Travelers with malicious intent could abuse global entry system

Travelers With 'Malicious Intent' Could Abuse Global Entry System, Report Finds

A system that allows international travelers to skip lines when entering the U.S. is ‘vulnerable to exploitation,’ according to a new report from the Department of Homeland Security.

The Global Entry system aims to help overworked customs agents and exhausted passengers alike. The program, implemented by U.S. Customs and Border Protection, allows pre-vetted travelers to enter the country through a kiosk system rather than waiting in long lines to speak to an agent.

But while Global Entry has been popular among travelers – six million Americans are signed up to date – the program is also “vulnerable to exploitation” by criminals seeking to enter the U.S., according to a new report by the inspector general’s office within the Department of Homeland Security.

It wasn’t the actual technology that was at fault, the report found. When travelers enrolled in Global Entry arrive in the U.S., they head to a kiosk that scans their passport and immigration documents before printing a receipt. According to procedure, the passengers must then hand their receipt to a customs officer for inspection before they can officially enter the country.

In nine airports inspected by the office, that procedure was not always followed. Customs officers granted entry to as many as 5,751 Global Entry members without “verifying the authenticity” of their kiosk receipts, according to the report.

“Unless CBP officers authenticate kiosk receipts, someone could use a fraudulent receipt to enter the United States,” the report reads.

The officers also failed to properly check the receipts for a security code that changes on a daily basis, and did not take corrective action when they were notified that the code had been posted online or discarded nearby.

One of the reasons why officers were less inclined to verify the receipts: the process is “cumbersome, ineffective and inadequate,” the report found. The specific verification process was largely redacted from the report.

For its part, CBP accepted each of the report’s recommendations, stating that it is working to remedy the vulnerabilities and ensure compliance with agency policy.

Tim Erlin, the vice president of product management and strategy at the security technology company Tripwire, said that one positive aspect of the report is that process is “often easier to fix than software.”

“It’s tempting to automate as much as possible for security, but maintaining human oversight and involvement is critical for identifying problems,” Erlin said.

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.

Featured

  • Video Surveillance Trends to Watch

    With more organizations adding newer capabilities to their surveillance systems, it’s always important to remember the “basics” of system configuration and deployment, as well as the topline benefits of continually emerging technologies like AI and the cloud. Read Now

  • New Report Reveals Top Trends Transforming Access Controller Technology

    Mercury Security, a provider in access control hardware and open platform solutions, has published its Trends in Access Controllers Report, based on a survey of over 450 security professionals across North America and Europe. The findings highlight the controller’s vital role in a physical access control system (PACS), where the device not only enforces access policies but also connects with readers to verify user credentials—ranging from ID badges to biometrics and mobile identities. With 72% of respondents identifying the controller as a critical or important factor in PACS design, the report underscores how the choice of controller platform has become a strategic decision for today’s security leaders. Read Now

  • Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years

    An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. Read Now

  • ASIS International Introduces New ANSI-Approved Investigations Standard

    • Guard Services
  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.