Practical Solutions To Piggybacking and Tailgating

By: Brian Rhodes, Published on Feb 12, 2015

Piggybacking and tailgating are two of access control's biggest threats. In this note, we share survey results from more than 100 integrators about the specific steps they have implemented to solve them.

Results

We asked "How do you deal with the problems of users sharing credentials (ie: Piggybacking) or holding doors open for others (ie: Tailgating)?"

More than 100 integrators and end users responded. A breakdown of their answers into common groups is given below:

************ *** ********** *** two ** ****** *******'* biggest *******. ** **** note, ** ***** ****** results **** **** **** 100 *********** ***** *** specific ***** **** **** implemented ** ***** ****.

*******

** ***** "*** ** *** **** with *** ******** ** users ******* *********** (**: Piggybacking) ** ******* ***** open *** ****** (**: Tailgating)?"

**** **** *** *********** and *** ***** *********. A ********* ** ***** answers **** ****** ****** is ***** *****:

[***************]

*** **** * **** breakdown ** *** ******* is ***** *****:

The ***** *******

*** ***** *** ********, the *** ******** ** polled ** **** ******** are ************ ********* ** address *** ******* **** traditional ****** ******* *******. These ****** *** ******** defined **:

  • **********: ** ********* *** risk ** ***** ******* open ***** ** ***** more **** *** **** to **** ** *** ****** ******* ******: ********** ****. ****** ******* ******* have * ********* **** preventing *** *******, ** they **** ******* ***** on ******** *****; *** how **** **** *** opened.
  • ********: * ******* ******* is ********** ******* (************ called '********') *** ** users handing their *********** ** *** person ****** *** ******* a ***** ** *** door, *** ** *** turnstile, *** ** **. Access ******* ***** ******* methods ** ********* *********, alarms, ** **** ****** denial ****** '****-********', *** the *** ** ********* readers **** *** ******* the *******. ** ******** the ******* ** *** ******** ******* ****.

Answers *******

********* ********* **** **** ten ********* ******* ** control ** ******** *** risk. **** **** **% of *** ********* ********* more **** *** ****** of ******* *** **** than **% ********* *** or ****.

**** **** ****, *** options ***** **** *** most ******** *****:

  • *******:*** **** ****** ******** involved ***** ************ ******* to ****** *** ****** no ****** *** ********* at ****** ******.
  • **********:*** **** ****** '******' method **** ***** **********, revolving *****, ** ******** to ********** ******* **** than ** ****** ****** ***** at *** ****.
  • *******:*** **** ****** '****' measure ** ***** **** indirectly ** ********* ******* the **** *** *** use ** ***** ** remind ****** **** ******** the ****** ******* ****** or ********** ******** ********.
  • *******:***** **% ** ********* said **** ****** ** nothing ***** *** *****.  Either ********** ** ** too ******, ** ** is *** ****** ** a **** ** ******* countermeasures.

Key ******

** *** ******** *****, we **** *** ********** approaches *********** **** ** controlling ** ********** *** tailgating *** **** **** problem:

***** ***********: ******* *********** ******* with ****** ** * popular ********, **** **** responses ********** ** ** the ***** ****** **** when ****** **** *****:

  • "********* ** *** ******** access ********** *****\***** ** piggy **** **** ********** security *******"
  • "** ******* **** ******* ******** the ***** *** **** a ******** ****** ***** with ****** ******* ****** that ***** * **** every **** * **** or ****** ** ******."
  • "*** ******** ****** ** the ****** *** ***** access ***** ** *** a ******** **** ******* at *** ********* ****/**** if *** ****** ****** does *** ***** *** snapshot."
  • "*********** ***** ** * administration *** *** ******** deterrent."
  • "** ******* ******* **** to *** **** ** a **** ***** ** attached ***** **** ***** of **** ****. **'* then ** ** *** owner ** ******* ***** policy."

*******, ****** ***** ** actively ********* ** **********/******** events *********, ** ** not * ***** ******** for *** ********.  **** placing ******* ***** **** are ******* ******* ** including ****** **** ******** can ****** *********** *** be ******* **** **** if *** ****** *** not ******** ********* ** paired **** ***** *******.  

Strict ********

***** ********** **** *** hardest ******** ** ********** or ******* *** ***** directly.  *********** ******** **** turnstiles, ** '**** ************' are **** ** ******** physically ******* ******.

**********

** **** *****, ***** install ******** **** ******* control *** **** ****** enter ** *** ****.  The ********** **** ** almost ****** **********, ***** a **** ****** ** propped ** **** **** for ******.  ******, ** order ** ******* *** turnstile, **** **** **** present * **********.

  • "** ** ** * high ******** ***********, ** recommend *** ************ ** a ********* **** ********."
  • "*** ******* *** ** to ******* **** ********** turnstiles. ***** **** *** one ****** ******* ** a ****. **'* *** the ******** ******."
  • "*** ****, ** ******."
  • "********* **** (**** **** Tourlock), **** ****** ***** video ******* **** ******* Letters ***** ** ***** file."
  • "******* ********** ** ******* by ***** ******** *****."
  • "**********- * **** ***** Entrance ******** *** ******* Security ****** *** **** volume *****."

**** *** (************)

** * ****** ******, users ********* **** ************ controls ** ******** **** credentials **** ***** **** out ** ********.  **** typically ***** * **** cannot ** **** ** the **** ****** ***** (especially ** ***** **********) without ***** **** ***** at ***** *******.  ** most *****, *** ******* flow ** ***** ** an ****** ********** ******** are **** ****** ** simply ******* ** '********' an ****** ********** **** through * *********, *****, or ******.

  • "** * ****-****** ****** into ** **** ** swiping *** **** *** tries ** *** *** card ** *** ***** area ******* ***** ******* the ******** ****, *** card ** ******** *** a ****** **** ** his ********** ** ***/*****."
  • "** ****** *** ******* that ***** ***** *** if **** ***-**-****. ** works."
  • "*** ******* **** ********* alarms **** ******** ** tried.  ********** ** *** possible ******* ** *** turnstiles."
  • "** *** ************ **** turns *** * **** if **** **** ***** scanning ** ** *** of * ******** ****."

******

***** ***** ******** ********** manpower ** ****** ***** to ****** *** ****, and **** ****** ******** addressed ******** **** ********* when **** ******:

  • "****** *** ****** ** cross ****** ******* *** authorized *********** *** ******* inside."
  • "****** ********* ****** *** **********."
  • "*** ***** *** ****** to **** **** **** stuff **** *** ******."
  • "* ***** ******** ***** reminding ****** **** ** twice *** ******* ** the **** ********."
  • "** *** *** ********* of ********** ** ********, the ****** **** ***** you ** ***********."

Soft ********

***** ***** *** **** stringent, *** *********** ***** systems **** ** ***** risk, *** *** **** expensive, **** *********, *** overall ********* *** **** popular **** ** ******* with *** *****.

*******

**** ********* ******* ******* signs ** ****** ******** is *********. ***** ***** nothing ** ******** ******** the ****, ******* ** a ********** ******** ** users ** *** ****** or ********* *** ****** system.

  • "***** ***** ********* ******** of ***** ************ ****** with ******** ******* ****** entrants ** * **** deterrent."
  • "** **** ***** ** remind ****** *** ** tailgate."
  • "********* ******* ******** **** at **** ******** *** exit."
  • "** ******** *** ***** beside *** ****** *** add ******* **** ********** with *** ******."
  • "** **** ******* ************, single ***** ******** **** tailgate ******* *** *********."

**********

******* ******, ** *** absolute, ****** ** *********** the **** ** ** leave *********** *** ******** to ********* ********. ******* a *** ** *************, procedures, *** ******** *** security ******* ** ********** and **** **** *** managed.

  • "***** ******* ** ** the *****, ********* ********* it ***** *** ****** control ***."
  • "** ****** ******* **. When ** ***** ******** admin *****, ** **** explicit ************ ** *** do ****."
  • "****** *********** **** ****** disciplinary *******, ********* ********** of *****, ****** ********** from ****, ***."
  • "(*** *****) **** **** ** into ***** ********* **** this ** *** *** it **** ** ****, plus, **** ********* **** reads ** ***** **** sheets, *** ********* ********* on **. ** *** have ** ********** *** the *******, ***** *****, reports **** ** ** good."
  • "******* *********** ** ******* the ***** ** *** main ********.  **** ***** most ** *** ****."

Do *******

* ****** ** *********, about **%, ********* **** they ** *** ******* the ***** ** ***, or *** ******** ** weak.  *** ******** ******* is ****** *** ********* to ** ***** ****** to ******* ********** ******** ** additional ***** ** *******.

  • "*** **** *** ** currently "****" **** **** is **** *** "**** on *** *****" *** people *** ** ****."
  • "** ** ********* ** ignored *******."
  • "** ** ******, ** don't ******. *** ********'* aren't ****** *** ********* about **."
  • "*** ********* ** *** see *** ****, ******* us ****** ** ******** them."
  • "**** ** ******* *********, no *** ******* **** addressing **.  **** *** a *** ***** ******."

Tough *******

*** ****** ** *****: totally ******** *** ******* is ********* *** ***** a ****** ** ********* used ** ***********.  ******* answers ********* *** ********** in ******** *** *******, and *** ******** ******* needed:

  • "*** *** ******** **** has ***** ******** **** it ******* *********. **** have ***** **** *** Apple *******. **** **** offending *****. *** ** ends *****. **** ***** anti-passback *** ********* *** a *** **** *** found *** *** ********* the ******* ***. ***** jaws *** *** *****. By *** *** **** offenders **** ** *** executive ********. ***** *** no ********* *** **. After ******** ********* ** dollars ** ****** *** traps / **-*** *******, it *** *** ****** off. ******* ****** ********** authority **** **** *****, it ***'* ******."
  • "**** ** * ***** issue. ******* ** *** sites **** *********** ******* and *** *** ****** control ** * "****-**" system, ** ** * user *****'* **** ****, the ****** ***** ** as ****** **** *** absent **** ****. **** of *** ***** **** also ******** **** **** anti-passback ********. **** ** the ***** **** **** cameras ** *** ***** and *** ***** ****** the ****** ******* *** take ****** ******* *** people ******* *********** *** also *** ****** ******** the ************ ** **********."

Comments (4)

Interesting information. I would think video analytics would be tailor made for this, along with agressive followup.

Video can document and assess whether a piggy back occured, but doesn't have any means to stop it, right? Unless there's an analytic used as an occupancy sensor in a sallyport/man trap scenario in which only (1) person at a time can occupy the space.

that is why I mentioned agressive followup. Video can not stop it, but it can be used as a teaching tool.

Going one step further, if the analytics were good enough, you could sound an alarm at that door to alert the end user that he just piggy-backed. Bring their attention to it. Piggy backing is a serious issue and will not stop without agressive followup and training.

Keeping unathorized individuals out of your facility is security 101 stuff. An awful lot of serious infractions and penetrations are caused by ignoring seemingly harmless events.

Boon Edam did a tailgating survey. Obviously, it's skewed given their interests / sales but the claims are wild: "More than 50% of those surveyed believe the cost of a breach caused by tailgating would be from $150,000 up to “too high to measure.”

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Access Control

Securing Access Control Installations Tutorial on Oct 17, 2019
The physical security of access control components is critical to ensuring that a facility is truly secure. Otherwise, the entire system can be...
Access Control Course Fall 2019 - Last Chance on Oct 17, 2019
Register Now - Fall 2019 Access Control Course. Thursday, October 17th is the last day to register. IPVM offers the most comprehensive access...
Pelco CEO Out, New CEO Found on Oct 15, 2019
Just 2 months after Pelco was sold, Pelco's CEO is out, with Pelco bringing in an outside President and searching for a new CEO from the industry,...
HID Fingerprint Reader Tested on Oct 09, 2019
HID has released their first access reader to use Lumidigm optical sensors, that touts it 'works with anyone, anytime, anywhere'. We bought and...
Fail Safe vs. Fail Secure Tutorial on Oct 02, 2019
Few terms carry greater importance in access control than 'fail safe' and 'fail secure'. Access control professionals must know how these...
Access Control Mustering Guide on Sep 30, 2019
In emergencies, determining where employees are located can be critical for knowing whether they are in danger. Access systems can be used for...
Access Control Mantraps Guide on Sep 26, 2019
One of access's primary goals is keeping people out of places they should not be, but slipping through open doors (ie: Tailgating) is often...
Access Control Time & Attendance Guide on Sep 24, 2019
Access control systems can do more than lock doors. With little or no extra equipment, they can be used to track labor hours for employees...
Open Access Controller Guide (Axis, HID, Isonas, Mercury) on Sep 19, 2019
In the access control market, there are many software platforms, but only a few companies that make non-proprietary door controllers. Recently,...
Directory of 70 Video Surveillance Startups on Sep 18, 2019
This directory provides a list of video surveillance startups to help you see and research what companies are new or not yet broadly known. 2019...

Most Recent Industry Reports

Hikvision Global News Reports Directory on Oct 17, 2019
Hikvision has received the most global news reporting of any video surveillance company, ever, ranging from the WSJ, the Financial Times, Reuters,...
Camera Calculator V3.1 Release Improves User Experience on Oct 17, 2019
IPVM has released a new version of our Camera Calculator, V3.1, with significant user experience improvements, a new development plan, and an...
Securing Access Control Installations Tutorial on Oct 17, 2019
The physical security of access control components is critical to ensuring that a facility is truly secure. Otherwise, the entire system can be...
Access Control Course Fall 2019 - Last Chance on Oct 17, 2019
Register Now - Fall 2019 Access Control Course. Thursday, October 17th is the last day to register. IPVM offers the most comprehensive access...
US DoD Comments on Huawei, Hikvision, Dahua Cyber Security Concerns on Oct 16, 2019
A senior DoD official said the US is "concerned" with the cybersecurity of Hikvision, Dahua, and Huawei due to "CCP" (China Communist Party)...
Pelco Sarix Pro3 Camera Tested on Oct 16, 2019
Pelco has released their Sarix Professional Series 3 cameras, claiming "more security detail in challenging scenes with excellent low light and...
IPVM Camera Calculator User Manual / Guide on Oct 16, 2019
Learn how to use the IPVM Camera Calculator. The guide below includes instructions, images, gifs, and videos demonstrating and explaining the...
Altronix Claims Tango 'Eliminates Electricians' on Oct 15, 2019
Power supply provider Altronix claims its new Tango power supply 'eliminates the need for an electrician, dedicated conduit and wire runs'. In...
Pelco CEO Out, New CEO Found on Oct 15, 2019
Just 2 months after Pelco was sold, Pelco's CEO is out, with Pelco bringing in an outside President and searching for a new CEO from the industry,...