M2SYS Blog On Biometric Technology

Yesterday, Fujitsu and M2SYS hosted a webinar on how palm vein biometrics can help strengthen PCI and Workforce Management (WFM) Compliance. We discussed some common challenges that PCI and WFM non-compliance create as well as how businesses need to identify technology applications that will help to lower risk and create efficiencies.  In addition, we covered discussed how palm vein biometrics can:

1.  Replace complicated passwords with a palm scan

2.  Increase record storage security

3.  Establish significant cost savings

4.  Stop employee buddy punching

5.  Improve productivity

6.  Create a concrete audit trail

7.  Reduce payroll errors

8.  Strengthen labor law adherence

A copy of the slides are available on SlideShare by clicking here.  If you would like to hear an audio recording of the webinar, please click on the video below:

The negative effects of employee time theft on a company are well documented.  Time theft not only drains profits but it can also lower employee morale, stifle accountability and damage loyalty.  Despite these facts, employees who are overly productive at work may feel that they are entitled to occasionally sneak a couple of extra minutes here and there on breaks or during working hours because they more than make up for it through high productivity.  Their philosophy about time theft is rooted in the misconception that performance above and beyond standard job responsibilities and exceeding established expectations is somehow entitlement to steal time.

Not only is this a fallacy and a ridiculous justification of time theft, but what these employees may not realize is the ripple effect that this type of rationalization can have on other staff through the power of influence.  Overly productive employees tend to be role models within a working environment by setting a good example and proving that with dedication, focus and determination, goals can be met and exceeded.  As role models, they are closely watched by other employees who want to be successful and move up the ladder, mimicking their habits and copying their actions with the hope that it will help them to become more productive too.  However, if a model employee sets an example that occasional time theft is earned by being overly productive, they send the wrong message to others that may be following in their tracks exacerbating the problem and multiplying the negative effects in can have on a company.

As we stated in a blog post last month and a recent White paper on the detrimental effects of time theft,

“If everyone in a 100 employee organization took a 15 minute extended lunch each day, that would equate to 1,200 free vacation days per year.”

Justifying employee time theft due to high levels of productivity is a dangerous practice because of the impression that it can leave on other employees and ultimately the negative repercussions it creates for a company.  Instead, be proactive about publicly recognizing and rewarding employees for exceeding expectations to set an example that outperforming goals while following the rules is ethical and a strong motivator to quickly advance in a career.  Work quickly to quash employee habits that center on strong production but occasional time theft so they do not spread to others.

What strategies have you used to stop time theft from highly productive employees?

M2SYS and Fujitsu will be offering a free webinar on August 30th from 2:00 to 2:30pm EST, 11:00 to 11:30pm PST on how palm vein technology can help to strengthen workforce management and PCI compliance.  The webinar will cover how using biometric palm vein technology to strengthen compliance can: help replace passwords with a palm scan, increase record storage security, establish significant cost savings, stop employee buddy punching, improve productivity, create a concrete audit trail, reduce payroll errors and strengthen labor law adherence.

Federal Courthouse

Biometrics is a Growing Identification Technology

It’s no secret that biometric technology deployments are on the rise.  Increasingly, retailers are catching on to the unique benefits and security that biometric technology offers to positively identify an individual by their physiological characteristics instead of through ID cards, personal identification numbers or passwords.  The rapid growth of biometric technology seemed to begin shortly after we shifted into a society aggressively focused on safety and security in the wake of the rise in global terrorism.  Biometrics was soon recognized as the only technology that could tell with near absolute certainty that someone was who they claimed to be.  Governments were the first to actively use biometric identification to secure their intellectual and physical property and then slowly expanded to border control and public safety.

The progression of biometric technology didn’t stop solely with security deployments though; it kept on growing and progressing.  As price points dropped and the technology became more refined, deployments began to shift to the private sector as companies took notice that biometrics had strong potential to help them with problems like employee time theft, inventory shrink, identity theft, compliance and fraud.  Widespread adoption by the private sector fueled the growth of biometric systems designed to positively identify individuals to prevent these problems and with this growth came increased scrutiny of the technology (specifically how individual biometric data was stored and what it may be used for other than identification) by Privacy advocates and proponents of civil liberty protection.  Their feelings are that biometric technology violates individual privacy without a 100% guarantee that templates are safely stored and unable to be stolen and governments are not using the data to track citizens interacting with a system and subsequently disseminating the information collected to external bodies.

These arguments are strong but perhaps a closer look at how the technology works would help uncover some answers to these concerns and clear up some misconceptions about biometric technology.

The Privacy Issue – How Does Biometric Technology Actually Work?

Most people believe that when an individual places their finger on a fingerprint reader to register their identity in a biometric system, an image of their fingerprint(s) is stored somewhere on a server or a computer.  In actuality this is typically not the case.  Instead, the biometric matching software extracts and stores what is known as an identity template.  This is a mathematical representation of data points that a biometric algorithm extracts from the scanned fingerprint.  The biometric identity template is simply a binary data file, a series of zeros and ones.  The algorithm then uses the template to positively identify an individual during subsequent fingerprint scans.  No image is ever stored or transmitted across a network.  In addition, the algorithm is “one way” which means that it is nearly impossible to recreate the original biometric image from the template.  In other words, it is nearly impossible to reverse engineer the data that is sent to positively identify an individual and successfully “steal” their biometric identity.

Understanding these processes is central to realizing how the danger of identity theft or a security breach is significantly lessened, if not completely eliminated, through the use of a proprietary algorithm with no stored image and data encryption.  Biometric templates are also not linked to anything in a closed system that can positively identify an individual outside of that system.

However, privacy advocates strongly feel that the idea of capture, storage and use of biometric data (specifically by governments either through mandated deployments for social services/social issues or request of data and records from private business) to assemble a comprehensive citizen knowledge base and thus exercise covert control of society in general is a violation of individual privacy and proves to be a valid point.

Can an Employee Claim that using Biometric Technology is a Violation of Their Privacy?

If you adopt biometric technology for time and attendance, access control or another deployment within a business, do employees have a right to refuse participation on the grounds that it violates their privacy and/or individual civil liberties?   It brings up an interesting question.  Without irrefutable proof that a biometric database can’t be hacked into and the templates reverse engineered into images, if an employee did decide to decline participation, would they be able to prove their claim that the technology did in fact violate their civil liberties?

There have not been any known cases here in the U.S. of an employee taking their employer to court for their refusal to enroll in a biometric identification system that resulted in wrongful termination or a violation of their equal opportunity rights.  However, shouldn’t biometric information be treated as any other personally identifiable data that an employer keeps on file like social security numbers, pictures, or bank information if you request a direct deposit?  Information that, if stolen, could be used to recreate you as a person?  Most companies already have policies in place that govern the safe protection of this data and biometrics should arguably be included and not treated any differently.  It should be treated the same way as the data you have already given up and is stored just by being an employee of the company.

Most employers also monitor their employee’s activities while they are at work which could include video, email and telephone monitoring.  An employee is then asked to sign that they received and read the employee manual that explicitly states their acknowledgement that they will be monitored throughout their employment tenure.  Remember that this is not a request for permission to be monitored; it is an agreement that the employer will be doing it.

It is also important to note if you have a Twitter or Facebook account, purchase on the Internet, use credit cards at brick and mortar establishments, subscribe to publications on the Internet, have any form of insurance or bank account, etc. you no longer have any privacy. If you use one or more credit cards, the credit card company knows where you eat, what you eat, what kind of car you drive, where you live, what insurance you have, where you spend your vacations, what you read, how much you spend on shoes and more.  If you use most social media platforms, you have publicly given up every bit of privacy you ever had.    Although these are personal preferences, it makes the argument hard to justify that enrollment in a biometric system is any more egregious that most of the other daily online and offline activities that we participate in.       

The problem of employee time theft and how to rectify it is starting to gain traction with employers across the world.  As we pointed out in a recent White paper about eliminating time theft and increasing profits with PC-based biometrics, employee theft directly causes 1/3 of all corporate bankruptcies in the U.S. and of the many ways that employees bilk their employers, time theft is often considered one of the most preventable.  In a fiercely competitive global economy where employee efficiency and productivity are often key catalysts in the success or failure of a business, this is a particularly important subject to understand and address.

At its core, time theft doesn’t appear to be an overly egregious violation.  An employee shows up a few minutes late for work, takes 2 extra minutes for lunch or on a scheduled break each day and no one notices or really cares.  After all, what’s a couple of minutes of lost time going to mean in the grand scheme of things, especially if they work for a company that realizes billions of dollars per year in revenue?  Breaking down the numbers can provide a closer look at how much a few seconds or a few minutes can add up over the long term, as reported in our White paper:

“Employees taking lunch breaks just 15 minutes past their allotted time can equate to about an extra day of vacation per month, every month.”

“If every employee in a 100 employee organization took a 15 minute extended lunch each day, that would equal 1,200 free vacation days per year.”

Plugging holes in internal infrastructure can also help stop profits from bleeding due to employee time losses.  If an organization uses manual login procedures, entering a personal identification number (PIN) can take a few minutes each day if you add up clocking in/out with lunch and regularly scheduled breaks.  We estimated that for a company with 150 employees, this can translate into 18.5 days lost each month due to manual login procedures.

Cal Poly Pomona University recently switched over to using a PC-based biometric time and attendance interface and estimated that it saved their employees at least 2-3 minutes per day and boosted productivity significantly.

If you have not had the opportunity to review our White paper, it’s an easy read and will leave you smarter about the topic of strategies to eliminate time theft and boost employee productivity and accountability. The numbers tell the story.

What other strategies have you used to help lower time lost for your employees that have been successful?