Buddy Punching: What It Is And How To Prevent It

In 2017, a survey of approximately one thousand employees stated that 16% had clocked in for a friend or employee. Regardless of the reason, buddy punching is fraudulent behaviour. So, what can you do to prevent it?

Buddy punching is a common problem companies experience. In 2017, research showed that this method of time theft caused American employers more than $379 million every year. In this blog, we will go over what is buddy punching, how it happens, and what you can do as a business owner to prevent it.

What Is Buddy Punching?

Buddy punching is the act of one employee asking another employee to clock in or out for them. It can result in many different outcomes, all of which hinders business owners. Many employees may see this is trivial to have their friend clock them on time when they are going to be late. Nevertheless, there are some employees who abused this loophole by receiving overtime pay or by taking days off of work.

In 2017, a survey of approximately one thousand employees stated that 16% had clocked in for a friend or employee. Regardless of the reason, buddy punching is fraudulent behavior. In many cases, buddy punching can be grounds for termination of a contract, for both employees using this loophole to their advantage.

How You Can Prevent Buddy Punching

The use of time and attendance systems can minimize buddy punching and other forms of time theft. These systems have authentication methods to verify the identity of the employee punching in and out. Some methods work better than others, and combining multiple methods can provide stronger authentication.

All forms of authentication typically include one of these three approaches:

  • Something you know
  • Something you have
  • Something you are

Something You Know

Something you know (e.g. passwords, PIN) is the most common kind of authentication mechanism based on having the employee remember something and not disclose it to anyone else.

Unfortunately, while these systems are good at preventing a “bad guy” from impersonating a user (for example, to get access to a bank account), they fail where people collude to fool the system. Passwords and PINs are shareable and the system will allow clock-ins as long as the information is correctly entered.

Something You Have

Something you have (e.g. keys, RFID or proximity cards, and smart cards) relies on the employee always possessing the assigned object.

Similarly, these objects are shareable and an employee can easily carry another employee’s card, for example, to clock-in.

Something You Are

Something you are (e.g. fingerprints, retina scans) is based on what the employee is. This relies on something about the employee that does not change, like a fingerprint.

Yes, it is harder to fool a biometric device – as long as the initial biometric readings are correctly setup and the biometric device is secure against tampering or misuse. For example, if no one is supervising the biometric device, a simple internet search will reveal multiple ways to beat fingerprint biometric readers.

Solutions

To improve authentication methods, you can increase the security by “layering” techniques. However, it also adds to the cost and introduces more user errors. Sensors on biometric readers can fail due to dust, oil, or a simple band-aid on a finger. Replacing RFID cards or rekeying locks can be costly and take some time. Forgotten passwords typically don’t cost anything, but can be time-consuming. There is overhead in handling these errors and typically cause someone to spend time to solve.

You can still prevent buddy punching without needing authentication methods. The best way to do this is by setting expectations and a culture of respect, trust, and integrity from all staff. This way, employees remain honest, responsible, and transparent. You can also enforce this expectation by outlining guidelines in employee contracts or handbooks. By using these methods, you can eliminate buddy punching at a far lower cost and improve your bottom line.

You may also like…

What is Self Scheduling and its Benefits?

What is Self Scheduling and its Benefits?

Self-scheduling is a method of scheduling a workforce through the participation of employees. Is self-scheduling right for your company?
Workplace Privacy: An Employer’s Obligation to Their Employees

Workplace Privacy: An Employer’s Obligation to Their Employees

Employees have a right to privacy even when they're using company computers and mobile phones. Employers have an obligation to protect employee records. Workplace privacy can be a complex issue, so we've laid it all out for you.
The True Causes & Costs of Absenteeism in the Workplace

The True Causes & Costs of Absenteeism in the Workplace

Absenteeism is a minefield of different causes, costs, and effects. Whether you know it or not, you are likely throwing money away by not addressing it upfront in your organization. We've broken down the causes and costs of absenteeism, and what you can do to combat it in your organization.