Eliminating Fraud
Biometrics is a true friend to time, attendance for employers
- By Mohammed Murad
- Mar 01, 2018
The challenge of accurately
tracking who has worked, and
for how long, has exasperated
employers for centuries. It is
easy to see why—payroll is the
single largest cost for most businesses.
A study by the American Payroll Association
showed more than 75 percent of American
companies are hit by at least one form
of payroll fraud. 2017 research found U.S.
companies may lose $373 million each year
to one of the most common payroll scams.
Smaller companies are most at risk as they
have fewer resources to cover losses.
If there’s a way for people to scam a system,
you can bet someone will find it. Payroll
processing systems are no exception. For
employers, the challenge is staying one step
ahead of scheming employees.
The Old Ways
Pen-and-paper time records can be easily
forged or altered, sometimes to the benefit
of employers. Mechanical time clocks, in
use since the late 1800s and still being used
today, were an improvement, but they’re
slow and can lead to long lines as employees
punch-in at least twice a day. For the past 20
years or so, electronic clocks using ID cards
have been popular. Software lets human resources
import payroll data, reducing transcription
errors, increasing processing speed
and accuracy.
Interesting, but where’s the security industry
connection? Access control systems
have taken on a time-and-attendance role.
Access systems note when an employee arrives
and leaves the facility using either an
ID card or a PIN. Employees are likely to
already have a card or PIN for other identification
issues.
Cards and PINs can be easily shared,
especially for one common payroll scheme
known as buddy punching, which involves
one employee clocking in and out for another.
It might be for an hour, a day or an entire
week. A recent survey of 1,000 employees
found that 16 percent admitted to clocking
in for a colleague at least once.
The key to stopping buddy punching is
authenticating that the employee clocking in
is the one authorized to carry the card or use
the code. That’s where biometrics play a vital
role. You’ve probably heard the saying about
access control: A card is what you carry; a
PIN is what you know; biometrics authenticate
who you are.
Only biometrics can’t be borrowed, lost,
stolen or learned. Fingerprint, iris and facial
recognition systems integrate well with
human capital management software, accurately
capturing an employee’s daily hours.
All take only a second or two to authenticate
an employee’s identity. Biometrics are
very effective in deterring buddy punching
and other payroll fraud schemes—including
ghost employees, a situation where supervisors
and back office workers create non-existent
workers and pocket the pay.
Incorporating Technology
Major manufacturers of time-and-attendance
systems have begun incorporating biometrics,
typically fingerprint or iris readers.
Both technologies record enrollment data
then compare it to physical characteristics
unique to each employee.
However, there can be problems using
fingerprint technology in work environments
involving substances such as grease, mud and
paint—all capable of obscuring fingerprints.
Jobs involving manual labor can result in
finger cuts and scars. Both situations lead
to frequent rejections and the need for reenrollment.
Also, fingerprint recognition is
difficult in jobs where employees commonly
wear gloves, such as healthcare, food service
and warehouses.
Facial recognition technology also has
downsides when used for time and attendance,
changes in hairstyles, facial hair,
glasses, hats and other factors can affect accuracy.
However, iris recognition addresses each
of those challenges. The technology works
only with the iris, the colored ring around
the pupil of a human eye. It is fully formed
by one year of age and doesn’t change
throughout a person’s life. Also, every iris is
as unique as a snowflake. Even genetic twins
have different iris patterns. Few people can’t
use the technology, as most individuals have
at least one eye. Blind people have successfully
used iris recognition.
Iris recognition works with employees
wearing contact lenses, eye glasses and safety
goggles and no part of an employee’s body
touches the time and attendance system.
To enroll, employees stands about 18
inches from an industry-standard camera
and takes a picture of both irises. Integrated
software creates a template with more than
240 points of identification. The resulting
digital templates can’t be used to produce
any type of visual image to spoof the time
and attendance—or any other—system. This
is not a retinal scan, there are no bright lights
or lasers shined into a person’s eyes.
Upon arriving at work, employees stand in front of a reader that
compares the iris against those stored on the database. By using multiple
readers, employers can eliminate the long lines associated with
standard time clocks.
When most people hear about an iris recognition system they
might think of it being used at a military base, pharmaceutical manufacturing
facility or a high-rise office tower, but iris-based time and
attendance systems are being used around the world, often in very
surprising locations.
A Case Study
Here’s an example of how systems are being used in remote Turkish
fruit farms owned and operated by Anadolu Etap, one of Europe’s
largest juice providers.
Time and attendance is a major challenge in an area where employees
arrive daily looking for work. If hired, they might work a
few days then leave before returning a week or more later. Traditional
time-keeping systems are virtually impossible to manage.
The grower’s security integrator recommended trying smart cards.
But that wasn’t much help as authorizing, printing, distributing and
tracking cards for thousands of on-and-off workers continued the
human resources nightmare. Improper use of the cards, such as buddy
punching, threatened to cut into the company’s profits.
Next, Anadolu Etap tried fingerprint and facial recognition readers.
Scars, facial hair, glasses and protective gear ruled out those technologies.
This is when iris recognition technology got its chance, but
there were still challenges to overcome.
The system had to be easy for workers to learn and use. It had to
work in bright sunlight and in the wide temperature extremes found
in open fields. Those fields suffered frequent power blackouts and the
system needed to send daily time reports to Anadolu Etap’s Istanbul
headquarters.
During field tests workers had no problems using the system.
Small, three-sided shelters protected readers from direct sunlight.
The integrator installed heaters for the occasional cold morning. The
installation of uninterrupted power supply (UPS) units eliminated
blackout concerns.
In the Field
A wireless wide area network installed in each field communicates
with company headquarters via satellite. Using the WAN and the
biometric system’s integrated software, daily reports were received
and linked with the grower’s human resources module to automatically
calculate payroll.
Once a worker is in the system, it doesn’t matter how often he
leaves and returns. The system immediately recognizes him. Anadolu
Etap now has more than 10,000 enrolled workers, with more being
added almost daily.
Iris recognition systems still remain a top choice for protecting
sensitive locations and national identity, voter registration and border
crossings around the world, but recent reductions
in both product and deployment costs have
made using the technology a practical time and
attendance investment for organizations of almost
any size and in any location.
This article originally appeared in the March 2018 issue of Security Today.