Looking for Ideas in Time clock program software

bfuchs
bfuchs used Ask the Experts™
on
Hi Experts,

I have a program that keeps information on time clock for employees daily schedule.

Each employee enters their name/initials and clicks a button that automatically saves the date/time user came and left.

Now our manager is concerned about fraudulent entries, meaning some employees will ask their friends to open the system and click for them..

Any idea how I can build in a security logic into the system to prevent this?

P.S. I know there are ready packages in the market with face/fingers recognition etc.. just wonder if we can make up something w/o the need to switch to third party software.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
yo_beeDirector of Information Technology
Commented:
The only logic that will be bullet proof is biometrics.
I just looked online saw various fingerprint readers ranging low as $100 and going up to $400.  

Is your program home grown or purchased?
How do the employees record the entry?
Are you looking to slipstream this hardware into the the current program
Jeffrey CoachmanMIS Liason
Most Valuable Expert 2012
Commented:
The issue here is SECURITY.

Access is NOT a very secure platform.

If your db is ever compromised, ...the attackers have the employee fingerprints *FOREVER*.

My suggestion is to leave things like this to the experts.
Get an off the shelf package that relies heavily on high level encryption, for this highly sensitive and "unchangeable" information.
Next to DNA, this is one of the most sensitive pieces of information you can collect on a person.

Unlike a password, ...you cant change your fingerprint/DNA, ...etc.

So again, ...once a hacker has this info, ...they have your (employee) identity information FOREVER...
@yo,_bee
The only logic that will be bullet proof

I'm actually not looking to be 100% (for the time being), just want to make it difficult to use someone else's credentials..

Are you looking to slipstream this hardware into the the current program
Perhaps I was thinking into such an approach..

However after viewing Jeff's wise comments above, I better stick out of this..

@Jeff,

Thanks for opening my eyes on the real security breaches..

Thanks,
Ben
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

How about a security camera above the time clock system. Warn the staff that if they are caught defrauding the system they will be sacked. Even a dummy camera may be enough of a deterrent.
@akb,

We have already plenty of cameras in place, in addition to LanSchool software. apparently none of these is doing the job..

@All,
I thought of something, perhaps checking the IP of the computer from where they did clock in, and compare to the list of IP we have for that user in our list..

However that will not prevent users from going to someone else's pc and doing it from there.

Any suggestion to solve this?

Thanks,
Ben
Jeffrey CoachmanMIS Liason
Most Valuable Expert 2012

Commented:
Checking the IP address would be a lot of work.
Especially when the IP/domain might change.
Besides, ...there should be only specific "dedicated" computers that will allow logins
Most Valuable Expert 2015
Distinguished Expert 2018
Commented:
If each employee has their own machine, you could record the MAC address of this and set a filter that you have to log out before you can login using the same MAC address.

If one is logged in, he/she can't log another one in before logging out - and so on.

Of course, using two machines from outside, say a workstation and a laptop, you could fool the system.

/gustav
yo_beeDirector of Information Technology

Commented:
Like I said to be bullet proof you need to implement something that you are unable to reproduce with only the user being present.

BioMeteric is the way.  There are systems out there that do not cost much to implement.
@Jeff,
Checking the IP address would be a lot of work.
We have the functions below that check for IP and Mac address.

Public Function getIPAddress() As String
    Dim s As String, i As Integer, strComputer As String
strComputer = "."
Set objWMIService = GetObject( _
    "winmgmts:\\" & strComputer & "\root\cimv2")
Set IPConfigSet = objWMIService.ExecQuery("Select IPAddress from Win32_NetworkAdapterConfiguration ")
For Each IPConfig In IPConfigSet
    If Not IsNull(IPConfig.IPAddress) Then
        For i = LBound(IPConfig.IPAddress) _
            To UBound(IPConfig.IPAddress)
                s = s & " " & IPConfig.IPAddress(i)
        Next
    End If
Next
getIPAddress = s
End Function

Open in new window

Public Function getMACAddress(Optional ByVal strComputer As String = ".") As Variant

    Dim objWMIService As Object
    Dim colItems As Object
    Dim objItem As Object
    Dim vResults As Variant
    Dim i As Long

    Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
    Set colItems = objWMIService.ExecQuery _
        ("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled = True")
    
    vResults = Empty
    
    If Not colItems Is Nothing Then
        If colItems.Count > 0 Then
            ReDim vResults(colItems.Count - 1)
            i = 0
            For Each objItem In colItems
                vResults(i) = objItem.MACAddress
                i = i + 1
            Next objItem
        End If
    End If
    
    getMACAddress = vResults
    
End Function
Public Function GetMACAddressSingle()

    Dim vMacs As Variant
    Dim vMACAddr As Variant
    
    
    vMacs = getMACAddress
    
    If Not IsEmpty(vMacs) Then

        For Each vMACAddr In vMacs
GetMACAddressSingle = vMACAddr
Exit Function
        Next vMACAddr
    End If
    
End Function

Open in new window


Are you referring it will put too much of stress on the pc?

Especially when the IP/domain might change
Right, I guess Mac will be a better idea like Gustav suggested.

there should be only specific "dedicated" computers that will allow logins
Why? Will that in some way help us in this case preventing fraud?

@Gustav,
Yep, your suggestion sounds good & gets us closer to secure the system..

@yo_bee,
I hear what you're saying, however I also saw Jeff's concerns about encapsulating the fingerprints in our DB, I doubt our manager will approve it.

Also as mentioned, we are not looking currently to switch system, rather considering options to enhance our system

@All,
I'm still open for suggestions (including covering up wholes left by prev suggestions), feel welcome to pitch in..

Thanks,
Ben
yo_beeDirector of Information Technology

Commented:
I do not think the FP is stored in the Access DB I am pretty sure that is stored on the device.
Using that as the Key to unlock and send your record to the DB.

I would recommend that you speak to a sales engineer to validate this.

Since you are looking to switch systems this is a perfect time to look at the software that comes along with these readers.
@yo_bee,

We discussed with the manager, and looks like if start going in that direction he would go all the way, meaning purchase a software that keeps all clocking too..

So for the time being, I guess Gustav's suggestion is the way I would prefer to use,

@All,

However, re Gustav's suggestion above I'm concerned of the following.

Users may realize that the clock ins only work from their pc, and then they will easily beat the system, just ask the friend to go over to their pc and do login..

Any suggestions to cover this?

Thanks,
Ben
Most Valuable Expert 2015
Distinguished Expert 2018

Commented:
> just ask the friend to go over to their pc and do login ...

He can't - not until the original user has logged out.

/gustav
Hi,

Let say someone (Mr A.) is late, they call up a friend and ask them to open his pc and login as Mr A.

Then when comes to log out in the end of the day Mr A has no problem logging off from his pc..

Thanks,
Ben
Most Valuable Expert 2015
Distinguished Expert 2018

Commented:
Any system where you don't authenticate can be fooled.

/gustav
OK experts,

I guess if we want stay with our current app, MAC is the best solution like Gustav had suggested.

Thanks,
Ben

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial