Payroll is one of a series of accounting transactions, dealing with the process of paying employees for services rendered, it is electronic software, where all the employee’s information is recorded and captured. Company’s experiences a lot of payroll fraudulent occurring by utilizing this payroll software which affects the company’s capital due to a high increased payroll cost.
Background and Motivation
Money being a valuable asset to the company, I have chosen to research more on payroll and how can the effective security level be implemented to enhance the security on payroll by the use of biometrics, as I believe in Physical Attributes identification like finger prints, palm prints, and facial.
To solve the security risks, biometrics technology (implemented in the ReCon Biometrics Keyless Identification Security System) uses physical attributes to identify an individual. This solution is ideal because biometrics authentication does not require the user to have any physical access objects present or remember any passwords. With ReCon Biometrics’s advanced facial recognition technology, we can now overcome many problems that other systems have encountered in the past (Rogan, 2002).
Rather than using personal identification because, as (Rogan, 2002) stated that in personal identification A Personal Identification Number (PIN) is another widely adopted means of authentication, and is a standard example that uses memorized passwords or pass codes. The advantage to this approach is that no physical means are required for authentication. However, this method still suffers from security risks if an unauthorized individual gains access to an authorized user’s PIN. Further complications can arise when authorized users forget or misplace a PIN.
“Turner, a payroll specialist for a large Florida nonprofit organization, was a sick man. Most employees who steal do so out of greed, but Turner had a different motive-he was HIV-positive and needed expensive drugs to control the disease. Turner’s duties included posting time and attendance information to the computer system preparing payroll disbursement summaries. Adding and deleting employee master records were separate tasks, performed by another staff member. As an additional safeguard, a supervisor approved all payroll disbursements, and the company deposited them directly into employees’ personal bank accounts. When the coworker who added and deleted master records logged onto the system, Turner peeked over her shoulder and noted her user ID and password. This enabled him to add fake master records-for “ghost” employees– to the system” (Wells and Joseph, 2002).
“Where there is money to be made, dishonest and unscrupulous individuals can find ways to bilk the system” (Michaels, 1998).
“As with any financial instrument, the key to success is prevention, and FIS continues to create new fraud prevention and monitoring tools as new trends develop” (Mccann, 2008).
A lot of money becomes missing and records being edited because of unauthorized users who hack the payroll system or being able to retrieve the passwords into accessing the payroll system, so the purpose of this research is to investigate the roots of hacking in the payroll so as to find a lasting solution to it and eliminate ghost employees.
It is intended that in this research a suitable biometric system will be introduced providing greater reliability and accountability, in order to enhance the security level of The INNOVATIONHUB’S VIP payroll and the staff.
1.2 Problem statement
Payroll encompasses every employee of a company who receives a regular wage or other compensation. Some employees may be paid a steady salary while others are paid for hours worked or the number of items produced. All of these different payment methods are calculated by a payroll specialist utilizing a payroll system, and the appropriate paychecks are issued.
So for an employee to get their paycheck a time sheet is submitted so that the payroll specialist can capture the data on the time sheet example number of hours worked, and then compute the salary for the employee, so companies often use objective measuring tools such as timecards or timesheets completed by supervisors to determine the total amount of payroll due each pay period. Payroll system is an electronically software that calculates employees salary.
The problem is that when employee’s fill in their time sheets or timecards, they easily forge their attendance of being present at work or working overtime knowing they did not, they do what is called “buddy punching” which is when an employee punches a time card for another person. This is done by employee’s reason being earning more money, or earning money even though they did not work for it, because we all want to get our hands on “money” this affects the company’s productivity and payroll cost.
However payroll specialists easily get away with fraud because, usual solutions to the problem of enhancing security is identity involve using systems that rely on what a legitimate user knows example, passwords or personal identification numbers or what a legitimate user possesses example , ID cards or keys.
“However, these methods are susceptible to fraud and security threats as they do not identify the person but simply identify the information that is provided by that person” (Gupta, 2008).
Companies need to have an absolute trust in the identity of their employees, customers, and partners that is, they are really who they say they are.
“Taylor Farm, a processing plant for bagging produce, was incurring 20 percent of payroll cost due to buddy punching” (Gupta, 2008).
Kahn et al (2002:57) found that the “System provides an automated, centralized back end payroll service with a full-featured web-based payroll system. Both aspects of the system have access to a central database, which includes, for example: profile information on employers and employees; timesheet, salary and hourly wage data; employee benefit data and information regarding third-party providers and miscellaneous payee”.
According to Krons (2010:109), “the YMCA was committed to keeping its payroll in-house and was looking for a flexible and configurable system that would enable it to do so efficiently. With Kronos, they have been able to cut payroll processing time by 50 percent largely due to the automation of payroll data from the time and attendance system into payroll. With more than 1,800 full- and part-time employees at 12 facilities across Ohio, many employees often perform multiple jobs in the same pay period. With Kronos, the YMCA is able to keep track of position management and ensure that payment is applied correctly”.
“After implementing a new time and attendance system for its labor intensive operation, Fantasy Cookie Co. has realized a 90% reduction in payroll errors and return on investment of one year” (Hitchcock, 1993:70).
“Some of the motivations to change payroll frequencies include best practice or industry standards, possible future sale or acquisition, cost savings, union contract requirements, or even employee requests” (2010:8).
My intention is to find a way by means of biometrics systems to enhance the security level on VIP payroll at The Innovation Hub and monitoring employee’s presence at work.
The primary goal of this study is to introduce Biometrics System for the security of VIP payroll at The Innovation Hub.
To investigate the security problems being encountered at the payroll and monitoring employee’s timesheet or timecards of the Innovation Hub
To find out what is the security system applied in the payroll of the Innovation Hub.
To explore the use of Biometric technology as a security system in this company to solve the security problems discovered.
1.3.3 Research questions
What are the security problems being encountered at the payroll of the Innovation Hub?
What is the security system applied in the payroll of this organization?
How does Biometric system can be applied to solve the security problems identified?
There are three types of payroll systems the first being the manual payroll system typically serves small medium and macro enterprise (SMME), and all this is done by hand with a manual payroll system.
Secondly being the In-house Payroll a company with up to 60 employees can benefit from a computerized in-house payroll system.
Thirdly is the external Service (outsourcing) company with more than 60 employees usually hiring an external payroll service. They are a separate firm that specializes in payroll processing.
“The basis of the definition supplied by Justice Buckley is that in order for a fraud to exist a lie must be told and something tangible obtained by virtue of the operation of that lie on the mind of the person receiving the information. That premise has been extended through common usage and the media so that now fraud is referred to as the obtaining of property through any dishonest means. Those means do not necessarily include the telling of a lie and can include what is considered corrupt activity by a person in authority” (Jarrod 2006).
“There is no easy fix for Social Security. No silver bullet or miracle accounting will painlessly fix the problem posed by our 70-year-old national retirement system. At a recent meeting in Washington, D.C., the ABA Government Relations Council reaffirmed a strategy first advocated by ABA in 1999. It calls for ABA to act as industry spokesman for reform, work with Congress on a bipartisan basis and support the creation of personal retirement accounts – those special accounts that would allow younger workers to place a portion of their payroll taxes in private retirement accounts they manage themselves” (Duke 2005:20).
Swart (2002:5-15) found that the “payroll systems are cumbersome and problematic, they require the use of a middleman payroll service to either send or calculate and send the employee’s net pay data to the bank, which increases costs to the employer. These cost are ultimately passed on to the employees and public, such systems also take significant amounts of time to acquire, transfer, translate and process all of the data required to determine and distribute net pay to the employee, and employees are therefore forced to wait one or two weeks before even receiving their paychecks another disadvantage of the prior art payroll system is the use of centralized data processing for calculation of net pay, such as used by ADP”.
The allegations ranged from accepting kickbacks, committing bank larceny against the Orleans Parish Credit Union, and forging and passing bad checks, to theft, income tax violations, insurance and mail fraud, as well as extortion.6 With encouragement from State Superintendent Picard, the New York-based firm of Alvarez & Marsal was selected in July 2005, by the Orleans Parish School Board and the Louisiana Department of Education, to address and resolve the district’s numerous systemic financial improprieties.7 Employees of Alvarez & Marsal immediately found significant payroll discrepancies estimated to cost the district approximately $12 million per year (Pamela & Frazier 2008). Systems that lack a secured authorization detector can end up being history to the owners and costly.
“HIGH-PROFILE payroll problems have plagued a $25 million PeopleSoft ERP implementation in the Palm Beach County School District in Florida after just five months of operation.Since the Oracle Corp. software went live in July, there have been numerous instances of employees being underpaid or not paid at all, said Mike Guay, a Carlsbad, Calif.-based consultant hired in early September to help fix the problems. In many cases, the payroll errors have caused significant hardship to workers, added Sharon Barmory-Munley, president of thse local office of the National Conference of Firemen & Oilers, a union representing more than 4,000 school district employees.In September, payroll problems prompted some 300 bus drivers to picket the school board. Other employees have complained to the U.S. Department of Labor, said Barmory-Munley” (Barton, 1992).
“It’s horrible, she said. Some people can’t pay their bills, mortgage payments are late, and they’ve ruined their credit. This is disastrous” (Marc, 2006), this report shows how serious and harmful the system can get if not resolved in time. Payroll Express Corp., a company that provided paycheck cashing services for about 100 corporate clients, has gone bankrupt, and owner Robert Felzenberg has been accused of diverting customers’ funds to its own uses. Payroll Express’ bank, United Jersey Bank (Hackensack, NJ), is being sued by some Payroll Express customers for not monitoring the business more closely and for allegedly ignoring and glossing over Payroll Express’ troubles. The bank says the charges are without merit” (Barton, 1992).
Not all of the IT specialist do the right job or what they are suppose to do, you find IT hackers who can do anything to get their hands on money, money being an object that everyone wants to get their hands on.
“A large local employer in a small town had its office burglarized. Nothing appeared to be taken but there was some vandalism. The company assumed it was just some kids. A few days later, on a late Friday afternoon, a group of about 20 people with heavy accents came into the local bank and cashed payroll checks drawn on the local employer. On Saturday, the same 20 people went back to each of the bank branches again cashing more checks. It was then discovered that these checks were forged. The blank checks had been stolen during the break-in. Encouraging or requiring businesses to use a Positive Pay System will prevent these losses. When using Positive Pay, the business customer provides the bank’s computer with check numbers and amounts before providing the checks to recipients” (Towle, 2010:17).
“There is no end to Queensland’s payroll debacle with a report finding it will take another six months to make critical fixes to the system and 18 months for it to be fully re-implemented.Queensland nurses and midwives were waiting for a formal response from the state’s health department after a report recommended sticking with the flawed system “(2010-2011:15).
“No matter what industry an organization serves, there is one common element – the customer. That customer can be external or internal. The key focus in having quality be part of everyone’s job is to make sure customer value is the primary purpose of the organization. Everyone in the organization should know the customers and what they consider important. All functions – accounting, payroll, information systems, engineering, sales – play a role in how these customers view the work. Tools such as customer survey analysis, best practice studies and publisher customer audits are used to determine what customers really want, as are graphs of customer complaints over a specific time period” (Whitarcre, 2001).
This study is very significant in the sense that there is a serious implication of financial security to the survival of any organization especially the InnovationHub.
Electronic security has also become a global issue in the discourse of a virile Information System, while the biometric system is a current security application of IT in the security system. The report of this work will also add to literature on the state of the art applications of IT study while the solution can be applied in all payroll systems.
1.5 Key words
Payroll, System, Access, Security, Biometric
Companies need to able to have absolute trust in the identity of the employees, that they are really who they say they are.
Fraud can occur in the payroll department in many ways. These can include (Journal of Trade, 2010):
phantom employees being paid;
fraudulent additions to approved time records;
increases in hourly rates;
payments of commissions, bonuses, or incentives that are added to an employee’s normal paycheck;
deduction reversals that add to an employee’s net pay;
illegal advanced earned income credit payments; and
Child support garnishments that are mailed to a “custodial parent” but never deducted from a paycheck.
“Identification is a one-to-many matching process that ascertains the existence of an individual in a database. This process merely determines that the person exists. If access control is predicated only on the existence of an individual, then the individual is given access to the system when the required identifier is found to exist in the access database. There is no confirmation or proof that the person who is given access is indeed the person who initiated the access procedure” (Chandra & Calderon, 2003).
Everyone is a potential fraud, and only careful hiring and strong internal control are effective in preventing fraudulent to the organization (Seidman, 1985).
Payroll accounting shows another area where authentication issues assume importance. The importance for effective authentication exists in at least three processes: time-keeping and attendance records, pick-up of paychecks, and linking employees to specific tasks in the organization.
“Three broad categories of factors that organizations use for automated authentication-possession, knowledge, and biometrics. Authentication can be predicated on a single factor (e.g., a password, a PIN, or a picture ID) or on multiple factors (e.g., password and picture ID, or PIN and picture ID). Vertical movements within the pyramid are associated with increases in the strength and focused nature of the authentication process. The likelihood that the verified identity is not that of the true owner also decreases with vertical movements in the pyramid” (Chandra & Calderon, 2003).
“The user must present a physical possession (such as a token or a key) to be authenticated. Though visible and usually portable, possessions can be lost, stolen, shared, duplicated, forgotten, or destroyed. Possession-based authentication factors provide assurance that a user presents a valid token or card. Within the context of an automated authentication process, these factors do not provide direct assurance that a user who is allowed access into an information system is indeed the person he or she claims to be. In the second category, the user provides information about his/her knowledge (such as, password, or passphrase). Passwords and other knowledge authentication factors are highly portable, invisible (unless written down), can be changed often, and can be designed to be relatively secure. However, they can be forgotten, reused, stolen, guessed, or shared. Passwords offer assurance that the person at the keyboard knows the password. They do not offer assurance that the person at the keyboard is indeed the person he/she purports to be” (Chandra & Calderon, 2003).
Fraud in payrolls always involves over statement of the total of the payroll, and usually involves either (1986):
Padding the payroll by including names of new employees before they started to work, or names of employees who have left, or names of men who are simply non-existent, or who exist but do not work for the company.
Overstating payroll footings, carry forwards etc
Failure to account for unclaimed wages, overpayments. Etc.
One private sector problem is what is called “buddy punching” which is when an employee punches a time card for another person. Taylor Farm, a processing plant for bagging produce, was incurring 20 percent of payroll cost due to buddy punching. (Gupta, 2008).
People are our business and managing such a large workforce that operates on diverse client sites is a challenge. We recognized that a standard time and attendance system that could provide as many access methods for clocking on as possible – biometric, internet, proximity, telephone – yet could be managed both centrally and remotely, was an essential requirement for our business (Pollitt, 2008).
The real cushion against fraud, however, is in the type of individual employed. This means concern not so much with an applicant’s technical background, as with human background. Things like his mode of living , his social habits, his family troubles, his financial stresses and strains all of these are vital in the fraud potential (Seidman, 1985).
“The construction foreman of a large chemical company is responsible for a maintenance crew of about fifty employees who include tradesmen and labourers. He is also responsible for the deployment of a large amount of tools and equipment for the repair and maintenance of the plant. The employees are permitted to work overtime. The foreman started his own handyman/small construction company specializing in week end work. To carry out this work he utilized the tools and equipment of his employer and the time for the labour of the employees engaged in this nefarious activity was paid for by the employer by way of overtime for working on the weekend. The foreman authorized their overtime cards, certifying they had worked the overtime for the company. Employees were paid for their work, but the foreman, who charged his private clients, did not have to pay any costs of the construction whatsoever.
The foreman’s behaviour was such that he obtained a financial advantage because hedid not have to pay for the labour of his workers or the tools and equipment he used onhis jobs. He was convicted of deceiving his employer into paying for the labour cost” (Bowditch, 2006).
The paymaster of a large technical company on the north shore was a trusted and valued employee until a co worker saw him driving a brand new Porsche on the week end. An investigation revealed that he had been systematically paying himself overtime at the rate of five times his regular salary. No subterfuge, he was just authorizing the payment to himself of more hours overtime than there are hours in the week. The fact that he could have got away with this brazen fraud for over twelve months showed a lack of any sort of control by management in the running of the company, and certainly no thought to fraud control (Bowditch, 2006).
The state sales manager for a leading liquor distributor was offering the clients on his run a special discount for cash. He was fulfilling the orders and obtaining the cash and writing an invoice and receipt from a loop he had installed in the company computer which had a program to generating the invoices, receipts and stock upgrades. He got away with hundreds of thousands of dollars until a physical reconciliation was done between the stock and sales figures and the crime discovered (Bowditch, 2006).
American businesses lose nearly $12 billion a year to check fraud, and small businesses are frequent victims of fraud artists, who consider them easy prey (Blackwood, 1998).
Don’t trust any person with money, always check on them and then check more.
3. Theoretical frame work
Using Autopoietic theory as a framework for biometrics
“Autopoiesis is a pseudo Greek word coined from Î±Ï…Ï„ó (auto) for self and Ï€óÄ±Î·ÏƒÎ¹Ï‚ (poiesis) for creation, production or forming that was first introduced by the
Chilean biologists Humberto Maturana and Francisco Varela in 1973 to denote the type of phenomenon they had identified as a characteristic that distinguishes living systems from other types of systems. They claimed that living systems are autonomous entities that reproduce all their properties through their internal processes. Later on this term was introduced into social theory as well as formal organization theory by Niklas Luhmann who claimed that social systems are systems of communication that emerge whenever an autopoietic communication cycle comes into being that is able to filter itself out of a complex environment” (Schatten, 2008).
“Luhman argues that there are three types of social systems: societal, interactional as well as organizational. Any social system has its respective information subsystem described through their communicative processes. Systems that are not autopoietic (systems that produce something other than themselves) are considered to be allopoietic (technical) systems” (Schatten, 2008).
This is how the theory of Autopoietic will be applied to my research, the theory which represents a framework for describing complex non-linear and especially living systems is described in a context of biometric characteristics. It is argued that any living system by performing an internal process of reproducing its structural components yields physical biometric characteristics. Likewise any living system when structurally coupling to another (eventually allopoietic) system yields a behavioral or psychological characteristic of the living system (Schatten, 2008).
It is revealed that a system that can be considered as autopoietic can potentially be measured, authenticated and or identified using biometric method, and thus biometrics is appropriate to any autopoietic system it can be people, social systems, organizations as well as information systems.
So biometric is a method of series, steps or activities conducted to practice biometric samples of some biometric feature usually to find the biometric feature’s holder or a special feature of the biometric sample.
A biometric template or extracted structure is a quantity or set of quantities acquired by a conscious application of a biometric feature extraction or preprocessing method on a biometric sample. These templates are usually stored in a biometric database and used for reference during the recognition, training or enrolment processes of a biometric system (Schatten, 2008).
The diagram below illustrates how the biometric technology will be intergrated with the payroll system, and this is how the autopoietic theory will be applied to my study.
Diagram of payroll system integrated with iris biometric device
Back up a data center
The time sheet detail is captured in the payroll system.
Time sheet (time in and out) about the employee is recorded.
Employee scans his or her Iris in the iris scan device.
The payroll specialist forwards the employees paycheck, using timesheet information from the captured payroll.
Paycheck is transferred by the finance department to the employee’s accounts.
This is an exploratory research because it is the goal of formulating problems more precisely, clarifying concepts, gathering explanations, gaining insight, eliminating impractical ideas, and forming hypotheses.
The method of data collection that I will use is qualitative method as “it is used when a question needs to be described and investigation in some depth, or examining the meaning of an experience” (Shields and Twycross).
How I will compile my research I will seek to interview those who are knowledgeable and who might be able to provide insight concerning the payroll system and monitoring of time sheets to verify employee’s presence at work.
I will interview 20% of the staff members and all the staff at the finance department and the payroll specialist, I will use audio tapes for recording my interviews and a method of transcripts of conversation.
Some of the questions I’ll ask the staff members:
Do you use any type of access to enter into your office or the building of the company?
What monitors your presence at work?
Do you submit weekly or monthly time sheet?
Who witness the time sheet?
Some of the questions I’ll ask the payroll department:
What attributes or information do you need to capture for a new employee?
How do you handle information of ex employee?
When do you do roll over of the payroll?
How are different leaves captured?
Some of the questions I’ll ask the finance department:
When do the employees receive their pay check?
How do you monitor costs of payroll, after how long?
I’m going to carry out my research at The Innovation Hub focusing on their VIP payroll system, time sheets and the clocking in and clocking out of work method used.
This is a brief introduction of my solution framework
Biometrics refers to the process of automatically recognizing a living person using his or her distinguishing, measurable traits. Biometric systems identify the person rather that what the person has (like ID cards) or what they remember (like passwords). The term biometric refers to the statistical analysis of biological phenomena and measurements and has been widely used to describe technologies used for personal identity management (Gupta, 2008).
Biometrics technology uses unique, measureable, human characteristics to automatically recognize and verify an individual’s identity.
Biometrics can measure both physiological and behavioural characteristics. Physiological biometrics is based on precise and accurate measurements of unique features of the human body, and includes:
Finger scan which matches the minutiae, pattern, ultrasonic or moiré fringe imprint, most common of all devices (Chandra & Calderon, 2003).
Facial scan is designed primarily to find close matches of particular facial features such as eyes, nose, mouth, cheekbones, chin, and forehead against a database of static facial images (Clodfelter, 2010).
Iris scan technology relies on the distinctly colored ring that surrounds the pupil of the eye. Irises have approximately 266 distinctive characteristics, including a trabecular meshwork, striations, rings, furrows, a corona, and freckles. Typically, about 173 of these distinctive characteristics are used in creating the template. Irises form during the eighth month of pregnancy and are thought to remain stable throughout an individual’s life, barring injury (Rosenzweig, 2004).
Retina scan a digital image of the retina of the eye is created to match the pattern against a live sample, scanning done by low-intensity light via an optical coupler (Chandra & Calderon, 2003).
Hand geometry relies on measurements of the width, height, and length of the fingers, distances between joints, and the shape of knuckles (Rosenzweig, 2004).
Behavioral biometrics (based on measurements and data derived from an action) include:
Voice recognition measures the wavelengths and frequencies of the voice (Chandra & Calderon, 2003).
Signature recognition traditional device, a behavioural device, it checks the way a person signs his or her name, and writes letters (Chandra & Calderon, 2003).
Keystroke recognition a behaviourable biometric device, it measures the force applied and the pattern used to push keys on a keyboard (Chandra & Calderon, 2003).
I will be utilizing the iris biometric system because:
Iris recognition technology is relatively easy to use and can process large numbers of people quickly.
The iris is the most unique identifier on the human body.
It is the most reliable form of biometrics. Iris patterns are unique and stable, even over a long period of time.
Furthermore, iris scanning and recognition systems are very user-friendly.
Less intrusive than retina scan, higher matching performance, works well with glasses, across ethnic groups.
Cite This Work
To export a reference to this article please select a referencing stye below: