This article will teach you how to secure your building using watch lists.
The basic idea of the watch list is to send an alert to predefined users (typically security) when a visitor matches a record in a watch list.
More specifically this article will cover the following topics:
- How to match visitors against a single list in a single location
- How the matching works
- Who sees the alert
- How to differentiate level of threat using multiple lists
- How to match visitors against external lists
- How to use a central list across multiple locations
- How to temporarily deactivate the watch list
How to match visitors against a single list in a single location
To match visitors against a single watch list in a single location, please follow these steps:
- Go to Account&Settings >Watch list
- Enable the feature
- Create a new list
- Name the Watch list. The name will appear in the alert email and in the export
- Add records in the list. First and last name are mandatory. Company name and email are optional
- Go to the Alerts tab and add the user(s) who need to receive the alert via email and/or SMS
How the matching works
Obviously, the list needs not only to match a record when there is an exact match, but also when visitors make typos or use abbreviations (e.g. Chris instead of Christopher). At the same time, if the list triggers too many matches, security will be overwhelmed with false alerts (aka “false positives”).
The objective is thus to find the right balance: allow for some variance in the name spelling without sending too many false positives.
In order to achieve this balance, matching works as follows: every time a visitor is created (at pre-registration or check-in), three checks are performed. If any of these checks results in a match, the alert will be sent.
The first check triggers an alert when the two following conditions are met
- The first letter of the first name matches
- The last name offers a so-called “fuzzy match”. That is, the last name is identical or similar
Table below show some examples of names that trigger an alert, or not.
|Example||Name entered at pre-registration or on the iPad||Record in watch list||Alert sent?|
|1||Teresa De Angelo||Tereza DeAngelo||
|2||Kimberly Oconnor||Kim O’Connor||
|3||Olaf Johnsson||Olav Jonson||
|4||Johan Kittori||Johan Quitori||
|5||Ronald Keegan||Ronald McArthur||
|6||Greg McArthur||Ronald McArthur||
|7||Beth Kinley||Elisabeth Kinley||
As you notice, the first check manages to identify close variations of last names (examples #1 to #4). At the same time, it does not trigger an alert when only the last name (or only the first name) matches, which is good as it rules out false positives (examples #5 and #6). However we could argue that an alert should have been sent in example #7.
This is why a second check is performed. In case the following 2 conditions are met, an alert will be sent:
- Last name offers a fuzzy match
- Company name offers a fuzzy match
Table below shows how this check will trigger an alert for the visitor that missed the first check.
|Example||Name and company entered at pre-registration or on the iPad||Record in Watchlist||Alert sent?|
|1||Beth Kinley, Boloo||Elisabeth Kinley, Bolo||
Finally, a third check is performed: if there is an exact match with the email address, an alert will be sent (irrespective of values of the other fields).
|Example||Name and company entered at pre-registration or on the iPad||Record in watch list||Alert sent?|
|1||Test Test, Test, firstname.lastname@example.org||Yasuhiro Heida, Manga Electronics, email@example.com||
Rationale is that email addresses are unique, so we consider security should be warned when there is a match.
Obviously, these three checks will still trigger false positives. Human judgment is then needed to identify the real threats. In order to help security guards assess the real threat posed by the visitor, quite some info is provided in the alert email (comparison of visitor info and record in watch list).
Who sees the alert
The alert is only sent to the recipients defined in Account and settings > Watch lists > Tab “Alerts”. In other words, the visitor will not be aware they triggered an alert. Also, Reception will not see anything special for this visitor in the dashboard. Rationale is to provide a check-in experience that is seemingly normal for the visitor and receptionist (in order to prevent a scene in front of other visitors) while at the same time alerting security. Of course, if you insert reception as recipient of the alert, they’ll be informed too.
In case the visitor matches multiple records in a single list, only one email is sent (on the first match). In case the visitor matches a record in multiple lists, one email per list will be sent.
In addition to the email, information about the alerts is provided in the exports where you’ll find the following information
- Whether or not the visitor triggered the alert (see column S in screenshot below)
- The name of the watch list (you can have more than one, see further)
- What record in the list triggered the alert
Exports can be generated from Visits > Reports (bottom of page).
Please note that in case the visitor triggered an alert in more than one list only the first list will be shown in the export. Similarly, in case a visitor triggered more than one alert in a given list only the first match will be shown.
How to differentiate level of threat using multiple lists
In case you want to differentiate level of threat posed by visitors, you can create multiple lists. As an example, let’s say you want to differentiate between
- “banned visitors” (security needs to prevent such visitors from entering)
- and “to be watched visitors” (they can enter but security needs to be aware they are in the building)
In order to do that, go to Account and settings > Watch lists and create a second watch list.
… so that the alerts are different in the inbox of security guards.
How to match visitors against external lists
Please contact us if you wish to check your visitors against a list provided by a third party. This can be done on a project basis.
How to use a central list across multiple locations
Let’s say you have 3 locations: New York, Paris and Singapore. You wish to have one central watch list (managed from the NY office) that should trigger an alert in case of a match in any of the 3 locations.
In order to do that please follow the following steps:
- Go to the New York account, Account and settings > Watch list and create the list. Name it “Global Watch List” (for instance) and enter the records.
- Log into the two other locations (as an admin) and go to Account and settings > Watch list
- Then hit “New watch list” > “Link a list from another location”
- Then select the list you want to link
Done. Visitors matching the list in any of the three locations will trigger the alert.
As a general note, the system is very flexible and will allow for many configurations:
- You can create multiple central lists
- You can create lists that are linked to some of your locations only (not all)
- You can create a central list and local lists. For instance, screenshot below shows the inbox of security in Singapore with 2 alerts: one that matched the central list and one that matched the local list
How to temporarily deactivate the watch list
In case you temporarily need to de-activate the alerts without deleting the list or removing the recipients, just put the list on “off”.