Pesky Monkey

Seeing as the airline's own scanners missed this, the TSA ones would miss it as well.
The TSA guy missed the match between boarding pass and ID.
A scanner would not remedy this (unless the TDC was replaced by a machine, which is possible).

saulblum

http://www.flyertalk.com/forum/check...ses-fraud.html

$3.2 million for a pilot program to solve a non-existent problem.

Pesky Monkey

It would only validate the the boarding pass was real, not that it matched the ID. That would probably cost another $6.4 million.

saulblum

Exactly. It is the TSA way to spend millions for a technological solution that could be accomplished by a $50,000/year TDC, to solve a problem that doesn't need solving in the first place.

Pesky Monkey

Good point. I wouldn't take that job but I know some Poly Sci majors that would!

SirFlysALot

Actually it validates that the boarding pass is correct at the TDC. That technology already exists at a lot of the larger airports. Notice that your name on the ticket pops up on the BP checker.

I once got an upgrade after I had checked in. and before I got to the airport I was told by the TDC that my BP had "expired". He let me pass anyway.

cordelli

The new scanners will scan the ID to make sure it's valid, scan the boarding pass to make sure it's not been tampered with and is valid, and compare the two documents to make sure the names match.

From news reports on the scanners

“It will scan your ID to make sure it’s okay and then it will scan your boarding pass and compare the information,” said the TSA’s Mike McCarthy.


And from the TSA

In response to these vulnerabilities, the TSA is integrating its Credential Authentication Technology (CAT) with its Boarding Pass Scanning System (BPSS) technology. The goal of CAT/BPSS is to ensure that identity credentials and boarding passes presented at the checkpoint have not been tampered with or fraudulently produced. In addition the CAT/BPSS supports TSA efforts to ensure that the information on the boarding pass matches that of the identity credential.

...

CAT/BPSS compares the biographic information captured from the identity credential with the biographic information captured from the boarding pass to determine if the information is identical. This comparison will assist TSA by ensuring that both documents belong to the bearer.

It would have noticed the ID was different from the name on the boarding pass.

Wimpie

Maybe I'm thick - This improves security how?

saulblum

It improves the financial security of the scanners' manufacturers.

Wally Bird

On reading this latest breach (shock, horror!), it did occur to me that maybe some TDCs are smart enough to realize this whole thing is a charade and nothing remotely to do with security.

The old adage says that if something is worth doing it's worth doing well. The corollary is that if something is useless there's no point putting any effort into it. Highlighting or underlining the name on the BP to prove that the TDC did in fact look at it might support the notion that some don't treat the process with the seriousness the TSA wants.

Good for them.

Jupiter's Ally

Please excuse my naivety to the situation...
Why would boarding pass / ID mismatch be a security issue? For the airline, I understand that it is a revenue protection measure; but security???

jkhuggins

Here is the argument, from TSA's perspective.

TSA has two lists: the "no-fly" list of people who are not allowed to fly aboard commercial aircraft, and a "selectee" list of people who are only allowed to fly aboard commercial aircraft with additional screening performed at the checkpoint.

Instead of checking passengers against such lists at the checkpoint, TSA has pushed this activity back onto the airlines. When a passenger checks in for a flight and attempts to print a boarding pass (be it at home or at the airport), the airline relays the passenger's identifying information to The Powers That Be, who check the information against the master lists. If the name is not on the lists, the passenger can print the boarding pass. If the name is on the lists, the passenger is directed to airline personnel at the airport for further assistance.

So, when a passenger arrives at a checkpoint, how is TSA to know that the passenger is not on the no-fly list? In principle, the answer is "because the passenger has a boarding pass and a matching ID" --- because the existence of the boarding pass is sufficient evidence that the passenger is not on the no-fly list. This assumes, however, that the boarding pass and matching ID presented are both valid, and both match the passenger presenting them.

So, that's TSA's argument. I will leave the poking of holes in that argument as an exercise for the reader.

cordelli

From one of the DHS documents about the scanners

Which of course totally goes against all the times they say it's no problem since they screen everybody.

Notwithstanding, certain security vulnerabilities associated with boarding passes are well-known. For example, in fall 2006 a doctoral student at Indiana University created a website that enabled individuals to create fake boarding passes. This website garnered significant media attention, as it demonstrated how a known terrorist on the Watch or No-Fly List could use a fake boarding pass to gain access to the sterile area of the airport. Once inside the sterile area, the terrorist could use a real boarding pass acquired under an alias to board the plane or otherwise disrupt the sterile area.

In response to these vulnerabilities, the TSA is integrating its Credential Authentication Technology (CAT) with its Boarding Pass Scanning System (BPSS) technology. The goal of CAT/BPSS is to ensure that identity credentials and boarding passes presented at the checkpoint have not been tampered with or fraudulently produced. In addition the CAT/BPSS supports TSA efforts to ensure that the information on the boarding pass matches that of the identity credential.

So even though they need to spend the insane amount of money to verify the ID's and boarding passes, every time something like this happens, they blow it off as no biggie, saying

“Passengers are subject to a robust security system that employs multiple layers, including thorough screening of every passenger at the checkpoint, the presence of behavior detection officers, federal air marshals, armed pilots and a vigilant public, as well as many others, both seen and unseen,” the statement says.

“The system is designed so if one layer of security does not meet our standards, there are many others in place to ensure the safety of the traveling public,” according to the statement.