OCEAN CITY — Some resort businesses are on alert for a relatively new scam called “buddy punching,” and while the name suggests horseplay in the workplace or hazing, it’s a serious theft scheme that could and does costs thousands of dollars.
In simplest terms, buddy punching refers to the practice of an employee utilizing a clock-in, clock out system, typically the point-of-sale computer systems, to punch in their friends, co-workers or roommates when they are not working those hours or even that day.
Most cases involve just a couple hours here or there over the course of a week or payroll period, but if multiple employees are involved, it can quickly add up to thousands of dollars in lost wages. Over the course of a summer season, it could and does add up to tens of thousands of dollars in lost profits.
At the request of a handful of businesses in town that have suspected the buddy-punching activity, a local private investigation company has been probing multiple suspected cases over the last few weeks. The lead private detective, who preferred to remain anonymous because the investigations are active and ongoing, said the scam is popping up with increased frequency in the resort, especially with most businesses ramping up their staffs with seasonal employees.
The detective said his investigations thus far have focused on the foreign student-workers, or J-1s, because that’s where it appears most prevalent. However, he stopped short of singling out any one group and said the scam can be carried out by any groups of young people who tend to work and live together.
“They tend to live together and they tend to work at the same businesses or multiple businesses,” he said. “An employee might clock themselves in and clock in their friend or co-worker at the same time, even if the co-worker is coming in hours later, or maybe not at all that day. It can also work the other way when one employee might leave at 8 p.m. and another is staying until 1 a.m., but the latter can clock out his or her friend hours later.”
Many businesses utilize a simple point-of-sale computer system that also serves as the time clock and in most cases, an employee clock-in code can be a simple two-digit number.
“They are able to defeat the computerized time clock point-of-sale log-in systems,” the private detective said. “In many cases, it might just be a two-digit clock-in number and many of them know their co-worker’s numbers. In some cases, they might just be one digit apart because they were hired at the same time and put into the system at the same time.”
It’s up to business owners and managers to be vigilant and monitor who is scheduled to work and what employees are clocked in, but it isn’t always as simple as that. Smaller businesses are less susceptible naturally because they have more manageable staffs, but the larger employers might have hundreds of employees working during a given shift in the summer.
In addition, most of the point-of-sale clock-in systems produce a weekly or biweekly payroll report and the business owners or on-site managers don’t always write paychecks for the employees, especially in the larger businesses, according to the private detective.
“One of the problems is many businesses ship out payroll to a third-party payroll company that wouldn’t necessarily know how many employees worked how many hours,” he said. “An owner or manager who tabulates hours worked and writes paychecks would likely know so and so did not work 87 hours that week, but a third-party payroll company would have no way of knowing that.”
It doesn’t take higher math to determine how the theft scheme could escalate quickly. If each employee swiped just one hour a day over the roughly 100 days of the summer season, it could quickly add up to 1,200 hours of lost productivity.
Even at a modest wage of $10 per hour, that could quickly become $12,000 in stolen wages. That example is just based on a handful of employees working in cahoots to steal a couple of hours of pay each day. In other cases, employees are clocked in for entire days when they didn’t work or may even be double-dipping and working somewhere else.
“You can see how this can add up quickly,” the private detective said. “It’s a pretty big deal. In one of our cases, an employee was clocked in at one business and was actually working at another business down on the Boardwalk.”
The early investigations have focused on the foreign student-workers, but that does not mean it is not being carried out by other groups of young workers as well. In either case, the employees are savvy enough, and perhaps more importantly, dishonest enough, to figure out how to work around the system.
“They are capitalizing on being new employees maybe with language barriers and maybe they pretend they don’t know how the system works,” he said. “They feign ignorance and that is was a simple mistake, but in most cases, they know exactly what they’re doing. They are testing the system and the owner or manager’s vigilance.”
The private detective company has shared its early findings with the Ocean City Hotel-Motel-Restaurant Association (OCHMRA), which is now keenly aware of the fraud scams being carried out in some businesses. OCHMRA Executive Director Susan Jones said this week it is a potentially scary phenomenon that requires extra vigilance by business owners and managers.
“We were recently made aware that this type of practice is happening in our town and, I must say, it’s an alarming scenario to think that anyone would be so dishonest,” she said. “A quick fix could be as simple as getting a fingerprint reader attachment for the workplace computer.”
The private detective also suggested businesses tighten up their clock-in, clock out procedures by requiring more complex employee codes, or perhaps information an employee might not want to share with co-workers and roommates, such as the last four digits of one’s social security number. The detective also said fingerprint reader technology is readily available at a fairly reasonable price for those businesses that suspect they might be falling prey to the scam.
In the meantime, the OCHMRA has sent out a blitz email to its members warning them of the growing scam and urging them to be more vigilant.
“A significant loss to business profits could be contributed to buddy punching, a well-known theft scheme to defraud the time clock record-keeping process and steal salary by hourly employees,” the memo reads. “Buddy punching occurs when an employee gets another employee to ‘punch’ the time clock for them, either because they are late or because they are absent. What appears as small amounts of time over the traditional work week can add up to thousands quickly as multiple employees work together to defraud the business.”
The OCHMRA memo, based largely on the findings of the private investigations, agrees the fraud scheme tends to pop up in instances when young, seasonal workers live and work together.
“Reports in Ocean City suggest that the cohabitation of student workers who tend to live together in multiple-bed accommodations could provide a breeding ground for the theft scheme to grow exponentially,” the HMRA memo reads. “These same roommates also tend to work for many of the same employers, allowing their buddies to defeat the time clock systems and work flows.”
The memo also agrees many seasonal employees might just now be testing the limitations of their employers’ computer systems.
“Have you had employees begin to clock others in and out and then claim to have made simple mistakes?” the memo reads. “Make no mistake, your systems are being tested.”
The private detective pointed out misdemeanor theft starts at $500 and anything over $500 becomes felony theft. With potentially hundreds of work-hour swiped over the course of the season, clearly the scam can elevate to felony theft and felony theft conspiracy rather quickly.