Time & Attendance Tutorial

Author: Brian Rhodes, Published on Jul 18, 2013

Access Control is useful for more than unlocking doors. One of the best features is also rarely used: Time and Attendance logging. However, selecting the 'same old' door readers for can open several vulnerabilities to abuse. In this note, we look at Time & Attendance Readers for Access Control, describe what features they should have, and what problems arise if they are not properly implemented.

Time Logging is Central

*** ** *** **** ******** ******** ** *** ** *** time/date ***** ********** **** ***** ***** ** * ******. *** only ** ******* *** **** **** *****, **** **** ****** whose ********** *** **** ** **** ****, ********* **** ** the ******.

**** ******* ***** ** ******** ** '*****' * ****'* ******** through * ******, *** ******* * ******** ****** ** ***** a ****** *** ** * ***** ****. ***** **** **** even **** **** ******* ******* *** ********* ********* ******** ** ******* ***** **** **** *********.

Time ***** ********

**** ********** ***** ***********, **** *** ******* *** *** '**** logging' **** **** ******

**** ******* *** **** ** ****** ****. ******* ************ **** they ***** ***** *** *** **** **** **** ******* ** crucial, ** '****' ** ****** '*****'. ********* **** **** *** traditionally **** *** ******** ** ******* ******, ***** ******* ****** cards ** **** * *** **** ********* ******* *** ** a ***** ***. ******, "******** *** *********" ** * ****** ******.

*******, *** ****** ** *** ******* ****. ***** *** ********, abuse ** * ****, ***** ** ******** ******* **** **** only ***/*** ****. **** **** ** ******* ** *** ********* ** **** ** *** ********* ******. **** **** ** ********* **** ****/********** ********. ***** **** ****** *** primarily ******** ** ******* *** ********, *** ******** **** ******** from ****** * ***** ****** ** ********** ** **** ** **** calculating **** ******** ****, **** ****, ** ******** ***.

***** *** *** ****** *** **** & ********** ***** ***** setting ***** ******** ******* *** *** **** ******* ** ********* 'In' *** '***' ******* ** *** ******. **** * *** period ******, * ****** ** ******* ******* ******** ** ***** two *******, ******* *** '**' ******* *** *********** *** '***' intervals ******* ** ******** ****** ** **********.

Multi ****** ***** *****

** ***** ** ***** *** ******* ** '***** ********' (* risk *** ******* ******** **** '********'), **** *** ********** ******* ****** ******* ******** ************** *******, including *********** ** **** *******. **** '***** **************' ******* **** no *** *** ******** ************ ********** ** ******* ******.

**** ****** *** **** & ********** ******* ******* **********, ********* resembling *** ******** *****:

***** ***** ** ******* *** ********* **** ** '**********' ********* systems **** ******* ** *** ****** *********, *** **** ********* cost **** ********** **** **** ****** ********. *** ******* ****** need ** ********* ** ******* **** ****. ******* ********* ****** readers can ** **** ** **** **** ************ (*.*., *** *** **/******'* *** ***** **** *** *******).

Payroll ***********

**** *** ********* ****** '**** *** **********' ********, **** ** frequently **** **** ********** ****** *******. **** *** ******* **** format **** ** ** *** ** ******** ******** **** ******* systems ********** ** ****. *******, **** ** ********* * ****** *******, *** ********** or ******* ***** ******* *********** ** *** ****** ******** ** collect *******. *** ********** ***** **** ***********'* ******* ****** ****** ** **** *** ********** ****:

** ***** *****, '**** & **********' ******** *** ** ***** in *** ****** ********, *** ** ********** '******* ******' ** added ** *** ******** *** ****** ***********. **** ********** ******** becomes *** ******* ******* ********, ** ******** ** ***** ******* may **** ******** **** '***-********' ************.

****** **********-***** ********* ***** ********** '******** ******' *********, *********:

*****

*******: *** ***** ****** *** * ******* **** ****** *** ** you **** ** ***** ***** ********, **** *** ********** ********* readers ***** ******* ~$*** *** ~$**** ****, **** ****-******** ******* fingerprint ******* ******* ****** $*** ****. (*** *** ****** ** *********** ******* *** **** ******.) ******** ******* *** ** ******** *** ***** sites, *** ********* *** *** ****** ***** ******** ****** *********** or ********** ** ******* ***** *******.

***** ********:******* ***** ** *** * **** *** ********** ****** ***** from '****' ******* ** ~$****. **** ********* ***** * '** ********** ****' ********* ************* ** ***** ***** ******, *** *** **** **** be ******** ************ **** * ******* ********. 

******** ********:*** ***** ******** / *********** ****** ******** **** ********* *********, but ********* ***** ******* ~$*** *** ~$****, ********* ********* ** the **** ** * *******'* ******** ****** *** ****** ** sites **** ** *********. *** **** ********** ****** *******, ***** modules **** ***** ~$*,*** ****.

What *** *** *****?

***** ***** *** ** **** **** ***** ******** *** ** advantageous, ** ** *** ******* *****:

  • Clock *****: In effect, the EAC system clock serves as the payroll clock. While a variety of solutions for syncronizing/standardizing time exist, such as *** ********** ******* **** ******, *********** ******* *** *** ***** ********** can ****** *********** ********. **** *** ** **** *** **** and **********, ******* ****** **** ** **** **** *** ***** standard **** ** *****.
  • Single ****** ********: Or rather '******* *** **** **** ** *** ******'. ** * ****** ** **********, ** **** *** ****** drops *******, ** **** **** **** *****. *** ******* ** granting ****** ******* ******* ***** *** ***** ** ****** ** issuing ********** ****, ** ****** ******** ****** *** **** *** Attendance ********. *** ***** **** ** **** ** ***** ****** timeclock ** * ******, **** ** ****, *** *** *** time *** ****** ** *******, ******** ********* *** ********* *******.
  • Passback *********: For access systems using 'Anti-Passback' controls, logic discrepancies can cause low-level conflicts with Time Clock readers. If an employee 'scans In' to the timeclock, and then immediately 'scans In' to a normally secured door, the EAC system may generate an alarm or deny access unless the timeclock reader is isolated from passback rules. Given the large number or doors across multiple sites, or large populations of employees in a single system, these sort of errors can be common and hard to troubleshoot.

What *** *** ********?

*******, ** ***** **** ******** ***** ** *** *** ** host '**** *** **********' ********, *********:

  • Less ** ***, ********: While a single system can be a weakness, it can also be efficient. Many facilities prioritize the upkeep of facility access systems, and issuing a credential for access also means it can be used for payroll. The investment in one facility system can be leverage by another.
  • Expanded ******** ********: In normal use, if an employee has a security credential revoked in an EAC system, they immediately become invalid in the payroll system. In addition, tying the two systems together can prevent an unauthorized employee from gaining access to an 'Time In' reader before an allotted shift and help manage overtime payouts, and payroll hour allocations are enforceable by physical access controls. 

Comments (6)

*'** ***** **** ** ********** ***/** ******. ******** * **** seen *** **** **** **** *** ****** ******* **** ******** in * ******** **** *** ********** ******. **** *** ***** are **** ********** (******* ** *** ******) ** ********** *** time ******. ** *** ******* *** ***** ****** ** **** as ** *** ********.

*****, ** *********** *******, *** * **** *** **** ****** punch-in *** *****-*** ******** ***’* **** **** *** ********** ** all *****. ******** *&* ******* ******* ********* ********* *** ******** employee’s ********/******* ***** ** *** *** ** *** ***** **********: private (*****, ******’* ***********, ****** **** **** ***.) *** ******** (working *****, ********, ******** ****, ***.) ***** **** ** ** big **** ** ** ********** *********** *********’ *******. ****, ** you **** **** *&* ****** ***** ** ********** **** ** (payroll), *** *** ** (*********** ***** ** ** **** ********), you *** **** ****** ******* ******** *******, ******* ************** **** and *********** ****.

* ***** **** *** **** ***** ****** ***** *****, *** sometimes, ***** * ********* ******** ** * ************ ** *** have ** **** * **** **** ** ******. *** **** scenario, ** ********** ****** ****** * *&* ******** *** ** a *** ** ******* **** *******, ** ***** ** ******** one ***** *****’* **** ** ** * **** ** **** system, *** **’* * **** ** ******* **.

******** *&* ****** ***, ** **** **** ** **** *** 80´s ** ******* (******, ** *****). ******* ****** **** ** be *****, *** *** **** *** ***** ** ****** ********* (Pelco ******** ****, ******* ******** ******* *** ********* ******).

*** *&* ** **** ******* ******* ****** *** ****** ******* System *** ******* ** ** ***** ********** **** *** ** system. ***** ** *** **? ****** **** ** ***** *******. Mainly ******* ** **** ******** ***** ******* *** *** ********* were **** *** *** **** *********** *** ** ***********, **** it *** ******* ** ********* ********** ** *** ******. * have **** * ****** ** ******* ** ***** **** ** systems *** * *** *** *** ******** ** ****. **** you *** ** *** ********** ** *&* ** ********* ******* (card, ******, ***, ***) *** ***** ** **** ** *** same ******.

* **** ********* ******** *** *** ***** **** ****** ********* use *&* **** *****. ***** ****** ***** ** ** ****** condition ** **** ***.

*****,

******** *** ** ***** ******* ***** **** **** ******** *** the ***** ***** ** ********** **** ******* ***** *** *** system ** * **** *** ********** ******, *** *** ***** for *** ** *** **** ********** (****/***).

******** ***** *** ************ *** ** ****** ******** ** *** specific *********** ** *** "*****" **** **** ***** ** ** out. ***** **'* ********* ** ***** ***** ** *** ******* or *****. * *** ******* ***** ** ********** *** **** technology **** ****** *** ******* **** ******* ** ***** *** that.

* ********** **'* ********* ** **** *** "********" ********* *** you *** ******** ***** ********** ****** ****** ********* *** *** are ********* ***** ******* *****.

****

* & * ** * ********. ***** *** *** ***** of ****** ******** **** ********* ***** **** *** ******** ****** with ****** *** ****** ******* ** **** ***** (*** ********* the ********'* ***, *** **** *** ******). * **** **** involved ** *** ******** ***** * & * *** **** of *** *******; *** *** ******** *** ****** ******: *** access ******* ****** **** *** ******** **** **** ** *** source ******* *** *** ****** ******* ****** (****** ****** *****) and *** **** **** *** **** *** * & *. Since *** **** *** **** **** ** ** ** *** was ******** ** ***** *** ******* ***, **** ******* *********, and **** ******, ***** ***/** ** **** ****** **** *** early ********.

**** ***** *** * **** ** ******* **** **** **** was ****** ** *** **** ********** "******" ***** ******** ** manufacturers. * **** **** * ****** ** ************ **** *** biometrics *** **** *** ********** *** ******* ********* **** *** say *** **** ** ********** *** **** *** ******.

**** **** ** ** ** **-******* ***'* **** ** ** 3 ******* *** **** * ******** **.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on Tutorials

Glass Doors and Access Control Tutorial on Feb 22, 2017
The biggest challenge for many access control systems are glass doors. Here's what happens when a maglock is improperly installed to an existing...
Alarm Panels - Canned vs Integrated on Feb 07, 2017
Alarm control panels generally come in one of two types: Integrated alarm controllers, with controls and the keypad in the same...
Surveillance Cameras 2017 Review on Jan 02, 2017
This report concisely explains the developments and most common options for surveillance cameras offered in 2017, including resolution, H.265, HD...
Lux Rating / Minimum Illumination Guide 2017 on Dec 23, 2016
Lux ratings are one of the poorest specifications to use in selecting cameras. Now, with the rise of integrated IR, they are increasingly...
The PPF / PPM Video Surveillance Guide on Dec 23, 2016
Pixels per foot / Pixels per meter is the most fundamental and valuable, though imperfect, metric for specifying video surveillance image...
Surveillance Camera Imager Tutorial on Dec 23, 2016
Imagers - CCD, CMOS, 1/2", 1/4", big pixels, small pixels, etc. In this tutorial, we explain the fundamental issues and drivers in surveillance...
IR Video Surveillance Tutorial 2017 on Dec 21, 2016
Almost all surveillance cameras perform worse in low light than they do in the day time. One of the most common techniques to overcome this is to...
ONVIF Tutorial 2017 on Dec 19, 2016
ONVIF is well known within the surveillance industry as an interface to connect IP cameras and VMS systems but: Is ONVIF a 'Standard'? Why...
Lens Iris Tutorial on Dec 19, 2016
Cameras, like humans, have irises. However, cameras have five types of iris options - fixed, manual, auto, P iris. In this tutorial, we explain the...
API / SDK Tutorial on Dec 18, 2016
While Application Programming Interfaces (APIs) are key to 'open' platforms, they are frequently misunderstood and over-hyped in physical security....

Most Recent Industry Reports

Uniview (UNV) IP Cameras Tested on Feb 22, 2017
"We're #3," in China says Uniview (UNV). While the company significantly trails Hikvision and Dahua in total sales, one notable difference is that...
Glass Doors and Access Control Tutorial on Feb 22, 2017
The biggest challenge for many access control systems are glass doors. Here's what happens when a maglock is improperly installed to an existing...
Exacq Favorability Results on Feb 22, 2017
For years, Exacq has been one of the most frequently favored VMSes in IPVM integrator statistics (e.g., see Favorite VMS Manufacturers...
The Hot RMR Company - Electric Guard Dog on Feb 22, 2017
The financiers at the Barnes Buchanan conference praised a company named 'Electric Guard Dog'. While the name sounds fairly low tech, the money and...
Hikvision Leads Multi-Manufacturer Sales Promo on Feb 21, 2017
Earlier this month, Hikvision launched new 'super value' kits, with 40% discounts, and now Hikvision is offering another promo, but this time they...
Washington DC MPD's Surveillance Equipment on Feb 21, 2017
The Washington DC Metropolitan Police Department's surveillance system was hacked in January 2017. Two immediate questions were: Whose...
Hikvision Ezviz Mini 360 Plus - $80 Autotracking Camera Tested on Feb 21, 2017
Autotracking, integrated IR, local storage, full HD, cloud access: $80. That is the claim of Hikvision EZVIZ's new Mini 360 Plus. But for this...
Lenel Improving Customer Support on Feb 21, 2017
Lenel has faced significant criticism recently (see Lenel Partners Angry, Lenel Does Not Care, Worst Access Control 2016, Lenel Favorability...
'Dirty': Hikvision Attacks Genetec on Feb 20, 2017
Hikvision is angry at the growing public awareness that Hikvision is owned by the Chinese government. They took aim at Genetec,...
Directory of Alarm Company Brokers on Feb 20, 2017
Selling an RMR based business, such as alarm company, can be highly profitable, with acquisition prices of 36 to 48x RMR (equivalent to 3 to 4x...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact