Over the past few months, the Transportation Security Administration (TSA) in the USA has been expanding the Secure Flight program aimed to increase aviation security, by incorporating more flight operators into the scheme. If you are new to the TSA's Secure Flight program, and have now been asked to start submitting Secure Flight Passenger Data, we can help you comply with the new requirements.
Under Secure Flight, TSA performs name vetting on the carrier-provided passenger data against federal watch lists, including the No Fly List and portions of the Terrorist Screening Database (TSDB) maintained by the FBI’s Terrorist Screening Center (TSC). This pre-screening aims to identify individuals that should undergo enhanced security screening at the airport as well as those that should not be permitted to enter the plane or the sterile area because of known or suspected ties to terrorist organizations.
In this article, you will find the answers to some of the frequently asked questions:
- Why is the Secure Flight program being expanded?
- Which carriers does Secure Flight apply to? Which flights are subject to Secure Flight?
- What obligations do carriers have under Secure Flight?
- How to submit the required Secure Flight information to TSA for vetting and pre-screening purposes?
- Is there a way to automate the traveler data submission for carriers?
- What happens after Secure Flight Passenger Data gets submitted to TSA?
- What are the possible results when TSA tries to match the name of a passenger against the government watch lists?
- What can be done for passengers whose names got mistakenly matched to a name on one of the U.S. watch lists? Is there a redress process?
In November 2022, the 2019 version of the list was hacked via an unsecured server hosted by CommuteAir, an Ohio-based regional airline. In January 2023, the leaked No Fly List got publicly exposed on the Internet. Those incidents placed TSA under the scrutiny of the Homeland Security Committee, and gave rise to a number of questions and concerns that TSA was asked to address. Prior to the above-mentioned incidents, some carriers, such as Twelve-Five and Private Charter operators, were permitted to access and reference the federal watch lists themselves in order to support pre-screening of airline passengers and employees. TSA had announced their intention to reduce the number of non-governmental entities with access to the federal watch lists already at the end of October 2022. While investigating the No Fly List leak, TSA continued to work on changing the old process. These changes should improve the cybersecurity of the screening database.
Until recently, the program used to generally apply to domestic and international passenger airlines that offer scheduled and public charter flights from commercial airports. As announced in October 2022, Twelve-Five and Private Charter operators would also participate in the Secure Flight program. As a result, about 554 of them are now being asked to meet TSA’s requirements for passenger data transfer.
Under the Secure Flight program, carriers need to provide TSA with sufficient traveler information for the purpose of checking against the applicable portions of the Terrorist Screening Database, and other watch lists to identify individuals who may need enhanced screening as well as those who are entirely banned from travel. TSA collects the minimum amount of personal information needed to perform effective matching, such as full name, date of birth, and gender.
Secure Flight Passenger Data (SFPD) needs to be collected and shared with TSA 72 hours prior to scheduled departure time. Any SFPD added or changed after this 72 hour mark needs to be sent immediately. This also concerns any data for bookings made within 72 hours before your flight departure time.
Currently, there are two SFPD data submission methods, offered by TSA. Carriers can submit the required data using the DHS router or the electronic Secure Flight (eSF) web application.
Yes. PnrGo is a TSA-certified data vendor that offers a one-stop software solution for TSA's Secure Flight program, connecting carriers directly to the DHS Router for the purpose of automated data submission. If you are interested in streamlining your SFPD submission process with a secured system-to-system connection and would like to learn more about PnrGo’s Secure Flight solution, you can schedule a demo session with one of our Sales Representatives.
Once the aircraft operator submits the required Secure Flight data, TSA uses the applicable government watch lists to check every passenger information and transmit the appropriate Boarding Pass Printing Result (BPPR) back to the carrier. PnrGo also supports the BPPR reception so you will be fully covered with us.
The BPPR indicates what security measures should be taken in regards to each screened individual.
What are the possible results when TSA tries to match the name of a passenger against the government watch lists?
The possible Boarding Pass Printing Results are as follows:
- Cleared status: the passenger has been checked by TSA and does not pose a threat to the air travel safety so they can fly with you.
- Selectee status: the passenger has been checked by TSA and may pose a threat to the air travel safety so they require enhanced screening before it can be determined whether they should be allowed to board an aircraft.
- Inhibited status: the passenger has matched a record on the No Fly List or any other watch list that indicates a severe threat to the air travel safety and should not be allowed to board an aircraft until this is clarified with TSA. Checking ID documents can help determine if the match is a false positive.
- Error: Secure Flight Passenger Data has not been submitted correctly and TSA is not able to proceed with the pre-screening process.
In general, no aircraft operator may override a TSA boarding pass printing result, unless explicitly authorized by TSA to do so. It’s important to note that the BPPR may be subject to change based on updated information from either side:
- Updated SFPD from aircraft operator: when the aircraft operator submits updated information to the TSA for an individual for whom TSA has already issued a BPPR, all previous BPPRs concerning that individual are voided and the aircraft operator has to wait for the new result from TSA in order to proceed.
- Updated BPPR from TSA: after issuing the initial BPPR, TSA may receive additional information concerning the individual and send an updated BPPR for that individual to the aircraft operator. The aircraft operator must acknowledge receipt of the updated result, comply with the new BPPR, and disregard all previous results.
What can be done for passengers whose names got mistakenly matched to a name on one of the U.S. watch lists? Is there a redress process?
When your passenger lands on the inhibited or selectee list and you believe it to be a mistake, you can always contact the Secure Flight Operations Center to clarify the situation. Moreover, passengers who regularly experience difficulties (such as denied/delayed airline boarding, denied/delayed entry into and exit from the U.S., or repeated additional screening at the airports) during travel can apply for a Redress Number under the Department of Homeland Security's Traveler Redress Inquiry Program (DHS TRIP), and use it for future reservations. The number alerts TSA that a traveler may be incorrectly added to a security watch list or shares exactly the same name as someone listed.
To easily comply with the new requirements of Secure Flight and start submitting SFPD to TSA in an automated way as soon as possible, contact PnrGo. We are a TSA-certified data vendor.