Temporra Temporra ← Back to Temporra

How to Stop Buddy Punching on UK Construction Sites

The Temporra Team · 6 July 2026 · 7 min read · Resources

Buddy punching — one worker clocking in for another — is a problem every site manager has seen and almost nobody measures. Here's why construction sites are so exposed, what it genuinely costs, and the ladder of fixes — from a signature on a damp sheet of paper to facial-recognition clock-in that stops it outright.

What buddy punching is — and why construction sites are exposed

Buddy punching is simple: a worker who isn't on site gets clocked in by a colleague who is. Sometimes it's deliberate and organised. Far more often it starts innocently — "sign me in, I'm ten minutes out" — and quietly hardens into a habit. Either way, you pay for hours nobody worked, and your site records stop telling the truth.

Construction is more exposed than almost any other industry, for structural reasons:

What it actually costs

We're not going to quote you a scary percentage. Plenty of articles do, and very few of those figures can be traced back to a real study. The honest answer is that the cost has three parts, and you can estimate each for your own firm better than any statistic can:

  1. Paid, unworked hours. The direct one. Every fifteen minutes clocked before a worker actually arrives — or after they've left — goes out in wages at the full loaded rate. Where those minutes tip someone into overtime, they go at a premium.
  2. Distorted job costing. Labour hours are how construction firms price work. If the recorded hours on a job include time that was never worked, the job looks less profitable than it was — and the next tender you price from that data inherits the error.
  3. Health & safety and roll-call risk. Your attendance record doubles as your emergency roll-call. If it says someone is on site who isn't, a fire marshal may hold an evacuation looking for a worker who's at home. The reverse is as bad: someone genuinely on site but not on the register is invisible in an emergency. Inaccurate records also undermine induction and competence trails after an incident.
A timesheet isn't just a payroll input. On a construction site it's also your emergency roll-call, your job-costing record and part of your compliance trail. If it's wrong, all three are wrong.

The ladder of fixes, weakest to strongest

The ladder below runs from methods that prove almost nothing to the one that proves identity itself.

1. Supervisor sign-in sheets

The baseline, and the weakest rung. Signatures are trivially forged; sheets get batch-signed at day's end from memory; the supervisor on a multi-subcontractor site can't vouch for faces they've never met; and the sheet itself gets lost, soaked or quietly rewritten before it reaches the office. Even when everyone is honest, someone still has to type it all into payroll — a second chance for errors to creep in.

2. PIN kiosks

A shared tablet at the gate with a personal PIN per worker is a genuine step up: entries are timestamped, legible and digital, with no re-keying. But a PIN only proves that someone knew a number. Buddy punching is co-operative by nature — the absent worker hands their PIN over willingly, which is precisely the scenario a PIN cannot defend against.

3. GPS and geofenced clock-in

Workers clock in on their own phones, and the app only accepts the punch if the phone is inside a geofence drawn around the site. This kills the laziest abuse outright — clocking in from bed, the café or the van on the motorway. What it can't do is prove who is holding the phone. A worker already on site can carry a mate's handset through the gate and clock in for both. GPS proves where; it doesn't prove who.

4. Facial-recognition clock-in

The top rung. At the moment of clock-in, the camera checks the worker's face against the template they enrolled with. This is the only method on the ladder that verifies identity itself, and it ends buddy punching for a blunt reason: a colleague can borrow your PIN and your phone, but not your face.

MethodWhat it provesHow it gets beaten
Sign-in sheetA name was written downForged or batch-signed; sheets lost or rewritten
PIN kioskSomeone knew the PINPINs are shared willingly — that's the whole scheme
GPS + geofenceThe phone was on sitePhone handed to a mate who is on site
Facial recognitionThe worker was thereIt isn't — a face can't be lent

UK GDPR and biometrics: doing it properly

Facial-recognition data used to identify a person is special-category biometric data under UK GDPR, which means the bar is higher than for ordinary employee data. That is not a reason to avoid it — it's a reason to do it correctly:

These are the same principles Temporra follows in its own handling of biometric data — the specifics are on our security page.

A practical rollout checklist

  1. Pick a pilot site and draw its geofence — generous enough to cover the whole compound, tight enough to exclude the car park across the road.
  2. Complete a DPIA and a short privacy notice before anything is switched on.
  3. Brief the workforce in a toolbox talk: what's changing, what's stored, and what their choices are.
  4. Offer the choice plainly: facial-recognition clock-in, or PIN at the kiosk. No pressure either way.
  5. Enrol workers — moments per person; subcontractors can be enrolled on arrival.
  6. Run the new system alongside the old sheets for one pay period and compare.
  7. Review exceptions weekly — missed punches, geofence edge cases, workers who switched methods.
  8. After a month, retire the paper and let the digital record be the record.

How Temporra approaches it

Temporra was built for exactly this problem. Clock-ins are checked against a GPS geofence around each site, and firms that want identity verification can enable facial-recognition clock-in, with the face check verified server-side rather than trusted to the handset — so it can't be sidestepped by a tampered device. For workers who prefer not to use biometrics, kiosk mode with per-worker PINs is the built-in alternative, so consent stays genuinely optional. Verified hours then flow straight into payroll-ready exports and CIS statements. Plans and prices are on the pricing page, and if you're weighing up tools, our comparison with ClockShark covers where the two differ for UK construction firms.

Frequently asked questions

Is facial recognition legal on UK construction sites?

Yes, provided UK GDPR conditions are met: a lawful basis such as explicit consent, a completed DPIA, clear worker information, secure storage of templates rather than photos, and deletion when consent is withdrawn. The technology is lawful; careless deployment of it is not.

What if workers refuse biometrics?

They must be able to, without consequence — otherwise the consent underpinning the whole system fails. The answer is a genuine alternative, such as a PIN at a kiosk, offered with no fuss and no stigma.

Does GPS alone stop buddy punching?

No. Geofencing proves the clock-in happened at the site, which stops remote punching — but it proves location, not identity. A phone can be carried through the gate by someone else. Only identity verification closes that gap.

How fast can a small firm roll this out?

Faster than most expect. There's no hardware beyond phones and a spare tablet for the kiosk: draw the geofence, brief the crew, enrol workers as they arrive, and run one pay period alongside the old sheets. For a small firm, that's days of admin spread over a few weeks — not a project.

Buddy punching survives on systems that record claims instead of facts. Move up the ladder one rung and it shrinks; reach the top and it stops.

Start a free 14-day trial

Prefer to see it first? Book a demo and we'll walk you through geofencing, facial recognition and kiosk mode. More guides are in our resources library.