Looking for Ideas in Time clock program software

Hi Experts,

I have a program that keeps information on time clock for employees daily schedule.

Each employee enters their name/initials and clicks a button that automatically saves the date/time user came and left.

Now our manager is concerned about fraudulent entries, meaning some employees will ask their friends to open the system and click for them..

Any idea how I can build in a security logic into the system to prevent this?

P.S. I know there are ready packages in the market with face/fingers recognition etc.. just wonder if we can make up something w/o the need to switch to third party software.
LVL 6
bfuchsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

yo_beeDirector of Information TechnologyCommented:
The only logic that will be bullet proof is biometrics.
I just looked online saw various fingerprint readers ranging low as $100 and going up to $400.  

Is your program home grown or purchased?
How do the employees record the entry?
Are you looking to slipstream this hardware into the the current program
Jeffrey CoachmanMIS LiasonCommented:
The issue here is SECURITY.

Access is NOT a very secure platform.

If your db is ever compromised, ...the attackers have the employee fingerprints *FOREVER*.

My suggestion is to leave things like this to the experts.
Get an off the shelf package that relies heavily on high level encryption, for this highly sensitive and "unchangeable" information.
Next to DNA, this is one of the most sensitive pieces of information you can collect on a person.

Unlike a password, ...you cant change your fingerprint/DNA, ...etc.

So again, ...once a hacker has this info, ...they have your (employee) identity information FOREVER...
bfuchsAuthor Commented:
@yo,_bee
The only logic that will be bullet proof

I'm actually not looking to be 100% (for the time being), just want to make it difficult to use someone else's credentials..

Are you looking to slipstream this hardware into the the current program
Perhaps I was thinking into such an approach..

However after viewing Jeff's wise comments above, I better stick out of this..

@Jeff,

Thanks for opening my eyes on the real security breaches..

Thanks,
Ben
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

Download eBook now!
akbCommented:
How about a security camera above the time clock system. Warn the staff that if they are caught defrauding the system they will be sacked. Even a dummy camera may be enough of a deterrent.
bfuchsAuthor Commented:
@akb,

We have already plenty of cameras in place, in addition to LanSchool software. apparently none of these is doing the job..

@All,
I thought of something, perhaps checking the IP of the computer from where they did clock in, and compare to the list of IP we have for that user in our list..

However that will not prevent users from going to someone else's pc and doing it from there.

Any suggestion to solve this?

Thanks,
Ben
Jeffrey CoachmanMIS LiasonCommented:
Checking the IP address would be a lot of work.
Especially when the IP/domain might change.
Besides, ...there should be only specific "dedicated" computers that will allow logins
Gustav BrockCIOCommented:
If each employee has their own machine, you could record the MAC address of this and set a filter that you have to log out before you can login using the same MAC address.

If one is logged in, he/she can't log another one in before logging out - and so on.

Of course, using two machines from outside, say a workstation and a laptop, you could fool the system.

/gustav

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
yo_beeDirector of Information TechnologyCommented:
Like I said to be bullet proof you need to implement something that you are unable to reproduce with only the user being present.

BioMeteric is the way.  There are systems out there that do not cost much to implement.
bfuchsAuthor Commented:
@Jeff,
Checking the IP address would be a lot of work.
We have the functions below that check for IP and Mac address.

Public Function getIPAddress() As String
    Dim s As String, i As Integer, strComputer As String
strComputer = "."
Set objWMIService = GetObject( _
    "winmgmts:\\" & strComputer & "\root\cimv2")
Set IPConfigSet = objWMIService.ExecQuery("Select IPAddress from Win32_NetworkAdapterConfiguration ")
For Each IPConfig In IPConfigSet
    If Not IsNull(IPConfig.IPAddress) Then
        For i = LBound(IPConfig.IPAddress) _
            To UBound(IPConfig.IPAddress)
                s = s & " " & IPConfig.IPAddress(i)
        Next
    End If
Next
getIPAddress = s
End Function

Open in new window

Public Function getMACAddress(Optional ByVal strComputer As String = ".") As Variant

    Dim objWMIService As Object
    Dim colItems As Object
    Dim objItem As Object
    Dim vResults As Variant
    Dim i As Long

    Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
    Set colItems = objWMIService.ExecQuery _
        ("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled = True")
    
    vResults = Empty
    
    If Not colItems Is Nothing Then
        If colItems.Count > 0 Then
            ReDim vResults(colItems.Count - 1)
            i = 0
            For Each objItem In colItems
                vResults(i) = objItem.MACAddress
                i = i + 1
            Next objItem
        End If
    End If
    
    getMACAddress = vResults
    
End Function
Public Function GetMACAddressSingle()

    Dim vMacs As Variant
    Dim vMACAddr As Variant
    
    
    vMacs = getMACAddress
    
    If Not IsEmpty(vMacs) Then

        For Each vMACAddr In vMacs
GetMACAddressSingle = vMACAddr
Exit Function
        Next vMACAddr
    End If
    
End Function

Open in new window


Are you referring it will put too much of stress on the pc?

Especially when the IP/domain might change
Right, I guess Mac will be a better idea like Gustav suggested.

there should be only specific "dedicated" computers that will allow logins
Why? Will that in some way help us in this case preventing fraud?

@Gustav,
Yep, your suggestion sounds good & gets us closer to secure the system..

@yo_bee,
I hear what you're saying, however I also saw Jeff's concerns about encapsulating the fingerprints in our DB, I doubt our manager will approve it.

Also as mentioned, we are not looking currently to switch system, rather considering options to enhance our system

@All,
I'm still open for suggestions (including covering up wholes left by prev suggestions), feel welcome to pitch in..

Thanks,
Ben
yo_beeDirector of Information TechnologyCommented:
I do not think the FP is stored in the Access DB I am pretty sure that is stored on the device.
Using that as the Key to unlock and send your record to the DB.

I would recommend that you speak to a sales engineer to validate this.

Since you are looking to switch systems this is a perfect time to look at the software that comes along with these readers.
bfuchsAuthor Commented:
@yo_bee,

We discussed with the manager, and looks like if start going in that direction he would go all the way, meaning purchase a software that keeps all clocking too..

So for the time being, I guess Gustav's suggestion is the way I would prefer to use,

@All,

However, re Gustav's suggestion above I'm concerned of the following.

Users may realize that the clock ins only work from their pc, and then they will easily beat the system, just ask the friend to go over to their pc and do login..

Any suggestions to cover this?

Thanks,
Ben
Gustav BrockCIOCommented:
> just ask the friend to go over to their pc and do login ...

He can't - not until the original user has logged out.

/gustav
bfuchsAuthor Commented:
Hi,

Let say someone (Mr A.) is late, they call up a friend and ask them to open his pc and login as Mr A.

Then when comes to log out in the end of the day Mr A has no problem logging off from his pc..

Thanks,
Ben
Gustav BrockCIOCommented:
Any system where you don't authenticate can be fooled.

/gustav
bfuchsAuthor Commented:
OK experts,

I guess if we want stay with our current app, MAC is the best solution like Gustav had suggested.

Thanks,
Ben
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Access

From novice to tech pro — start learning today.