U.S. boarding pass system easy to circumvent

Published 20 January 2010

Unbelievable but true: If a terrorist obtains someone else’s credit card, he (the terrorist) could then follow instructions on the Internet to doctor a boarding pass; the terrorist could then show the fake boarding pass with his own name instead of the cardholder’s, along with his own ID, to pass through security, where the boarding pass is not scanned into the system; then at the gate, where the terrorist is not asked to show his ID again, he can simply hand in the real boarding pass with the cardholder’s name and be let onto the plane

Fake boarding pass // Source: wired.com

A confluence of loopholes involving online ticketing and security screening has Senator Chuck Schumer (D-New York) worried that terrorists could exploit these long-known-about weaknesses to strike commercial aircraft even if their names appeared on the federal no-fly list.

During a press conference on Sunday at his offices in New York City, Schumer outlines broadly how watch listed terrorists could make it past security and still board an airline, reports the Epoch Times.

While the con involves a sleight of hand, it is a rather unsophisticated ruse.

 

If a terrorist obtains someone else’s credit card, they could then follow instructions to doctor a boarding pass, which are easily accessible on the Internet. He could then show the fake boarding pass with his own name instead of the cardholder’s, along with his own ID to pass through security, where the boarding pass is not scanned into the system. Then at the gate, where he is not asked to show his ID again, he can simply hand in the real boarding pass with the cardholder’s name and be let onto the plane. This technique was posted on a Web site and proven achievable by an Indiana University student in 2006 and noted in a 2007 report by Transportation Security Administration (TSA).

 

More than three years ago, security maven Bruce Schneier explained this vulnerability more straightforwardly.

You can also use a fake boarding pass to fly on someone else’s ticket. The trick is to have two boarding passes: one legitimate, in the name the reservation is under, and another phony one that matches the name on your photo ID. Use the fake boarding pass in your name to get through airport security, and the real ticket in someone else’s name to board the plane.

 

This means that a terrorist on the no-fly list can get on a plane: He buys a ticket in someone else’s name, perhaps using a stolen credit card, and uses his own photo ID and a fake ticket to get through airport security. Since the ticket is in an innocent’s name, it won’t raise a flag on the no-fly list.

Matthew Harwood writes that to plug this security hole, Schumer wants security procedures to go back to how they were immediately following 9/11. After the terrorist attacks, passengers had to show their boarding pass and ID at their departing gate to ensure the names on each document matched. After two years, however, those security procedures were allowed to lapse. Schumer also called on the TSA to encrypt the barcodes on boarding passes so they cannot be forged. Finally, Schumer said he will introduce legislation making it a felony to alter or tamper with a boarding pass. The crime, according to WPIX.com, will be tantamount to manufacturing a fake ID. “It’s unbelievable that after years of recalibrating aviation and airport security so that we can keep a close eye on suspicious individuals, this enormous hole remains in the system,” Schumer said. “It has rendered the terrorist watch list nearly useless.”