By John Kendall.
The desire to fly safely means that air travellers generally support airport security measures, such as providing personal information or undergoing security checks that they might be less willing to undergo on other occasions. However, as the nature of air travel changes – with greater use of self-service processing, the emergence of international transfer hubs and stricter industry security requirements – security measures need to continually evolve to ultimately ensure that only authorised passengers board a flight.
John Kendall, Director of Security Program for Unisys Asia Pacific looks at how airport security is moving deeper into the passenger’s airport journey.
Efficiency versus security – a delicate balancing act
Airport operators and airlines must grapple with the need to provide a positive customer experience, efficiently move passengers through the airport and run a profitable business while ensuring the airport facility, flights, passengers and national borders are secured. At the crux of this is confidence that the passengers boarding a flight are only those who have been authorised to do so.
Traditionally, the vetting of passengers flying internationally has largely been the realm of government agencies such as immigration and customs, after the airline has confirmed during check-in that a passenger’s passport has met the visa requirements for the destination country.
Airlines typically perform a manual visual check of passengers against their passport details and photo as they board a flight, but this superficial check is far from rigorous.
It is getting more difficult to verify the identities of travellers boarding flights, particularly in transit airports where boarding passes can be swapped without the need to go through local immigration checks. This issue was highlighted recently after investigations into the missing Malaysia Airlines flight MH370 revealed that two passengers were travelling on lost or stolen passports.
Biometric-based identification would allow airlines to more effectively confirm that the person stepping onto a plane is the genuine owner of the passport and boarding pass they carry. A biometric such as fingerprints, facial structure, the iris or a person’s voice pattern is a measurable characteristic that is unique to an individual.
Many immigration and customs organisations use biometrics today for border security as part of ePassport and trusted traveller programs. But the latest Unisys Security Index1 survey found there is also strong public support for expanded use of biometrics to confirm the identities of passengers as they board a flight. Specifically, the research shows that 75 per cent of Australians are willing to provide biometric information, such as a fingerprint or photograph, so that an automated boarding gate can confirm their identities when they board a flight.
Conversely, the same survey found that only 33 per cent of Australians are willing to provide biometric information in order to access customised retail offers in the airport.
This shows that Australians are discriminating when it comes to the use of personal biometric data and are wary if the use is not directly linked to a security related initiative in the nation’s airports.
Previous Unisys Security Index research found that 51 per cent of Australians are concerned about a data breach by accidental loss, theft or deliberate hacking at airlines and hotels including frequent flyer programs. This was much lower than the level of concern about similar breaches at financial service institutions, telecommunication providers and health organisations.
So airlines currently enjoy public trust in the way that they manage sensitive personal data; offering a window of opportunity to introduce biometrics for improved security measures.
The challenge for airlines is that if they are to maintain the public’s trust, they will not only need to protect the data they collect – they will need to be seen to protect it in the way the public expects.
Managing data and maintaining public trust
In order for airlines and airports to cost effectively enhance security processes while protecting sensitive data and information on passengers, there are several key points to consider.
The first consideration is to ensure that all of the devices used to collect or access personal or sensitive data within the airport are adequately protected.
Today’s workers access sensitive data remotely, not only on company devices, but on personal ones as well. Any device used to access the network or store personal information is an ‘endpoint’ – whether it is a desktop PC or smartphone. Without the right protection, cybercriminals could access private information by reusing an authorised account or password.
To combat this, airports and airlines can secure their infrastructure by cloaking data communications endpoints on the network – making them dark to outside hackers and segmenting the network virtually, not physically.
The second consideration is to ensure that only the right personnel can access and manage sensitive information. This can be done by segregating the data on the network so that only approved staff can see or access the data.
Furthermore, airports and airlines should consider multifactor authentication to verify the identity of employees accessing systems containing sensitive information. This means verifying an employee’s identity not only by ‘what they know’ (a PIN or a password) but also with ‘something they have’ (a token key), or better still, ‘who they are’ (a biometric).
Finally, to truly ensure that sensitive information is managed in the most secure way possible, an ongoing communication program is required to educate and remind all employees about the role they play in protecting the personal information of passengers and the reputation of the airline or airport.
All employees should be familiar with the airport or airline’s privacy policies and should understand what the consequences are for not complying with them.
A new era in airport security
Recently, Malaysia’s AirAsia announced it would become the world’s first airline to check the passports of all its passengers against Interpol’s global database of 42 million stolen or lost travel documents during check-in. While this does not involve biometrics, it is an example of an airline increasing the robustness of its security checks.
Asia Pacific has long been at the forefront of implementing high-tech airport security programs, such as SmartGate – a program that allows low risk travellers from certain countries to access expedited processing through passport control via dedicated lanes and kiosks.
Ultimately, there appears to be strong public support for increased security measures where they can see a clear security benefit. However, public support cannot be assumed. For example, the research also found 71 per cent of Australians said that they would be willing to provide personal biometric data to prove their identities as frequent travellers of low security risk – compared to just 35 per cent of Malaysians.
Given the willingness of the public to supply biometric information for airport security programs and the desire of government agencies, airport operators and airlines to work closer together towards a common security goal, additional security measures – such as biometrics – can be embedded deeper into the airport journey with minimal disruption. And we can be confident that the passengers boarding a flight are authorised to do so.
1 – The Unisys Security Index asked more than 2,000 Australians and Malaysians in what circumstances would they be willing to provide biometric information during the airport journey. More detail available at www.unisyssecurityindex.com.au.
John Kendall is Director of Security Program for Unisys Asia Pacific. He has worked with clients in the USA, Europe, Africa, Asia, Latin America and the South Pacific, with a particular focus on helping public sector organisations leverage innovative identification and biometric technology to provide secure and cost-effective service to their citizens and business communities.