Loitering detection fires when an object stays within a zone longer than a set time — flagging the person who lingers by an ATM, the car parked too long at a kerb, the figure waiting near a fire exit. It builds on tracking and zones: the system keeps an object's identity over time and starts a clock when it enters the area, raising an alert if the dwell exceeds the threshold. It answers "has someone been here too long?" rather than "did someone pass?".
It is a standardised behaviour — the ONVIF Analytics specification defines a normative Loitering Detector — so the rule travels between conformant devices. The single most important setting is the dwell time, because it encodes what "too long" means for that specific spot: thirty seconds by a secured door, several minutes in a retail aisle. Tied to a class filter and a schedule, loitering detection surfaces intent that a momentary trip-wire would miss, which is why it is common in retail loss prevention and the protection of sensitive entrances.
The pitfalls are tuning and fairness. Set the dwell too short and every normal pause — reading a sign, waiting for a friend, queuing — becomes an alarm; set it too long and genuine casing or staging slips under the bar. Tracking must also hold the identity through partial occlusion, or the clock resets and a true loiterer is never flagged. And because loitering judges ordinary behaviour, deployments should avoid bias in where it is applied; it is personal data, generally not biometric, but still a surveillance decision that warrants care. This is engineering guidance, not legal advice.
