In the high-risk airport environment, it’s imperative for operators to control access to sensitive areas such as runways, hangars, traffic control towers, baggage areas, data centres, and more. In most industries, an access control system that required workers to scan an ID card or enter a code would offer enough security. But codes and ID cards can be shared, presenting risks that the air travel industry cannot allow.
Biometrics – the use of biological characteristics to identify an individual – offers a solution, using techniques such as fingerprint scanning, iris scanning and facial recognition to determine whether somebody is authorised to enter a space.
For airports such as Frankfurt, which ranks as Germany’s biggest workplace with over 81,000 employees, biometric access offers a way to manage the movement of thousands of workers efficiently.
To identify the latest biometric solutions best suited to the airport environment, airport operator Fraport recently launched its “Biometrics@Controllane” project, which is focused on improving security at staff access control points.
Two partners have since been invited to trial their technology at Frankfurt Airport as part of a pilot scheme. Among them is Zwipe, a Norwegian biometric technology provider. The initiative will see approximately 40 checkpoints fitted with its Zwipe Access solution, which will add a second layer of authentication to Fraport’s existing access control systems using the company’s card-based fingerprint scanning system.
A self-contained security system
Biometrics are nothing new in aviation, having been widely implemented in the airport environment as part of efforts to improve security following 9/11. However, Zwipe is unique in its ability to shrink complex biometric access systems down to the size of a credit card.
Each user is provided with a personalised access card containing their unique fingerprint data. Fitted with a sensor, when the card is placed near to a reader, the card’s built-in verification function compares the user’s fingerprint with the stored biometric data to determine whether they match. If verification is successful, an access code is generated telling the control infrastructure to grant access.
The process is self-contained, meaning the authentication process takes place entirely within the card, powered by radio waves emitted by the access terminal. As a result, a separate biometric reading device isn’t required and airports can enable Zwipe’s two-factor authentication without replacing existing infrastructure such as card readers and pin pads.
By removing the need to interact with a separate reader, Zwipe says it has reduced the biometric authentication process down to just one second, making it up to six times faster than alternative systems.
“The proposition of being able to add a whole new level of security through biometrics, without upgrading, replacing or adding to existing infrastructure – which reduces the cost, time, and complexity of implementation – are huge benefits,” Zwipe CEO André Løvestam says.
Improving airport security
While IT budgets fell during the pandemic, a recent survey found by ACI World and SITA found that many airports are looking to maintain or increase their IT spending in 2022. Looking to improve security as passenger and employee numbers rebound, biometric solutions are on top of the industry’s wishlist. According to the study, nearly three-quarters of airports are planning to invest in biometric technology by 2024.
“Security sensitive areas such as airports require a gapless security mindset and solutions,” explains Christian Vaas, Zwipe’s Vice President of ID-Solutions & Access Control. “Any additional step is an additional security risk, and having this in ID card form covers all these aspects to create a highly secure application.”
The use of fingerprints means that even if a Zwipe Access card is lost or stolen, there is still no way for a breach to occur. Zwipe is not alone in offering biometric solutions, but alternatives often come with limitations that add complexity, cause discomfort and present additional security risks.
For instance, facial scanning systems require cameras that create privacy concerns, while finger-scanning terminals require users’ data to be stored in central databases. With Zwipe’s solution, the process is entirely self-contained, using biometric data that is stored on the card, with no connection to additional systems required for authentication to take place.
Likewise, the system also generates a proof of presence, allowing operators to track and trace employees as they move between sensitive areas and determine who would present should an incident occur.
Protecting employee data
While airport security protocols have undergone a great deal of improvement over the past 20 years, recent studies have shown shortcomings in cybersecurity.
In 2020, two years after the General Data Protection Regulation (GDPR) was adopted across the European Union, IT security company ImmuniWeb found that 76% of airport websites continued to fall foul of data protection laws. Some 97% were using outdated web software and 24% had known exploitable vulnerabilities.
Analysis by GlobalData shows that the industry is taking cybersecurity seriously, with 49% of airport equipment supply, product and services companies actively hiring for cybersecurity roles as of February 2022.
However, as the recent Securitas data breach shows, there is still a present risk to employee and user data. In January, an unsecured server belonging to the security services provider exposed personal information belonging to 1.5 million airport employees in Latin America.
The collection and storage of biometric data does little to ease peoples’ concerns, with 72% worried about its misuse or theft, according to a recent GetApp survey.
However, Zwipe’s lack of a central database removes the threat of a large scale breach, essentially putting the protection of each end user’s biometric data in their own hands.
This data is encrypted and stored on government-grade secure elements within the access card, and the company says it has worked with penetration testers to check for any vulnerabilities that could compromise the data.
“It doesn’t rely on a central database, which means that it’s less exposed to hacking attempts and also addresses the regulations around GDPR,” Løvestam explains. “Breaching it would require a huge investment and this simply is not a feasible value proposition for any hacker.”
Reducing staff shortages
While air travel has bounced back from Covid-19, severe staffing shortages have left airports struggling to cope with demand. In the UK, passengers have complained of hours-long delays at security checkpoints and queues snaking throughout terminals.
The problem is believed to be related to recruitment issues, with airports facing competition from the recovering leisure and hospitality industries.
As of May, Brussels Airport had more than 1,000 vacancies, while London Heathrow has said it is ‘rushing’ to hire 12,000 new workers to cope with demand. Covid-19-related absences have only compounded the issue, making hygiene a primary concern for airports as the industry recovers.
“Biometrics is a touchy environment when it comes to fingerprint access control, which is the most common use case,” Vaas says. “Hygiene is a big concern here, and one that Zwipe Access covers very well.”
Typically, Covid-19 is spread through close contact with an infected person. However, studies have shown the virus can be transmitted by touching contaminated surfaces. To limit the risk of an outbreak, airports would need to frequently clean high-contact biometric scanners, or switch to touchless security methods such as Zwipe Access.
With users unable to share cards and no physical contact with a shared device required, the solution lowers the risk of germs spreading throughout the airport industry’s already stretched workforces.