz proximity layer with 13.56 MHz DESFire EV1 smart card capability. Standard 125 kHz proximity cards — the EM4100-class credentials AKC supplies — are single-frequency and work on any ICT reader port accepting standard Wiegand proximity input. They do not carry the DESFire layer.
What information do I need to order ICT Protege-compatible proximity cards?
You need your facility code and the card number range you want programmed. These are available from your existing cards (often printed on the card label), from your access control software's credential database, or from the original installer's commissioning records. AKC programs each card to your exact facility code and card number before shipping.
