Buddy punching — one employee clocking in for an absent colleague — is the largest single source of attendance fraud, costing affected workforces an estimated 2–7% of total payroll. Fingerprint, RFID-card and PIN-based systems do not stop it: prints get shared, cards get lent, PINs get told. The only attendance methods that materially block buddy punching combine multiple independent verifiers — and the cheapest of those, in 2026, is mobile selfie + GPS + anti-spoof + geofence.
Why fingerprint machines don't stop buddy punching
Fingerprint readers verify a fingerprint was presented, not the right person was present. In production, colleagues routinely share prints — by physically touching the reader on each other's behalf, or by lifting and remoulding a print (a known and surprisingly easy hardware attack). Card-based systems are worse: cards are lent without ceremony. PIN-based clock-ins are the worst: PINs are simply told.
The structural problem is single-factor verification. Without a second independent signal (was this person physically at the work site at this exact time?), no first-factor verification of identity stops a determined buddy.
The real loss
Buddy-punching loss estimates from US and Indian payroll surveys cluster around 2–7% of total payroll cost in affected workforces. On a Rs. 50 lakh annual payroll, that is Rs. 1–3.5 lakh per year leaking out — and most of it is invisible, because the colleague clocking in just types a fingerprint and walks away. The loss compounds with overtime: a buddy-punched OT shift pays a full premium for zero hours of work.
The four-layer prevention stack
Stopping buddy punching requires the punch to verify all four of: (a) the right person, (b) at the right place, (c) at the right time, (d) on a real device. Modern apps combine the four:
- AI face liveness selfie — verifies a real, live face matches the enrolled template. Blocks photo / screenshot / mask / printed-face attacks.
- Geofence enforcement — verifies the device is physically inside the site perimeter, not at home or the parking lot.
- Anti-spoof GPS — mock-location flag, rooted-device, emulator and physics checks block fake-GPS apps.
- Device fingerprint cross-check — same device ID across days reduces opportunity for swap-attacks.
Any single layer can be defeated; all four together is practically untouchable.
What about kiosk mode and shared devices?
Kiosk mode — one shared tablet at reception running selfie + face match for the whole team — preserves all four signals when the tablet is fixed inside the geofence and runs in locked single-app mode. The same anti-spoof checks apply (the tablet itself is checked for root / emulator), and the face-match is per-employee. A colleague cannot punch for someone else because the face on the tablet's camera is checked against each employee's enrolled template.
Adoption — why honest reps welcome it
The common worry is that anti-fraud measures alienate honest staff. In practice, the opposite happens. Honest reps benefit when the gameable shortcut closes — their KPI rankings become accurate, their performance becomes visible, and the colleagues who were quietly free-riding on padded attendance are no longer doing so. In audited rollouts, adoption is 95%+ within two weeks, including unionised workforces.
Put this into production today
WappBlaster Attendance Suite ships everything described in this guide — selfie + GPS attendance, anti-spoof, geofence, multi-shift, payroll, leave, expense and reports — on published tiers (attendance from ₹2,100/year (7 staff), tiered adds for larger office headcount; field users priced separately), with free onboarding and a 3-day trial that needs no credit card. See the full product or start the free trial.
Compare alternatives: vs Truein · vs Jibble · vs Keka · vs greytHR · attendance & workforce glossary.
