Practical Solutions To Piggybacking and Tailgating

By: Brian Rhodes, Published on Feb 12, 2015

Piggybacking and tailgating are two of access control's biggest threats. In this note, we share survey results from more than 100 integrators about the specific steps they have implemented to solve them.

Results

We asked "How do you deal with the problems of users sharing credentials (ie: Piggybacking) or holding doors open for others (ie: Tailgating)?"

More than 100 integrators and end users responded. A breakdown of their answers into common groups is given below:

************ *** ********** *** two ** ****** *******'* biggest *******. ** **** note, ** ***** ****** results **** **** **** 100 *********** ***** *** specific ***** **** **** implemented ** ***** ****.

*******

** ***** "*** ** *** **** with *** ******** ** users ******* *********** (**: Piggybacking) ** ******* ***** open *** ****** (**: Tailgating)?"

**** **** *** *********** and *** ***** *********. A ********* ** ***** answers **** ****** ****** is ***** *****:

[***************]

*** **** * **** breakdown ** *** ******* is ***** *****:

The ***** *******

*** ***** *** ********, the *** ******** ** polled ** **** ******** are ************ ********* ** address *** ******* **** traditional ****** ******* *******. These ****** *** ******** defined **:

  • **********: ** ********* *** risk ** ***** ******* open ***** ** ***** more **** *** **** to **** ** *** ****** ******* ******: ********** ****. ****** ******* ******* have * ********* **** preventing *** *******, ** they **** ******* ***** on ******** *****; *** how **** **** *** opened.
  • ********: * ******* ******* is ********** ******* (************ called '********') *** ** users handing their *********** ** *** person ****** *** ******* a ***** ** *** door, *** ** *** turnstile, *** ** **. Access ******* ***** ******* methods ** ********* *********, alarms, ** **** ****** denial ****** '****-********', *** the *** ** ********* readers **** *** ******* the *******. ** ******** the ******* ** *** ******** ******* ****.

Answers *******

********* ********* **** **** ten ********* ******* ** control ** ******** *** risk. **** **** **% of *** ********* ********* more **** *** ****** of ******* *** **** than **% ********* *** or ****.

**** **** ****, *** options ***** **** *** most ******** *****:

  • *******:*** **** ****** ******** involved ***** ************ ******* to ****** *** ****** no ****** *** ********* at ****** ******.
  • **********:*** **** ****** '******' method **** ***** **********, revolving *****, ** ******** to ********** ******* **** than ** ****** ****** ***** at *** ****.
  • *******:*** **** ****** '****' measure ** ***** **** indirectly ** ********* ******* the **** *** *** use ** ***** ** remind ****** **** ******** the ****** ******* ****** or ********** ******** ********.
  • *******:***** **% ** ********* said **** ****** ** nothing ***** *** *****.  Either ********** ** ** too ******, ** ** is *** ****** ** a **** ** ******* countermeasures.

Key ******

** *** ******** *****, we **** *** ********** approaches *********** **** ** controlling ** ********** *** tailgating *** **** **** problem:

***** ***********: ******* *********** ******* with ****** ** * popular ********, **** **** responses ********** ** ** the ***** ****** **** when ****** **** *****:

  • "********* ** *** ******** access ********** *****\***** ** piggy **** **** ********** security *******"
  • "** ******* **** ******* ******** the ***** *** **** a ******** ****** ***** with ****** ******* ****** that ***** * **** every **** * **** or ****** ** ******."
  • "*** ******** ****** ** the ****** *** ***** access ***** ** *** a ******** **** ******* at *** ********* ****/**** if *** ****** ****** does *** ***** *** snapshot."
  • "*********** ***** ** * administration *** *** ******** deterrent."
  • "** ******* ******* **** to *** **** ** a **** ***** ** attached ***** **** ***** of **** ****. **'* then ** ** *** owner ** ******* ***** policy."

*******, ****** ***** ** actively ********* ** **********/******** events *********, ** ** not * ***** ******** for *** ********.  **** placing ******* ***** **** are ******* ******* ** including ****** **** ******** can ****** *********** *** be ******* **** **** if *** ****** *** not ******** ********* ** paired **** ***** *******.  

Strict ********

***** ********** **** *** hardest ******** ** ********** or ******* *** ***** directly.  *********** ******** **** turnstiles, ** '**** ************' are **** ** ******** physically ******* ******.

**********

** **** *****, ***** install ******** **** ******* control *** **** ****** enter ** *** ****.  The ********** **** ** almost ****** **********, ***** a **** ****** ** propped ** **** **** for ******.  ******, ** order ** ******* *** turnstile, **** **** **** present * **********.

  • "** ** ** * high ******** ***********, ** recommend *** ************ ** a ********* **** ********."
  • "*** ******* *** ** to ******* **** ********** turnstiles. ***** **** *** one ****** ******* ** a ****. **'* *** the ******** ******."
  • "*** ****, ** ******."
  • "********* **** (**** **** Tourlock), **** ****** ***** video ******* **** ******* Letters ***** ** ***** file."
  • "******* ********** ** ******* by ***** ******** *****."
  • "**********- * **** ***** Entrance ******** *** ******* Security ****** *** **** volume *****."

**** *** (************)

** * ****** ******, users ********* **** ************ controls ** ******** **** credentials **** ***** **** out ** ********.  **** typically ***** * **** cannot ** **** ** the **** ****** ***** (especially ** ***** **********) without ***** **** ***** at ***** *******.  ** most *****, *** ******* flow ** ***** ** an ****** ********** ******** are **** ****** ** simply ******* ** '********' an ****** ********** **** through * *********, *****, or ******.

  • "** * ****-****** ****** into ** **** ** swiping *** **** *** tries ** *** *** card ** *** ***** area ******* ***** ******* the ******** ****, *** card ** ******** *** a ****** **** ** his ********** ** ***/*****."
  • "** ****** *** ******* that ***** ***** *** if **** ***-**-****. ** works."
  • "*** ******* **** ********* alarms **** ******** ** tried.  ********** ** *** possible ******* ** *** turnstiles."
  • "** *** ************ **** turns *** * **** if **** **** ***** scanning ** ** *** of * ******** ****."

******

***** ***** ******** ********** manpower ** ****** ***** to ****** *** ****, and **** ****** ******** addressed ******** **** ********* when **** ******:

  • "****** *** ****** ** cross ****** ******* *** authorized *********** *** ******* inside."
  • "****** ********* ****** *** **********."
  • "*** ***** *** ****** to **** **** **** stuff **** *** ******."
  • "* ***** ******** ***** reminding ****** **** ** twice *** ******* ** the **** ********."
  • "** *** *** ********* of ********** ** ********, the ****** **** ***** you ** ***********."

Soft ********

***** ***** *** **** stringent, *** *********** ***** systems **** ** ***** risk, *** *** **** expensive, **** *********, *** overall ********* *** **** popular **** ** ******* with *** *****.

*******

**** ********* ******* ******* signs ** ****** ******** is *********. ***** ***** nothing ** ******** ******** the ****, ******* ** a ********** ******** ** users ** *** ****** or ********* *** ****** system.

  • "***** ***** ********* ******** of ***** ************ ****** with ******** ******* ****** entrants ** * **** deterrent."
  • "** **** ***** ** remind ****** *** ** tailgate."
  • "********* ******* ******** **** at **** ******** *** exit."
  • "** ******** *** ***** beside *** ****** *** add ******* **** ********** with *** ******."
  • "** **** ******* ************, single ***** ******** **** tailgate ******* *** *********."

**********

******* ******, ** *** absolute, ****** ** *********** the **** ** ** leave *********** *** ******** to ********* ********. ******* a *** ** *************, procedures, *** ******** *** security ******* ** ********** and **** **** *** managed.

  • "***** ******* ** ** the *****, ********* ********* it ***** *** ****** control ***."
  • "** ****** ******* **. When ** ***** ******** admin *****, ** **** explicit ************ ** *** do ****."
  • "****** *********** **** ****** disciplinary *******, ********* ********** of *****, ****** ********** from ****, ***."
  • "(*** *****) **** **** ** into ***** ********* **** this ** *** *** it **** ** ****, plus, **** ********* **** reads ** ***** **** sheets, *** ********* ********* on **. ** *** have ** ********** *** the *******, ***** *****, reports **** ** ** good."
  • "******* *********** ** ******* the ***** ** *** main ********.  **** ***** most ** *** ****."

Do *******

* ****** ** *********, about **%, ********* **** they ** *** ******* the ***** ** ***, or *** ******** ** weak.  *** ******** ******* is ****** *** ********* to ** ***** ****** to ******* ********** ******** ** additional ***** ** *******.

  • "*** **** *** ** currently "****" **** **** is **** *** "**** on *** *****" *** people *** ** ****."
  • "** ** ********* ** ignored *******."
  • "** ** ******, ** don't ******. *** ********'* aren't ****** *** ********* about **."
  • "*** ********* ** *** see *** ****, ******* us ****** ** ******** them."
  • "**** ** ******* *********, no *** ******* **** addressing **.  **** *** a *** ***** ******."

Tough *******

*** ****** ** *****: totally ******** *** ******* is ********* *** ***** a ****** ** ********* used ** ***********.  ******* answers ********* *** ********** in ******** *** *******, and *** ******** ******* needed:

  • "*** *** ******** **** has ***** ******** **** it ******* *********. **** have ***** **** *** Apple *******. **** **** offending *****. *** ** ends *****. **** ***** anti-passback *** ********* *** a *** **** *** found *** *** ********* the ******* ***. ***** jaws *** *** *****. By *** *** **** offenders **** ** *** executive ********. ***** *** no ********* *** **. After ******** ********* ** dollars ** ****** *** traps / **-*** *******, it *** *** ****** off. ******* ****** ********** authority **** **** *****, it ***'* ******."
  • "**** ** * ***** issue. ******* ** *** sites **** *********** ******* and *** *** ****** control ** * "****-**" system, ** ** * user *****'* **** ****, the ****** ***** ** as ****** **** *** absent **** ****. **** of *** ***** **** also ******** **** **** anti-passback ********. **** ** the ***** **** **** cameras ** *** ***** and *** ***** ****** the ****** ******* *** take ****** ******* *** people ******* *********** *** also *** ****** ******** the ************ ** **********."

Comments (4)

Interesting information. I would think video analytics would be tailor made for this, along with agressive followup.

Video can document and assess whether a piggy back occured, but doesn't have any means to stop it, right? Unless there's an analytic used as an occupancy sensor in a sallyport/man trap scenario in which only (1) person at a time can occupy the space.

that is why I mentioned agressive followup. Video can not stop it, but it can be used as a teaching tool.

Going one step further, if the analytics were good enough, you could sound an alarm at that door to alert the end user that he just piggy-backed. Bring their attention to it. Piggy backing is a serious issue and will not stop without agressive followup and training.

Keeping unathorized individuals out of your facility is security 101 stuff. An awful lot of serious infractions and penetrations are caused by ignoring seemingly harmless events.

Boon Edam did a tailgating survey. Obviously, it's skewed given their interests / sales but the claims are wild: "More than 50% of those surveyed believe the cost of a breach caused by tailgating would be from $150,000 up to “too high to measure.”

Read this IPVM report for free.

This article is part of IPVM's 6,307 reports, 842 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

Access Control Course Spring 2020 - Register Now - Last Chance on Apr 21, 2020
IPVM offers the most comprehensive access control course in the industry. Thursday, April 23rd is the last day to register, as the course will...
Low-Tech Access Control: Master Keying Explained on Jan 09, 2020
Mechanical keys are one of the most fundamental forms of access control. 'Master Keying' can allow individually different credential keys to...
Propped Doors Access Control Tutorial on Jan 07, 2020
Doors should keep 'bad guys' out, but a common access control problem is people propping doors open, preventing them from being secure. Even...
Hotel Access Control Explained on Dec 23, 2019
Hotel access control does not work like typical commercial access control because doors in hotels are not typically directly connected to a central...
2020 Access Control Book Released on Dec 19, 2019
This is the best, most comprehensive access control book in the world, based on our unprecedented research and testing has been significantly...
Tailgating: Access Control Tutorial on Oct 31, 2019
Nearly all access control systems are vulnerable to an easy exploit called 'tailgating'. Indeed, a friendly gesture in holding doors for others...
Securing Access Control Installations Tutorial on Oct 17, 2019
The physical security of access control components is critical to ensuring that a facility is truly secure. Otherwise, the entire system can be...
Access Control Mustering Guide on Sep 30, 2019
In emergencies, determining where employees are located can be critical for knowing whether they are in danger. Access systems can be used for...
Access Control Mantraps Guide on Sep 26, 2019
One of access's primary goals is keeping people out of places they should not be, but slipping through open doors (ie: Tailgating) is often...
Door Operators Access Control Tutorial on Apr 17, 2019
Doors equipped with door operators, specialty devices that automate opening and closing, tend to be quite complex. The mechanisms needed to...

Most Recent Industry Reports

EyePark Presents Mobile Driver Authentication on Jun 05, 2020
EyePark presented its long-range QR code parking verification platform at the May 2020 IPVM Startups show. A 30-minute video from EyePark...
Bleenco "Under The Tongue" Temperature Detection Examined on Jun 05, 2020
"Say aah", says Bleenco, a PPE detection video analytics company, offering a different method for measuring body temperature with a thermal...
Hikvision and Uniview Entry Level Thermal Handheld Cameras Tested on Jun 05, 2020
While most screening systems cost $10,000 or more, manufacturers such as Hikvision and Uniview have now released handheld models for $1,000 or...
Sequr Presents HID based Cloud Access Control on Jun 04, 2020
Sequr presented HID based Cloud Access Control at the May 2020 IPVM Startups show. Inside this report: A 30-minute video from Sequr...
VergeSense Presents People Tracking Sensor on Jun 04, 2020
VergeSense presented its people tracking sensor and social distancing insights at the May 2020 IPVM Startups show. A 30-minute video from...
FLIR A Series Temperature Screening Cameras Tested on Jun 04, 2020
FLIR is one of the biggest names in thermal and one of the most conservative. While rivals have marketed fever detection, FLIR has stuck to EST...
"Fever Camera" Show On-Demand Watch Now on Jun 03, 2020
IPVM has successfully completed the world's first "Fever Camera" show. Recordings from Both days are posted at the end of this report for on-demand...
Cobalt Robotics Presents Indoor Security and Access Robots on Jun 03, 2020
Cobalt Robotics presented indoor security robots at the May 2020 IPVM Startups show. Inside this report: A 30-minute video from Cobalt...
Dahua Sues Ex-North American President, Says Legal Typo on Jun 03, 2020
Dahua's former North American President Frank Zhang claims he is owed almost $11 million but Dahua counter claims it is just a "scrivener's error",...
Smart Entry Systems Presents Cloud Multi-Tenant Access Control on Jun 02, 2020
Smart Entry Systems presented Cloud Multi-Tenant Access Control at the May 2020 IPVM Startups show. Inside this report: A 30-minute video...