Practical Solutions To Piggybacking and Tailgating

By Brian Rhodes, Published Feb 12, 2015, 12:00am EST (Info+)

Piggybacking and tailgating are two of access control's biggest threats. In this note, we share survey results from more than 100 integrators about the specific steps they have implemented to solve them.

Results

We asked "How do you deal with the problems of users sharing credentials (ie: Piggybacking) or holding doors open for others (ie: Tailgating)?"

More than 100 integrators and end users responded. A breakdown of their answers into common groups is given below:

*** **** * **** ********* ** all ******* ** ***** *****:

The ***** *******

*** ***** *** ********, *** *** problems ** ****** ** **** ******** are ************ ********* ** ******* *** resolve **** *********** ****** ******* *******. These ****** *** ******** ******* **:

  • **********: ** ********* *** **** ** users ******* **** ***** ** ***** more **** *** **** ** **** in *** ****** ******* ******: ********** ****. ****** ******* ******* **** * difficult **** ********** *** *******, ** they **** ******* ***** ** ******** doors; *** *** **** **** *** opened.
  • ********: * ******* ******* ** ********** sharing (************ ****** '********') *** ** users handing their *********** ** *** ****** ****** you ******* * ***** ** *** door, *** ** *** *********, *** so **. ****** ******* ***** ******* methods ** ********* *********, ******, ** even ****** ****** ****** '****-********', *** the *** ** ********* ******* **** can ******* *** *******. ** ******** the ******* ** *** ******** ******* ****.

Answers *******

********* ********* **** **** *** ********* methods ** ******* ** ******** *** risk. **** **** **% ** *** responses ********* **** **** *** ****** of ******* *** **** **** **% mentioned *** ** ****.

**** **** ****, *** ******* ***** were *** **** ******** *****:

  • *******:*** **** ****** ******** ******** ***** surveillance ******* ** ****** *** ****** no ****** *** ********* ** ****** points.
  • **********:*** **** ****** '******' ****** **** using **********, ********* *****, ** ******** to ********** ******* **** **** ** single person ***** ** *** ****.
  • *******:*** **** ****** '****' ******* ** those **** ********** ** ********* ******* the **** *** *** *** ** signs ** ****** ****** **** ******** the ****** ******* ****** ** ********** security ********.
  • *******:***** **% ** ********* **** **** simply ** ******* ***** *** *****.  Either ********** ** ** *** ******, or ** ** *** ****** ** a **** ** ******* ***************.

Key ******

** *** ******** *****, ** **** the ********** ********** *********** **** ** controlling ** ********** *** ********** *** pass **** *******:

***** ***********: ******* *********** ******* **** ****** is * ******* ********, **** **** responses ********** ** ** *** ***** option **** **** ****** **** *****:

  • "********* ** *** ******** ****** ********** doors\gates ** ***** **** **** ********** security *******"
  • "** ******* **** ******* ******** *** ***** and **** * ******** ****** ***** with ****** ******* ****** **** ***** a **** ***** **** * **** or ****** ** ******."
  • "*** ******** ****** ** *** ****** for ***** ****** ***** ** *** a ******** **** ******* ** *** suspected ****/**** ** *** ****** ****** does *** ***** *** ********."
  • "*********** ***** ** * ************** *** and ******** *********."
  • "** ******* ******* **** ** *** door ** * **** ***** ** attached ***** **** ***** ** **** read. **'* **** ** ** *** owner ** ******* ***** ******."

*******, ****** ***** ** ******** ********* or **********/******** ****** *********, ** ** not * ***** ******** *** *** problems.  **** ******* ******* ***** **** are ******* ******* ** ********* ****** view ******** *** ****** *********** *** be ******* **** **** ** *** issues *** *** ******** ********* ** paired **** ***** *******.  

Strict ********

***** ********** **** *** ******* ******** to ********** ** ******* *** ***** directly.  *********** ******** **** **********, ** 'hard ************' *** **** ** ******** physically ******* ******.

**********

** **** *****, ***** ******* ******** that ******* ******* *** **** ****** enter ** *** ****.  *** ********** risk ** ****** ****** **********, ***** a **** ****** ** ******* ** held **** *** ******.  ******, ** order ** ******* *** *********, **** user **** ******* * **********.

  • "** ** ** * **** ******** application, ** ********* *** ************ ** a ********* **** ********."
  • "*** ******* *** ** ** ******* card ********** **********. ***** **** *** one ****** ******* ** * ****. It's *** *** ******** ******."
  • "*** ****, ** ******."
  • "********* **** (**** **** ********), **** checks ***** ***** ******* **** ******* Letters ***** ** ***** ****."
  • "******* ********** ** ******* ** ***** security *****."
  • "**********- * **** ***** ******** ******** and ******* ******** ****** *** **** volume *****."

**** *** (************)

** * ****** ******, ***** ********* hard ************ ******** ** ******** **** credentials **** ***** **** *** ** sequence.  **** ********* ***** * **** cannot ** **** ** *** **** reader ***** (********** ** ***** **********) without ***** **** ***** ** ***** readers.  ** **** *****, *** ******* flow ** ***** ** ** ****** controlled ******** *** **** ****** ** simply ******* ** '********' ** ****** credential **** ******* * *********, *****, or ******.

  • "** * ****-****** ****** **** ** area ** ******* *** **** *** tries ** *** *** **** ** any ***** **** ******* ***** ******* the ******** ****, *** **** ** disabled *** * ****** **** ** his ********** ** ***/*****."
  • "** ****** *** ******* **** ***** cards *** ** **** ***-**-****. ** works."
  • "*** ******* **** ********* ****** **** passback ** *****.  ********** ** *** possible ******* ** *** **********."
  • "** *** ************ **** ***** *** a **** ** **** **** ***** scanning ** ** *** ** * previous ****."

******

***** ***** ******** ********** ******** ** access ***** ** ****** *** ****, and **** ****** ******** ********* ******** with ********* **** **** ******:

  • "****** *** ****** ** ***** ****** whether *** ********** *********** *** ******* inside."
  • "****** ********* ****** *** **********."
  • "*** ***** *** ****** ** **** sure **** ***** **** *** ******."
  • "* ***** ******** ***** ********* ****** once ** ***** *** ******* ** the **** ********."
  • "** *** *** ********* ** ********** or ********, *** ****** **** ***** you ** ***********."

Soft ********

***** ***** *** **** *********, *** potentially ***** ******* **** ** ***** risk, *** *** **** *********, **** obtrusive, *** ******* ********* *** **** popular **** ** ******* **** *** issue.

*******

**** ********* ******* ******* ***** ** strong ******** ** *********. ***** ***** nothing ** ******** ******** *** ****, signage ** * ********** ******** ** users ** *** ****** ** ********* the ****** ******.

  • "***** ***** ********* ******** ** ***** surveillance ****** **** ******** ******* ****** entrants ** * **** *********."
  • "** **** ***** ** ****** ****** not ** ********."
  • "********* ******* ******** **** ** **** entrance *** ****."
  • "** ******** *** ***** ****** *** reader *** *** ******* **** ********** with *** ******."
  • "** **** ******* ************, ****** ***** mantraps **** ******** ******* *** *********."

**********

******* ******, ** *** ********, ****** of *********** *** **** ** ** leave *********** *** ******** ** ********* managers. ******* * *** ** *************, procedures, *** ******** *** ******** ******* of ********** *** **** **** *** managed.

  • "***** ******* ** ** *** *****, including ********* ** ***** *** ****** control ***."
  • "** ****** ******* **. **** ** write ******** ***** *****, ** **** explicit ************ ** *** ** ****."
  • "****** *********** **** ****** ************ *******, including ********** ** *****, ****** ********** from ****, ***."
  • "(*** *****) **** **** ** **** ***** employees **** **** ** *** *** it **** ** ****, ****, **** reconcile **** ***** ** ***** **** sheets, *** ********* ********* ** **. If *** **** ** ********** *** the *******, ***** *****, ******* **** do ** ****."
  • "******* *********** ** ******* *** ***** is *** **** ********.  **** ***** most ** *** ****."

Do *******

* ****** ** *********, ***** **%, mentioned **** **** ** *** ******* the ***** ** ***, ** *** response ** ****.  *** ******** ******* is ****** *** ********* ** ** great ****** ** ******* ********** ******** ** additional ***** ** *******.

  • "*** **** *** ** ********* "****" with **** ** **** *** "**** on *** *****" *** ****** *** do ****."
  • "** ** ********* ** ******* *******."
  • "** ** ******, ** ***'* ******. Our ********'* ****'* ****** *** ********* about **."
  • "*** ********* ** *** *** *** risk, ******* ** ****** ** ******** them."
  • "**** ** ******* *********, ** *** bothers **** ********** **.  **** *** a *** ***** ******."

Tough *******

*** ****** ** *****: ******* ******** the ******* ** ********* *** ***** a ****** ** ********* **** ** conjunction.  ******* ******* ********* *** ********** in ******** *** *******, *** *** multiple ******* ******:

  • "*** *** ******** **** *** ***** security **** ** ******* *********. **** have ***** **** *** ***** *******. They **** ********* *****. *** ** ends *****. **** ***** ****-******** *** mustering *** * *** **** *** found *** *** ********* *** ******* was. ***** **** *** *** *****. By *** *** **** ********* **** in *** ********* ********. ***** *** no ********* *** **. ***** ******** thousands ** ******* ** ****** *** traps / **-*** *******, ** *** all ****** ***. ******* ****** ********** authority **** **** *****, ** ***'* happen."
  • "**** ** * ***** *****. ******* of *** ***** **** *********** ******* and *** *** ****** ******* ** a "****-**" ******, ** ** * user *****'* **** ****, *** ****** shows ** ** ****** **** *** absent **** ****. **** ** *** sites **** **** ******** **** **** anti-passback ********. **** ** *** ***** also **** ******* ** *** ***** and *** ***** ****** *** ****** footage *** **** ****** ******* *** people ******* *********** *** **** *** people ******** *** ************ ** **********."

Comments (4)

Interesting information. I would think video analytics would be tailor made for this, along with agressive followup.

Agree
Disagree
Informative
Unhelpful
Funny

Video can document and assess whether a piggy back occured, but doesn't have any means to stop it, right? Unless there's an analytic used as an occupancy sensor in a sallyport/man trap scenario in which only (1) person at a time can occupy the space.

Agree
Disagree
Informative
Unhelpful
Funny

that is why I mentioned agressive followup. Video can not stop it, but it can be used as a teaching tool.

Going one step further, if the analytics were good enough, you could sound an alarm at that door to alert the end user that he just piggy-backed. Bring their attention to it. Piggy backing is a serious issue and will not stop without agressive followup and training.

Keeping unathorized individuals out of your facility is security 101 stuff. An awful lot of serious infractions and penetrations are caused by ignoring seemingly harmless events.

Agree
Disagree
Informative
Unhelpful
Funny

Boon Edam did a tailgating survey. Obviously, it's skewed given their interests / sales but the claims are wild: "More than 50% of those surveyed believe the cost of a breach caused by tailgating would be from $150,000 up to “too high to measure.”

Agree
Disagree
Informative
Unhelpful
Funny
Login to read this IPVM report.
Why do I need to log in?
IPVM conducts reporting, tutorials and software funded by subscriber's payments enabling us to offer the most independent, accurate and in-depth information.
Loading Related Reports