Practical Solutions To Piggybacking and Tailgating

By Brian Rhodes, Published Feb 12, 2015, 12:00am EST

Piggybacking and tailgating are two of access control's biggest threats. In this note, we share survey results from more than 100 integrators about the specific steps they have implemented to solve them.

Results

We asked "How do you deal with the problems of users sharing credentials (ie: Piggybacking) or holding doors open for others (ie: Tailgating)?"

More than 100 integrators and end users responded. A breakdown of their answers into common groups is given below:

*** **** * **** breakdown ** *** ******* is ***** *****:

The ***** *******

*** ***** *** ********, the *** ******** ** polled ** **** ******** are ************ ********* ** address *** ******* **** traditional ****** ******* *******. These ****** *** ******** defined **:

  • **********: ** ********* *** risk ** ***** ******* open ***** ** ***** more **** *** **** to **** ** *** ****** ******* ******: ********** ****. ****** ******* ******* have * ********* **** preventing *** *******, ** they **** ******* ***** on ******** *****; *** how **** **** *** opened.
  • ********: * ******* ******* is ********** ******* (************ called '********') *** ** users handing their *********** ** *** person ****** *** ******* a ***** ** *** door, *** ** *** turnstile, *** ** **. Access ******* ***** ******* methods ** ********* *********, alarms, ** **** ****** denial ****** '****-********', *** the *** ** ********* readers **** *** ******* the *******. ** ******** the ******* ** *** ******** ******* ****.

Answers *******

********* ********* **** **** ten ********* ******* ** control ** ******** *** risk. **** **** **% of *** ********* ********* more **** *** ****** of ******* *** **** than **% ********* *** or ****.

**** **** ****, *** options ***** **** *** most ******** *****:

  • *******:*** **** ****** ******** involved ***** ************ ******* to ****** *** ****** no ****** *** ********* at ****** ******.
  • **********:*** **** ****** '******' method **** ***** **********, revolving *****, ** ******** to ********** ******* **** than ** ****** ****** ***** at *** ****.
  • *******:*** **** ****** '****' measure ** ***** **** indirectly ** ********* ******* the **** *** *** use ** ***** ** remind ****** **** ******** the ****** ******* ****** or ********** ******** ********.
  • *******:***** **% ** ********* said **** ****** ** nothing ***** *** *****.  Either ********** ** ** too ******, ** ** is *** ****** ** a **** ** ******* countermeasures.

Key ******

** *** ******** *****, we **** *** ********** approaches *********** **** ** controlling ** ********** *** tailgating *** **** **** problem:

***** ***********: ******* *********** ******* with ****** ** * popular ********, **** **** responses ********** ** ** the ***** ****** **** when ****** **** *****:

  • "********* ** *** ******** access ********** *****\***** ** piggy **** **** ********** security *******"
  • "** ******* **** ******* ******** the ***** *** **** a ******** ****** ***** with ****** ******* ****** that ***** * **** every **** * **** or ****** ** ******."
  • "*** ******** ****** ** the ****** *** ***** access ***** ** *** a ******** **** ******* at *** ********* ****/**** if *** ****** ****** does *** ***** *** snapshot."
  • "*********** ***** ** * administration *** *** ******** deterrent."
  • "** ******* ******* **** to *** **** ** a **** ***** ** attached ***** **** ***** of **** ****. **'* then ** ** *** owner ** ******* ***** policy."

*******, ****** ***** ** actively ********* ** **********/******** events *********, ** ** not * ***** ******** for *** ********.  **** placing ******* ***** **** are ******* ******* ** including ****** **** ******** can ****** *********** *** be ******* **** **** if *** ****** *** not ******** ********* ** paired **** ***** *******.  

Strict ********

***** ********** **** *** hardest ******** ** ********** or ******* *** ***** directly.  *********** ******** **** turnstiles, ** '**** ************' are **** ** ******** physically ******* ******.

**********

** **** *****, ***** install ******** **** ******* control *** **** ****** enter ** *** ****.  The ********** **** ** almost ****** **********, ***** a **** ****** ** propped ** **** **** for ******.  ******, ** order ** ******* *** turnstile, **** **** **** present * **********.

  • "** ** ** * high ******** ***********, ** recommend *** ************ ** a ********* **** ********."
  • "*** ******* *** ** to ******* **** ********** turnstiles. ***** **** *** one ****** ******* ** a ****. **'* *** the ******** ******."
  • "*** ****, ** ******."
  • "********* **** (**** **** Tourlock), **** ****** ***** video ******* **** ******* Letters ***** ** ***** file."
  • "******* ********** ** ******* by ***** ******** *****."
  • "**********- * **** ***** Entrance ******** *** ******* Security ****** *** **** volume *****."

**** *** (************)

** * ****** ******, users ********* **** ************ controls ** ******** **** credentials **** ***** **** out ** ********.  **** typically ***** * **** cannot ** **** ** the **** ****** ***** (especially ** ***** **********) without ***** **** ***** at ***** *******.  ** most *****, *** ******* flow ** ***** ** an ****** ********** ******** are **** ****** ** simply ******* ** '********' an ****** ********** **** through * *********, *****, or ******.

  • "** * ****-****** ****** into ** **** ** swiping *** **** *** tries ** *** *** card ** *** ***** area ******* ***** ******* the ******** ****, *** card ** ******** *** a ****** **** ** his ********** ** ***/*****."
  • "** ****** *** ******* that ***** ***** *** if **** ***-**-****. ** works."
  • "*** ******* **** ********* alarms **** ******** ** tried.  ********** ** *** possible ******* ** *** turnstiles."
  • "** *** ************ **** turns *** * **** if **** **** ***** scanning ** ** *** of * ******** ****."

******

***** ***** ******** ********** manpower ** ****** ***** to ****** *** ****, and **** ****** ******** addressed ******** **** ********* when **** ******:

  • "****** *** ****** ** cross ****** ******* *** authorized *********** *** ******* inside."
  • "****** ********* ****** *** **********."
  • "*** ***** *** ****** to **** **** **** stuff **** *** ******."
  • "* ***** ******** ***** reminding ****** **** ** twice *** ******* ** the **** ********."
  • "** *** *** ********* of ********** ** ********, the ****** **** ***** you ** ***********."

Soft ********

***** ***** *** **** stringent, *** *********** ***** systems **** ** ***** risk, *** *** **** expensive, **** *********, *** overall ********* *** **** popular **** ** ******* with *** *****.

*******

**** ********* ******* ******* signs ** ****** ******** is *********. ***** ***** nothing ** ******** ******** the ****, ******* ** a ********** ******** ** users ** *** ****** or ********* *** ****** system.

  • "***** ***** ********* ******** of ***** ************ ****** with ******** ******* ****** entrants ** * **** deterrent."
  • "** **** ***** ** remind ****** *** ** tailgate."
  • "********* ******* ******** **** at **** ******** *** exit."
  • "** ******** *** ***** beside *** ****** *** add ******* **** ********** with *** ******."
  • "** **** ******* ************, single ***** ******** **** tailgate ******* *** *********."

**********

******* ******, ** *** absolute, ****** ** *********** the **** ** ** leave *********** *** ******** to ********* ********. ******* a *** ** *************, procedures, *** ******** *** security ******* ** ********** and **** **** *** managed.

  • "***** ******* ** ** the *****, ********* ********* it ***** *** ****** control ***."
  • "** ****** ******* **. When ** ***** ******** admin *****, ** **** explicit ************ ** *** do ****."
  • "****** *********** **** ****** disciplinary *******, ********* ********** of *****, ****** ********** from ****, ***."
  • "(*** *****) **** **** ** into ***** ********* **** this ** *** *** it **** ** ****, plus, **** ********* **** reads ** ***** **** sheets, *** ********* ********* on **. ** *** have ** ********** *** the *******, ***** *****, reports **** ** ** good."
  • "******* *********** ** ******* the ***** ** *** main ********.  **** ***** most ** *** ****."

Do *******

* ****** ** *********, about **%, ********* **** they ** *** ******* the ***** ** ***, or *** ******** ** weak.  *** ******** ******* is ****** *** ********* to ** ***** ****** to ******* ********** ******** ** additional ***** ** *******.

  • "*** **** *** ** currently "****" **** **** is **** *** "**** on *** *****" *** people *** ** ****."
  • "** ** ********* ** ignored *******."
  • "** ** ******, ** don't ******. *** ********'* aren't ****** *** ********* about **."
  • "*** ********* ** *** see *** ****, ******* us ****** ** ******** them."
  • "**** ** ******* *********, no *** ******* **** addressing **.  **** *** a *** ***** ******."

Tough *******

*** ****** ** *****: totally ******** *** ******* is ********* *** ***** a ****** ** ********* used ** ***********.  ******* answers ********* *** ********** in ******** *** *******, and *** ******** ******* needed:

  • "*** *** ******** **** has ***** ******** **** it ******* *********. **** have ***** **** *** Apple *******. **** **** offending *****. *** ** ends *****. **** ***** anti-passback *** ********* *** a *** **** *** found *** *** ********* the ******* ***. ***** jaws *** *** *****. By *** *** **** offenders **** ** *** executive ********. ***** *** no ********* *** **. After ******** ********* ** dollars ** ****** *** traps / **-*** *******, it *** *** ****** off. ******* ****** ********** authority **** **** *****, it ***'* ******."
  • "**** ** * ***** issue. ******* ** *** sites **** *********** ******* and *** *** ****** control ** * "****-**" system, ** ** * user *****'* **** ****, the ****** ***** ** as ****** **** *** absent **** ****. **** of *** ***** **** also ******** **** **** anti-passback ********. **** ** the ***** **** **** cameras ** *** ***** and *** ***** ****** the ****** ******* *** take ****** ******* *** people ******* *********** *** also *** ****** ******** the ************ ** **********."

Comments (4)

Interesting information. I would think video analytics would be tailor made for this, along with agressive followup.

Video can document and assess whether a piggy back occured, but doesn't have any means to stop it, right? Unless there's an analytic used as an occupancy sensor in a sallyport/man trap scenario in which only (1) person at a time can occupy the space.

that is why I mentioned agressive followup. Video can not stop it, but it can be used as a teaching tool.

Going one step further, if the analytics were good enough, you could sound an alarm at that door to alert the end user that he just piggy-backed. Bring their attention to it. Piggy backing is a serious issue and will not stop without agressive followup and training.

Keeping unathorized individuals out of your facility is security 101 stuff. An awful lot of serious infractions and penetrations are caused by ignoring seemingly harmless events.

Boon Edam did a tailgating survey. Obviously, it's skewed given their interests / sales but the claims are wild: "More than 50% of those surveyed believe the cost of a breach caused by tailgating would be from $150,000 up to “too high to measure.”

Read this IPVM report for free.

This article is part of IPVM's 6,736 reports, 909 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now
Loading Related Reports