Practical Solutions To Piggybacking and Tailgating

By Brian Rhodes, Published on Feb 12, 2015

Piggybacking and tailgating are two of access control's biggest threats. In this note, we share survey results from more than 100 integrators about the specific steps they have implemented to solve them.

Results

We asked "How do you deal with the problems of users sharing credentials (ie: Piggybacking) or holding doors open for others (ie: Tailgating)?"

More than 100 integrators and end users responded. A breakdown of their answers into common groups is given below:

*** **** * **** breakdown ** *** ******* is ***** *****:

The ***** *******

*** ***** *** ********, the *** ******** ** polled ** **** ******** are ************ ********* ** address *** ******* **** traditional ****** ******* *******. These ****** *** ******** defined **:

  • **********: ** ********* *** risk ** ***** ******* open ***** ** ***** more **** *** **** to **** ** *** ****** ******* ******: ********** ****. ****** ******* ******* have * ********* **** preventing *** *******, ** they **** ******* ***** on ******** *****; *** how **** **** *** opened.
  • ********: * ******* ******* is ********** ******* (************ called '********') *** ** users handing their *********** ** *** person ****** *** ******* a ***** ** *** door, *** ** *** turnstile, *** ** **. Access ******* ***** ******* methods ** ********* *********, alarms, ** **** ****** denial ****** '****-********', *** the *** ** ********* readers **** *** ******* the *******. ** ******** the ******* ** *** ******** ******* ****.

Answers *******

********* ********* **** **** ten ********* ******* ** control ** ******** *** risk. **** **** **% of *** ********* ********* more **** *** ****** of ******* *** **** than **% ********* *** or ****.

**** **** ****, *** options ***** **** *** most ******** *****:

  • *******:*** **** ****** ******** involved ***** ************ ******* to ****** *** ****** no ****** *** ********* at ****** ******.
  • **********:*** **** ****** '******' method **** ***** **********, revolving *****, ** ******** to ********** ******* **** than ** ****** ****** ***** at *** ****.
  • *******:*** **** ****** '****' measure ** ***** **** indirectly ** ********* ******* the **** *** *** use ** ***** ** remind ****** **** ******** the ****** ******* ****** or ********** ******** ********.
  • *******:***** **% ** ********* said **** ****** ** nothing ***** *** *****.  Either ********** ** ** too ******, ** ** is *** ****** ** a **** ** ******* countermeasures.

Key ******

** *** ******** *****, we **** *** ********** approaches *********** **** ** controlling ** ********** *** tailgating *** **** **** problem:

***** ***********: ******* *********** ******* with ****** ** * popular ********, **** **** responses ********** ** ** the ***** ****** **** when ****** **** *****:

  • "********* ** *** ******** access ********** *****\***** ** piggy **** **** ********** security *******"
  • "** ******* **** ******* ******** the ***** *** **** a ******** ****** ***** with ****** ******* ****** that ***** * **** every **** * **** or ****** ** ******."
  • "*** ******** ****** ** the ****** *** ***** access ***** ** *** a ******** **** ******* at *** ********* ****/**** if *** ****** ****** does *** ***** *** snapshot."
  • "*********** ***** ** * administration *** *** ******** deterrent."
  • "** ******* ******* **** to *** **** ** a **** ***** ** attached ***** **** ***** of **** ****. **'* then ** ** *** owner ** ******* ***** policy."

*******, ****** ***** ** actively ********* ** **********/******** events *********, ** ** not * ***** ******** for *** ********.  **** placing ******* ***** **** are ******* ******* ** including ****** **** ******** can ****** *********** *** be ******* **** **** if *** ****** *** not ******** ********* ** paired **** ***** *******.  

Strict ********

***** ********** **** *** hardest ******** ** ********** or ******* *** ***** directly.  *********** ******** **** turnstiles, ** '**** ************' are **** ** ******** physically ******* ******.

**********

** **** *****, ***** install ******** **** ******* control *** **** ****** enter ** *** ****.  The ********** **** ** almost ****** **********, ***** a **** ****** ** propped ** **** **** for ******.  ******, ** order ** ******* *** turnstile, **** **** **** present * **********.

  • "** ** ** * high ******** ***********, ** recommend *** ************ ** a ********* **** ********."
  • "*** ******* *** ** to ******* **** ********** turnstiles. ***** **** *** one ****** ******* ** a ****. **'* *** the ******** ******."
  • "*** ****, ** ******."
  • "********* **** (**** **** Tourlock), **** ****** ***** video ******* **** ******* Letters ***** ** ***** file."
  • "******* ********** ** ******* by ***** ******** *****."
  • "**********- * **** ***** Entrance ******** *** ******* Security ****** *** **** volume *****."

**** *** (************)

** * ****** ******, users ********* **** ************ controls ** ******** **** credentials **** ***** **** out ** ********.  **** typically ***** * **** cannot ** **** ** the **** ****** ***** (especially ** ***** **********) without ***** **** ***** at ***** *******.  ** most *****, *** ******* flow ** ***** ** an ****** ********** ******** are **** ****** ** simply ******* ** '********' an ****** ********** **** through * *********, *****, or ******.

  • "** * ****-****** ****** into ** **** ** swiping *** **** *** tries ** *** *** card ** *** ***** area ******* ***** ******* the ******** ****, *** card ** ******** *** a ****** **** ** his ********** ** ***/*****."
  • "** ****** *** ******* that ***** ***** *** if **** ***-**-****. ** works."
  • "*** ******* **** ********* alarms **** ******** ** tried.  ********** ** *** possible ******* ** *** turnstiles."
  • "** *** ************ **** turns *** * **** if **** **** ***** scanning ** ** *** of * ******** ****."

******

***** ***** ******** ********** manpower ** ****** ***** to ****** *** ****, and **** ****** ******** addressed ******** **** ********* when **** ******:

  • "****** *** ****** ** cross ****** ******* *** authorized *********** *** ******* inside."
  • "****** ********* ****** *** **********."
  • "*** ***** *** ****** to **** **** **** stuff **** *** ******."
  • "* ***** ******** ***** reminding ****** **** ** twice *** ******* ** the **** ********."
  • "** *** *** ********* of ********** ** ********, the ****** **** ***** you ** ***********."

Soft ********

***** ***** *** **** stringent, *** *********** ***** systems **** ** ***** risk, *** *** **** expensive, **** *********, *** overall ********* *** **** popular **** ** ******* with *** *****.

*******

**** ********* ******* ******* signs ** ****** ******** is *********. ***** ***** nothing ** ******** ******** the ****, ******* ** a ********** ******** ** users ** *** ****** or ********* *** ****** system.

  • "***** ***** ********* ******** of ***** ************ ****** with ******** ******* ****** entrants ** * **** deterrent."
  • "** **** ***** ** remind ****** *** ** tailgate."
  • "********* ******* ******** **** at **** ******** *** exit."
  • "** ******** *** ***** beside *** ****** *** add ******* **** ********** with *** ******."
  • "** **** ******* ************, single ***** ******** **** tailgate ******* *** *********."

**********

******* ******, ** *** absolute, ****** ** *********** the **** ** ** leave *********** *** ******** to ********* ********. ******* a *** ** *************, procedures, *** ******** *** security ******* ** ********** and **** **** *** managed.

  • "***** ******* ** ** the *****, ********* ********* it ***** *** ****** control ***."
  • "** ****** ******* **. When ** ***** ******** admin *****, ** **** explicit ************ ** *** do ****."
  • "****** *********** **** ****** disciplinary *******, ********* ********** of *****, ****** ********** from ****, ***."
  • "(*** *****) **** **** ** into ***** ********* **** this ** *** *** it **** ** ****, plus, **** ********* **** reads ** ***** **** sheets, *** ********* ********* on **. ** *** have ** ********** *** the *******, ***** *****, reports **** ** ** good."
  • "******* *********** ** ******* the ***** ** *** main ********.  **** ***** most ** *** ****."

Do *******

* ****** ** *********, about **%, ********* **** they ** *** ******* the ***** ** ***, or *** ******** ** weak.  *** ******** ******* is ****** *** ********* to ** ***** ****** to ******* ********** ******** ** additional ***** ** *******.

  • "*** **** *** ** currently "****" **** **** is **** *** "**** on *** *****" *** people *** ** ****."
  • "** ** ********* ** ignored *******."
  • "** ** ******, ** don't ******. *** ********'* aren't ****** *** ********* about **."
  • "*** ********* ** *** see *** ****, ******* us ****** ** ******** them."
  • "**** ** ******* *********, no *** ******* **** addressing **.  **** *** a *** ***** ******."

Tough *******

*** ****** ** *****: totally ******** *** ******* is ********* *** ***** a ****** ** ********* used ** ***********.  ******* answers ********* *** ********** in ******** *** *******, and *** ******** ******* needed:

  • "*** *** ******** **** has ***** ******** **** it ******* *********. **** have ***** **** *** Apple *******. **** **** offending *****. *** ** ends *****. **** ***** anti-passback *** ********* *** a *** **** *** found *** *** ********* the ******* ***. ***** jaws *** *** *****. By *** *** **** offenders **** ** *** executive ********. ***** *** no ********* *** **. After ******** ********* ** dollars ** ****** *** traps / **-*** *******, it *** *** ****** off. ******* ****** ********** authority **** **** *****, it ***'* ******."
  • "**** ** * ***** issue. ******* ** *** sites **** *********** ******* and *** *** ****** control ** * "****-**" system, ** ** * user *****'* **** ****, the ****** ***** ** as ****** **** *** absent **** ****. **** of *** ***** **** also ******** **** **** anti-passback ********. **** ** the ***** **** **** cameras ** *** ***** and *** ***** ****** the ****** ******* *** take ****** ******* *** people ******* *********** *** also *** ****** ******** the ************ ** **********."

Comments (4)

Interesting information. I would think video analytics would be tailor made for this, along with agressive followup.

Video can document and assess whether a piggy back occured, but doesn't have any means to stop it, right? Unless there's an analytic used as an occupancy sensor in a sallyport/man trap scenario in which only (1) person at a time can occupy the space.

that is why I mentioned agressive followup. Video can not stop it, but it can be used as a teaching tool.

Going one step further, if the analytics were good enough, you could sound an alarm at that door to alert the end user that he just piggy-backed. Bring their attention to it. Piggy backing is a serious issue and will not stop without agressive followup and training.

Keeping unathorized individuals out of your facility is security 101 stuff. An awful lot of serious infractions and penetrations are caused by ignoring seemingly harmless events.

Boon Edam did a tailgating survey. Obviously, it's skewed given their interests / sales but the claims are wild: "More than 50% of those surveyed believe the cost of a breach caused by tailgating would be from $150,000 up to “too high to measure.”

Read this IPVM report for free.

This article is part of IPVM's 6,584 reports, 886 tests and is only available to members. To get a one-time preview of our work, enter your work email to access the full article.

Already a member? Login here | Join now

Related Reports

US GSA Explains NDAA 889 Part B Blacklisting on Jul 31, 2020
With the 'Blacklist Clause' going into effect August 13 that bans the US...
Network Cable Usage Statistics 2020 (Cat 5e vs Cat 6 vs Cat 6a) on Sep 02, 2020
Integrators are split between using Cat 5e, 6, and 6a but 2 of them have...
Door Fundamentals For Access Control Guide on Aug 24, 2020
Doors vary greatly in how difficult and costly it is to add electronic access...
Avigilon Aggressive Trade-In Program Takes Aim At Competitors on Oct 20, 2020
Avigilon has launched one of the most aggressive trade-in programs the video...
Cast Presents PoE Perimeter Lighting on Apr 28, 2020
Cast Lighting presented its PoE powered Perimeter fence system during the...
Hikvision Fever Screening Thermal Solutions Examined on Apr 13, 2020
Hikvision is marketing "safer, faster, smarter" with their Fever Screening...
Exit Devices For Access Control Tutorial on Aug 25, 2020
Exit Devices, also called 'Panic Bars' or 'Crash Bars' are required by safety...
Use Access Control Logs To Constrain Coronavirus on Apr 09, 2020
Access control users have included capabilities that are not commonly used...
Risks Of Managing End User Passwords (Statistics) 2020 on Sep 11, 2020
Alarmingly, most integrators used spreadsheets to manage passwords, IPVM...
Verkada Access Control Tested on Sep 09, 2020
Verkada raised $80 million earlier in 2020, expanding from video into access...
HID Presents Mercury Security & Aero Access Controllers on Aug 25, 2020
HID presented Mercury Security & Aero Access Controllers at the 2020 IPVM...
Avigilon Open Analytics Tested on Apr 16, 2020
After years of effectively closed analytics, Avigilon decided in late 2018 to...
Face Masks Increase Face Recognition Errors Says NIST on Aug 04, 2020
COVID-19 has led to widespread facemask use, which as IPVM testing has shown...
Access Credential Form Factor Tutorial on Feb 10, 2020
Deciding which access control credential to use and distribute, including...
Vehicle Gate Access Control Guide on Mar 19, 2020
Vehicle gate access control demands integrating various systems to keep...

Recent Reports

Avigilon Aggressive Trade-In Program Takes Aim At Competitors on Oct 20, 2020
Avigilon has launched one of the most aggressive trade-in programs the video...
Mexico Video Surveillance Market Overview 2020 on Oct 20, 2020
Despite being neighbors, there are key differences between the U.S. and...
Dahua Revenue Grows But Profits Down, Cause Unclear on Oct 20, 2020
While Dahua's overall revenue was up more than 12% in Q3 2020, a significant...
Illegal Hikvision Fever Screening Touted In Australia, Government Investigating, Temperature References Deleted on Oct 20, 2020
The Australian government told IPVM that they are investigating a Hikvision...
Panasonic Presents i-PRO Cameras and Video Analytics on Oct 19, 2020
Panasonic presented its i-PRO X-Series cameras and AI video analytics at the...
Augmented Reality (AR) Cameras From Hikvision and Dahua Examined on Oct 19, 2020
Hikvision, Dahua, and other China companies are marketing augmented reality...
18 TB Video Surveillance Drives (WD and Seagate) on Oct 19, 2020
Both Seagate and Western Digital recently announced 18TB hard drives...
Watrix Gait Recognition Profile on Oct 16, 2020
Watrix is the world's only gait recognition surveillance provider IPVM has...
Intel Presents Edge-to-Cloud Ecosystem for Video Analytics on Oct 16, 2020
Intel presented its processors and software toolkit for computer vision at...
Microsoft Azure Presents Live Video Analytics on Oct 15, 2020
Microsoft Azure presented its Live Video Analytics offering at the September...
Worst Manufacturer Technical Support 2020 on Oct 15, 2020
4 manufacturers stood out as providing the worst technical support to ~200...
Clorox Announces, Then Pulls, Fever Camera on Oct 15, 2020
For almost one week, Clorox was marketing fever cameras. The booming...
Faulty Hikvision Fever Cam Setup at Mexico City Basilica and Cathedral on Oct 14, 2020
Donated Hikvision fever cameras (claiming screening of 1,800 people/min. with...
Directory of 211 "Fever" Camera Suppliers on Oct 14, 2020
This directory provides a list of "Fever" scanning thermal camera providers...