Is mobile passport control safe for enterprises and their traveling employees?

By: Arthur Cole


The U.S. Customs and Border Protection (CBP) agency is rapidly expanding its nearly 2-year-old Mobile Passport Control (MPC) project, which lets travelers bypass long lines at U.S. entry points with an expedited mobile app.

This project could have broad implications for enterprises that lack adequate mobile governance and security capabilities, especially considering many travelers will access the system from their corporate phones, possibly exposing personal and corporate data to unknown infrastructure.

Mobile passport control basics

Developed in conjunction with Airside Mobile and the Airports Council International-North America, the MPC app allows eligible travelers to upload their passport information to an online profile, which can then be used to skip the normal entry procedure used by legions of international travelers. According to Android Police, the program is currently operating at nearly a dozen international airports in the U.S., and the uptake has accelerated in recent months, with both the Orlando Airport and Denver Airport signing on in May.

Security concerns

Naturally, security is a primary concern when the words “passport” and “mobile” appear in the same sentence, as it is with all mobile apps. But because MPC is just another form of digital ID at heart, it will be secured by the same protocols that protect other mobile apps, such as purchasing apps that contain bank information and PINs.

In fact, Airside Mobile CEO Hans Miller told Planet Biometrics that the mobile infrastructure offers unique compartmentalization and data isolation capabilities that can make data more secure than it is on today’s wired platforms. At the same time, wireless devices themselves are also introducing new forms of authentication, such as biometrics, to make the screening process harder to penetrate.

Paper passports still required

MPC is currently the only mobile passport platform authorized by the CBP, and it is important to note that it does not replace the paper passport. Travelers must still show their physical passports to a customs officer, but the verification process is smoother because they’ve already submitted their photo and customs declaration through the app and answered the standard questions that are asked at the entry checkpoint.

Airports adopting MPC and analytics

Many airports are already seeing the value of expedited customs processes. At the Dallas/Fort Worth International Airport, inflows from the Gulf States alone increased 74 percent in 2014 to nearly half a million people, according to TradeArabia. Last February, the airport deployed MPC on a limited basis — for returning U.S. citizens and Canadians only — and is preparing for a broader rollout in the coming months. In the meantime, the airport uses MPC in conjunction with its own mobile app, which pushes real-time personalized information to travelers. Data from all these mobile endpoints is fed into advanced analytics engines to spot movement patterns and other trends, which can then be used to relieve bottlenecks with changes to airport design and operations.

MPC for business travelers

For business travelers, less time in the customs line is a major productivity boost, and with current airport overcrowding issues, anything that helps cut through the maddening crowds is welcome. However, most business travelers are using business or personal phones that may contain sensitive data. So, aside from trusting the CBP knows a thing or two about security, is there anything enterprises can do to ensure the safety of their employees’ mobile passports?

Security Intelligence explains that platforms such as the MaaS360 are intended to offer 24/7 mobile protection virtually anywhere in the world, and they are constantly being upgraded to provide superior service. With tools such as the IBM Security Access Manager, which provides single sign-on functionality, organizations can ensure proper authentication and compliance with established mobile policies, while the Cloud Security Enforcer provides visibility into all cloud resources being accessed for a check against the X-Force global threat intelligence network.

Foolproof security has yet to materialize, of course. But the fact remains that a mobile passport is no more or less secure than any other app, and the data being exposed is really no more sensitive than what is already bouncing around cell towers and across Wi-Fi connections. The bottom line is that if MPC makes travel a little less painful and fuels greater productivity among the international knowledge workforce, it can only be good news for enterprises.

Ready to take the next step? Schedule a consultation with an IBM Business Continuity Services expert.

Related topic: Disaster Recovery as a Service (DRaaS)

In depth: business continuity topics

Understand how to plan for and react when business disruptions are happening.

Adapt and respond to risks with a business continuity plan (BCP)
How to defend against cyber attacks
Do you have your disaster recovery plan (DRP)?
Defend against ransomware attacks
What is a data breach and how do you defend against one?
What is a recovery time objective (RTO) and how does it affect disaster recovery for your enterprise?
What is a recovery point objective (RPO)?

Topics: ,

About The Author

Arthur Cole

Freelance Writer

With more than 20 years of experience in technology journalism, Arthur has written on the rise of everything from the first digital video editing platforms to virtualization, advanced cloud architectures and the Internet of Things. He is a regular contributor to IT Business Edge and Enterprise Networking Planet and provides blog posts and other web... Read more