Practical Solutions To Piggybacking and Tailgating

By: Brian Rhodes, Published on Feb 12, 2015

Piggybacking and tailgating are two of access control's biggest threats. In this note, we share survey results from more than 100 integrators about the specific steps they have implemented to solve them.

Results

We asked "How do you deal with the problems of users sharing credentials (ie: Piggybacking) or holding doors open for others (ie: Tailgating)?"

More than 100 integrators and end users responded. A breakdown of their answers into common groups is given below:

************ *** ********** *** two ** ****** *******'* biggest *******. ** **** note, ** ***** ****** results **** **** **** 100 *********** ***** *** specific ***** **** **** implemented ** ***** ****.

*******

** ***** "*** ** *** **** with *** ******** ** users ******* *********** (**: Piggybacking) ** ******* ***** open *** ****** (**: Tailgating)?"

**** **** *** *********** and *** ***** *********. A ********* ** ***** answers **** ****** ****** is ***** *****:

[***************]

*** **** * **** breakdown ** *** ******* is ***** *****:

The ***** *******

*** ***** *** ********, the *** ******** ** polled ** **** ******** are ************ ********* ** address *** ******* **** traditional ****** ******* *******. These ****** *** ******** defined **:

  • **********: ** ********* *** risk ** ***** ******* open ***** ** ***** more **** *** **** to **** ** *** ****** ******* ******: ********** ****. ****** ******* ******* have * ********* **** preventing *** *******, ** they **** ******* ***** on ******** *****; *** how **** **** *** opened.
  • ********: * ******* ******* is ********** ******* (************ called '********') *** ** users handing their *********** ** *** person ****** *** ******* a ***** ** *** door, *** ** *** turnstile, *** ** **. Access ******* ***** ******* methods ** ********* *********, alarms, ** **** ****** denial ****** '****-********', *** the *** ** ********* readers **** *** ******* the *******. ** ******** the ******* ** *** ******** ******* ****.

Answers *******

********* ********* **** **** ten ********* ******* ** control ** ******** *** risk. **** **** **% of *** ********* ********* more **** *** ****** of ******* *** **** than **% ********* *** or ****.

**** **** ****, *** options ***** **** *** most ******** *****:

  • *******:*** **** ****** ******** involved ***** ************ ******* to ****** *** ****** no ****** *** ********* at ****** ******.
  • **********:*** **** ****** '******' method **** ***** **********, revolving *****, ** ******** to ********** ******* **** than ** ****** ****** ***** at *** ****.
  • *******:*** **** ****** '****' measure ** ***** **** indirectly ** ********* ******* the **** *** *** use ** ***** ** remind ****** **** ******** the ****** ******* ****** or ********** ******** ********.
  • *******:***** **% ** ********* said **** ****** ** nothing ***** *** *****.  Either ********** ** ** too ******, ** ** is *** ****** ** a **** ** ******* countermeasures.

Key ******

** *** ******** *****, we **** *** ********** approaches *********** **** ** controlling ** ********** *** tailgating *** **** **** problem:

***** ***********: ******* *********** ******* with ****** ** * popular ********, **** **** responses ********** ** ** the ***** ****** **** when ****** **** *****:

  • "********* ** *** ******** access ********** *****\***** ** piggy **** **** ********** security *******"
  • "** ******* **** ******* ******** the ***** *** **** a ******** ****** ***** with ****** ******* ****** that ***** * **** every **** * **** or ****** ** ******."
  • "*** ******** ****** ** the ****** *** ***** access ***** ** *** a ******** **** ******* at *** ********* ****/**** if *** ****** ****** does *** ***** *** snapshot."
  • "*********** ***** ** * administration *** *** ******** deterrent."
  • "** ******* ******* **** to *** **** ** a **** ***** ** attached ***** **** ***** of **** ****. **'* then ** ** *** owner ** ******* ***** policy."

*******, ****** ***** ** actively ********* ** **********/******** events *********, ** ** not * ***** ******** for *** ********.  **** placing ******* ***** **** are ******* ******* ** including ****** **** ******** can ****** *********** *** be ******* **** **** if *** ****** *** not ******** ********* ** paired **** ***** *******.  

Strict ********

***** ********** **** *** hardest ******** ** ********** or ******* *** ***** directly.  *********** ******** **** turnstiles, ** '**** ************' are **** ** ******** physically ******* ******.

**********

** **** *****, ***** install ******** **** ******* control *** **** ****** enter ** *** ****.  The ********** **** ** almost ****** **********, ***** a **** ****** ** propped ** **** **** for ******.  ******, ** order ** ******* *** turnstile, **** **** **** present * **********.

  • "** ** ** * high ******** ***********, ** recommend *** ************ ** a ********* **** ********."
  • "*** ******* *** ** to ******* **** ********** turnstiles. ***** **** *** one ****** ******* ** a ****. **'* *** the ******** ******."
  • "*** ****, ** ******."
  • "********* **** (**** **** Tourlock), **** ****** ***** video ******* **** ******* Letters ***** ** ***** file."
  • "******* ********** ** ******* by ***** ******** *****."
  • "**********- * **** ***** Entrance ******** *** ******* Security ****** *** **** volume *****."

**** *** (************)

** * ****** ******, users ********* **** ************ controls ** ******** **** credentials **** ***** **** out ** ********.  **** typically ***** * **** cannot ** **** ** the **** ****** ***** (especially ** ***** **********) without ***** **** ***** at ***** *******.  ** most *****, *** ******* flow ** ***** ** an ****** ********** ******** are **** ****** ** simply ******* ** '********' an ****** ********** **** through * *********, *****, or ******.

  • "** * ****-****** ****** into ** **** ** swiping *** **** *** tries ** *** *** card ** *** ***** area ******* ***** ******* the ******** ****, *** card ** ******** *** a ****** **** ** his ********** ** ***/*****."
  • "** ****** *** ******* that ***** ***** *** if **** ***-**-****. ** works."
  • "*** ******* **** ********* alarms **** ******** ** tried.  ********** ** *** possible ******* ** *** turnstiles."
  • "** *** ************ **** turns *** * **** if **** **** ***** scanning ** ** *** of * ******** ****."

******

***** ***** ******** ********** manpower ** ****** ***** to ****** *** ****, and **** ****** ******** addressed ******** **** ********* when **** ******:

  • "****** *** ****** ** cross ****** ******* *** authorized *********** *** ******* inside."
  • "****** ********* ****** *** **********."
  • "*** ***** *** ****** to **** **** **** stuff **** *** ******."
  • "* ***** ******** ***** reminding ****** **** ** twice *** ******* ** the **** ********."
  • "** *** *** ********* of ********** ** ********, the ****** **** ***** you ** ***********."

Soft ********

***** ***** *** **** stringent, *** *********** ***** systems **** ** ***** risk, *** *** **** expensive, **** *********, *** overall ********* *** **** popular **** ** ******* with *** *****.

*******

**** ********* ******* ******* signs ** ****** ******** is *********. ***** ***** nothing ** ******** ******** the ****, ******* ** a ********** ******** ** users ** *** ****** or ********* *** ****** system.

  • "***** ***** ********* ******** of ***** ************ ****** with ******** ******* ****** entrants ** * **** deterrent."
  • "** **** ***** ** remind ****** *** ** tailgate."
  • "********* ******* ******** **** at **** ******** *** exit."
  • "** ******** *** ***** beside *** ****** *** add ******* **** ********** with *** ******."
  • "** **** ******* ************, single ***** ******** **** tailgate ******* *** *********."

**********

******* ******, ** *** absolute, ****** ** *********** the **** ** ** leave *********** *** ******** to ********* ********. ******* a *** ** *************, procedures, *** ******** *** security ******* ** ********** and **** **** *** managed.

  • "***** ******* ** ** the *****, ********* ********* it ***** *** ****** control ***."
  • "** ****** ******* **. When ** ***** ******** admin *****, ** **** explicit ************ ** *** do ****."
  • "****** *********** **** ****** disciplinary *******, ********* ********** of *****, ****** ********** from ****, ***."
  • "(*** *****) **** **** ** into ***** ********* **** this ** *** *** it **** ** ****, plus, **** ********* **** reads ** ***** **** sheets, *** ********* ********* on **. ** *** have ** ********** *** the *******, ***** *****, reports **** ** ** good."
  • "******* *********** ** ******* the ***** ** *** main ********.  **** ***** most ** *** ****."

Do *******

* ****** ** *********, about **%, ********* **** they ** *** ******* the ***** ** ***, or *** ******** ** weak.  *** ******** ******* is ****** *** ********* to ** ***** ****** to ******* ********** ******** ** additional ***** ** *******.

  • "*** **** *** ** currently "****" **** **** is **** *** "**** on *** *****" *** people *** ** ****."
  • "** ** ********* ** ignored *******."
  • "** ** ******, ** don't ******. *** ********'* aren't ****** *** ********* about **."
  • "*** ********* ** *** see *** ****, ******* us ****** ** ******** them."
  • "**** ** ******* *********, no *** ******* **** addressing **.  **** *** a *** ***** ******."

Tough *******

*** ****** ** *****: totally ******** *** ******* is ********* *** ***** a ****** ** ********* used ** ***********.  ******* answers ********* *** ********** in ******** *** *******, and *** ******** ******* needed:

  • "*** *** ******** **** has ***** ******** **** it ******* *********. **** have ***** **** *** Apple *******. **** **** offending *****. *** ** ends *****. **** ***** anti-passback *** ********* *** a *** **** *** found *** *** ********* the ******* ***. ***** jaws *** *** *****. By *** *** **** offenders **** ** *** executive ********. ***** *** no ********* *** **. After ******** ********* ** dollars ** ****** *** traps / **-*** *******, it *** *** ****** off. ******* ****** ********** authority **** **** *****, it ***'* ******."
  • "**** ** * ***** issue. ******* ** *** sites **** *********** ******* and *** *** ****** control ** * "****-**" system, ** ** * user *****'* **** ****, the ****** ***** ** as ****** **** *** absent **** ****. **** of *** ***** **** also ******** **** **** anti-passback ********. **** ** the ***** **** **** cameras ** *** ***** and *** ***** ****** the ****** ******* *** take ****** ******* *** people ******* *********** *** also *** ****** ******** the ************ ** **********."

Comments (4)

Interesting information. I would think video analytics would be tailor made for this, along with agressive followup.

Video can document and assess whether a piggy back occured, but doesn't have any means to stop it, right? Unless there's an analytic used as an occupancy sensor in a sallyport/man trap scenario in which only (1) person at a time can occupy the space.

that is why I mentioned agressive followup. Video can not stop it, but it can be used as a teaching tool.

Going one step further, if the analytics were good enough, you could sound an alarm at that door to alert the end user that he just piggy-backed. Bring their attention to it. Piggy backing is a serious issue and will not stop without agressive followup and training.

Keeping unathorized individuals out of your facility is security 101 stuff. An awful lot of serious infractions and penetrations are caused by ignoring seemingly harmless events.

Boon Edam did a tailgating survey. Obviously, it's skewed given their interests / sales but the claims are wild: "More than 50% of those surveyed believe the cost of a breach caused by tailgating would be from $150,000 up to “too high to measure.”

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports

Access Control Course Fall 2019 - Last Chance on Oct 17, 2019
Register Now - Fall 2019 Access Control Course. Thursday, October 17th is the last day to register. IPVM offers the most comprehensive access...
2020 Access Control Book Released on Dec 19, 2019
This is the best, most comprehensive access control book in the world, based on our unprecedented research and testing has been significantly...
Designing Access Control Guide on Jan 30, 2019
Designing an access control solution requires decisions on 8 fundamental questions. This in-depth guide helps you understand the options and...
Responsibility Split Selecting Locks - Statistics on Jul 22, 2019
A heated access debate surrounds who should pick and install the locks. While responsible for selecting the control systems, integrators often...
Biometrics Usage Statistics 2019 on Aug 13, 2019
Biometrics are commonly used in phones, but how frequently are they used for access? 150+ integrators told us how often they use biometrics,...
Access Control Mantraps Guide on Sep 26, 2019
One of access's primary goals is keeping people out of places they should not be, but slipping through open doors (ie: Tailgating) is often...
Access Control Mustering Guide on Sep 30, 2019
In emergencies, determining where employees are located can be critical for knowing whether they are in danger. Access systems can be used for...
Securing Access Control Installations Tutorial on Oct 17, 2019
The physical security of access control components is critical to ensuring that a facility is truly secure. Otherwise, the entire system can be...
Tailgating: Access Control Tutorial on Oct 31, 2019
Nearly all access control systems are vulnerable to an easy exploit called 'tailgating'. Indeed, a friendly gesture in holding doors for others...
Hotel Access Control Explained on Dec 23, 2019
Hotel access control does not work like typical commercial access control because doors in hotels are not typically directly connected to a central...

Most Recent Industry Reports

Every VMS Will Become a VSaaS on Feb 21, 2020
VMS is ending. Soon every VMS will be a VSaaS. Competitive dynamics will be redrawn. What does this mean? VMS Historically...
Video Surveillance 101 Course - Last Chance on Feb 20, 2020
This is the last chance to join IPVM's first Video Surveillance 101 course, designed to help those new to the industry to quickly understand the...
Vulnerability Directory For Access Credentials on Feb 20, 2020
Knowing which access credentials are insecure can be difficult to see, especially because most look and feel the same. Even insecure 125 kHz...
AI/Smart Camera Tutorial on Feb 20, 2020
Cameras with video analytics, sometimes called 'Smart' camera or 'AI' cameras, etc. are one of the most promising growth areas of video...
China Manufacturer Suffers Coronavirus Scare on Feb 20, 2020
Uniview suffered a significant health scare last week after one of its employees reported a fever and initially tested positive for coronavirus....
Cheap Camera Problems at Night on Feb 19, 2020
Cheap cameras generally have problems at night, despite the common perception that integrated IR makes cameras mostly the same, according to new...
Milestone Launches Multiple Cloud Solutions on Feb 18, 2020
Milestone is going to the cloud, becoming one of the last prominent VMSes to do so. Milestone is clearly late but how competitive do these new...
Video Surveillance Architecture 101 on Feb 18, 2020
Video surveillance can be designed and deployed in a number of ways. This 101 examines the most common options and architectures used in...
UK Stands Behind Hikvision But Controversy Continues on Feb 18, 2020
Hikvision is exhibiting at a UK government conference for law enforcement, provoking controversy from the press, politicians, and activists due to...
IronYun AI Analytics Tested on Feb 17, 2020
Taiwan startup IronYun has raised tens of millions for its "mission to be the leading Artificial Intelligence, big data video software as a service...