Buddy punching, one employee clocking in for an absent colleague, is the largest single source of attendance fraud, costing affected workforces an estimated 2–7% of total payroll. Fingerprint, RFID-card and PIN-based systems do not stop it: prints get shared, cards get lent, PINs get told. The only attendance methods that materially block buddy punching combine multiple independent verifiers, and the cheapest of those, in 2026, is mobile selfie + GPS + anti-spoof + geofence.
Why fingerprint machines don't stop buddy punching
Fingerprint readers verify a fingerprint was presented, not the right person was present. In production, colleagues routinely share prints, by physically touching the reader on each other's behalf, or by lifting and remoulding a print (a known and surprisingly easy hardware attack). Card-based systems are worse: cards are lent without ceremony. PIN-based clock-ins are the worst: PINs are simply told.
The structural problem is single-factor verification. Without a second independent signal (was this person physically at the work site at this exact time?), no first-factor verification of identity stops a determined buddy.
The real loss
Buddy-punching loss estimates from US and Indian payroll surveys cluster around 2–7% of total payroll cost in affected workforces. On a Rs. 50 lakh annual payroll, that is Rs. 1–3.5 lakh per year leaking out, and most of it is invisible, because the colleague clocking in just types a fingerprint and walks away. The loss compounds with overtime: a buddy-punched OT shift pays a full premium for zero hours of work.
The four-layer prevention stack
Stopping buddy punching requires the punch to verify all four of: (a) the right person, (b) at the right place, (c) at the right time, (d) on a real device. Modern apps combine the four:
- AI face liveness selfie, verifies a real, live face matches the enrolled template. Blocks photo / screenshot / mask / printed-face attacks.
- Geofence enforcement, verifies the device is physically inside the site perimeter, not at home or the parking lot.
- Anti-spoof GPS, mock-location flag, rooted-device, emulator and physics checks block fake-GPS apps.
- Device fingerprint cross-check, same device ID across days reduces opportunity for swap-attacks.
Any single layer can be defeated; all four together is practically untouchable.
What about kiosk mode and shared devices?
Kiosk mode, one shared tablet at reception running selfie + face match for the whole team, preserves all four signals when the tablet is fixed inside the geofence and runs in locked single-app mode. The same anti-spoof checks apply (the tablet itself is checked for root / emulator), and the face-match is per-employee. A colleague cannot punch for someone else because the face on the tablet's camera is checked against each employee's enrolled template.
Adoption, why honest reps welcome it
The common worry is that anti-fraud measures alienate honest staff. In practice, the opposite happens. Honest reps benefit when the gameable shortcut closes, their KPI rankings become accurate, their performance becomes visible, and the colleagues who were quietly free-riding on padded attendance are no longer doing so. In audited rollouts, adoption is 95%+ within two weeks, including unionised workforces.
Put this into production today
WappBlaster Attendance Suite ships everything described in this guide, selfie + GPS attendance, anti-spoof, geofence, multi-shift, payroll, leave, expense and reports, on published tiers (attendance from ₹2,100/year (7 staff), tiered adds for larger office headcount; field users priced separately), with free onboarding and a 3-day trial that needs no credit card. See the full product or start the free trial.
Compare alternatives: vs Truein · vs Jibble · vs Keka · vs greytHR · attendance & workforce glossary.
