Glossary
Two-factor checkpoint
A two-factor checkpoint requires two independent verifications to count as scanned — most commonly an NFC tag scan plus a GPS geofence match. The combination is significantly more fraud-resistant than either factor alone.
Definition
Two-factor (or multi-factor) checkpoints combine multiple verification technologies: typically NFC + GPS, sometimes NFC + Bluetooth beacon, occasionally QR + photo. The system records both factors on the audit trail and only counts the checkpoint as 'verified' if both pass. Failure of one factor produces a 'partial scan' event flagged for supervisor review.
Context
Two-factor checkpoints are increasingly required for high-stakes patrols: government facilities, financial institution branch security, pharmaceutical inventory rooms. Some compliance frameworks (CIS Controls v8 Safeguard 12.5) explicitly recommend multi-factor for physical access logging.
Anti-fraud use
Single-factor scans can be defeated: QR codes can be photographed and scanned remotely, NFC tags can theoretically be cloned (with effort). Two-factor closes the most common attacks: a remote QR scan won't pass GPS geofencing, a cloned NFC tag won't be at the right location. The cost is configuration complexity and, occasionally, false negatives in zones with poor GPS.