Fingerprint readers and ID cards at the office entrance solved a 2005 problem. Hybrid schedules, client sites, and remote days have outgrown them. Here is what to use instead — and how to migrate without breaking trust.
Walk into most established offices and you will find the same setup at the entrance: a wall-mounted fingerprint reader, an RFID card scanner, sometimes a face terminal beside the security desk. Employees tap, beep, walk through. The HR system gets an entry record at 08:47, an exit at 17:12, and the rest of the day disappears into trust.
That model worked when work was a place. One office, one entrance, one shift, one record. It still works for the small slice of organisations where that description is still true. For everyone else — companies with hybrid schedules, field engineers, multi-branch operations, client-site work, sales territories, distributed support teams, weekend coverage from home — the office-gate model has quietly stopped being an attendance system. It has become a turnstile log.
This is a guide to what the gate model actually measures, where it breaks down, and what a modern attendance programme looks like for organisations whose people are not all in one building at the same time.
A fingerprint reader at reception captures one thing precisely: that a person matching a stored biometric template passed the device at a given timestamp. That is genuinely useful information. It tells you the employee was on the premises at the moment of the swipe.
What it does not tell you, even on a good day:
For organisations where everyone is at the office, every day, the missing pieces are tolerable. The supervisor is in the same room. Behavioural signals fill in the gaps. The gate log is a useful backstop, not the source of truth.
For everyone else, those gaps are now the entire job.
Five operating realities have outgrown the kiosk-at-the-entrance design. Most organisations have at least three of them, often without acknowledging it explicitly.
Two or three days a week in the office is normal in most knowledge-work organisations now. The gate captures the in-office days perfectly. It captures the from-home days as zero — which then forces a parallel system: spreadsheets, Slack messages, manual entries from supervisors, "just trust them." The result is a single employee with two different attendance regimes, neither talking to the other, and a payroll cycle that depends on someone manually reconciling them.
This is not a small inconvenience. It is the source of most pay disputes in hybrid organisations.
Sales, account management, professional services, field engineering, audit, inspection, healthcare community visits — none of these happen at your office gate. The gate reader cannot record them. So the entire category of work that produces revenue gets tracked through expense claims and calendar entries instead of attendance records. When a customer disputes a billable hour, the evidence is a calendar invite, not an attestation that the person was physically there.
A retail chain with 40 stores does not have an entrance. It has 40 entrances. A bank with 12 branches has 12. A hospital network has dozens of sites. The fixed-terminal model forces a copy of the hardware at each location, with each device managed locally, each set of biometric templates synced across sites, and each transferred employee re-enrolled. Most multi-site organisations end up with a mix of strict sites, lax sites, and broken sites — and no consolidated view across them.
The original argument for biometric kiosks was that fingerprints stopped colleagues from clocking in for absent friends. That was true twenty years ago. Today, the workarounds are routine: silicone fingertip overlays, photographs held up to a face scanner, RFID card sharing, "borrowed" PINs. The threat model has caught up with the control. And in any organisation where someone is willing to commit minor fraud, the willing collaborator at the gate is the easiest tool to recruit.
Modern compliance — payroll audits, labour-law inspections, statutory leave entitlements, time-off-in-lieu disputes — requires that an attendance record be able to answer specific questions: who, where, when, on what device, under what policy, with what exceptions. A simple "entry: 08:47, exit: 17:12" line in a kiosk log does not answer most of those questions. It produces a number, not evidence.
If the gate model is not enough, the alternative is not "trust everyone" or "track everything constantly." It is to move the attendance event from the physical gate to a virtual one that follows the work, with a controlled set of signals that make each event defensible.
The principles a modern attendance programme has to satisfy:
A system that does all five of these is no longer doing what a kiosk does. It is doing what a kiosk pretended to do.
For an organisation currently relying on a fingerprint terminal at reception plus a fallback ID-card swipe, the move to Onsight changes four things in practice.
The physical gate stops being the source of truth. Each employee's phone — the device they already carry — becomes the check-in surface. The geofence around the office replicates what the gate used to enforce: presence at the building. For employees who only work at the office, nothing about their behaviour changes. They open the app, tap check-in, walk to their desk.
Off-site work becomes first-class. The same app handles the check-in at a client office, at a remote project site, at a hospital, at a home address (if the company chooses to allow it). The geofence is configured per worksite or per assignment. The record carries the same evidentiary load whether the employee is at HQ or at a customer's premises.
Identity verification stops being a fingerprint on a shared device. A selfie captured at the moment of check-in, paired with the device's local biometric (Face ID, fingerprint) as the approval gesture, ties the action to a specific person on a specific device. The biometric template never leaves the device. The selfie is reviewable evidence when an exception is raised, not the default authentication path.
Buddy punching has to clear three barriers, not one. To fake a check-in for a colleague, an attacker now needs the colleague's phone, the colleague's biometric to unlock it, and physical presence inside the correct geofence at the right time. Each of those is solvable individually. The product of all three is rarely worth the effort, especially when the system also surfaces device-mismatch and location-anomaly flags to a supervisor on the same day.
A side benefit, often unanticipated by the buyer: the hardware budget for replacement gate readers, biometric license renewals, and per-site terminal maintenance largely disappears. The smartphone is the terminal. The geofence is the policy. The exception queue is the review.
A common objection from organisations that have run gate biometrics for years is that they will lose the strict in/out record. They will not.
Onsight's check-in / check-out events carry timestamps from both the device and the server, with the delta recorded. They carry GPS coordinates and accuracy radius. They carry device integrity signals. They carry the policy version in force at the time. In every respect except the physical fingerprint on a wall-mounted reader, the new record is stronger than the kiosk log, because it carries context the kiosk could not produce.
The one capability that does change is the physical denial of entry — the gate reader physically not opening when an unauthorised person taps. That is a building-security function, and most organisations that run gate biometrics for attendance also run them for access control. Those two jobs should be separated anyway. Access control belongs to the security team and the building. Attendance integrity belongs to HR and operations. Onsight handles the second. The first should keep doing its job at the gate, on its own terms.
The instinct of an operations leader inheriting a 10-year-old kiosk deployment is to switch it off and announce the new system. That tends to fail. Long-tenured employees treat their fingerprint enrolment as identity infrastructure. Pulling the wall reader off in week one creates the impression that the company is loosening attendance discipline, even when the opposite is true.
The migration sequence that holds:
The biometric kiosk at the office entrance is not wrong. It is just narrow. It records one event — presence at the front door — and infers the rest. When the rest of the day happened at the same desk, in the same building, that inference was fair. When the rest of the day happens at a client office, a hospital ward, a construction site, a customer warehouse, or a kitchen table thirty kilometres away, the inference is wrong by default.
A modern attendance programme accepts that the work has moved and follows it. The phone replaces the wall reader. The geofence replaces the entrance. The exception queue replaces the supervisor's gut feel. The audit trail replaces the spreadsheet reconciliation.
Companies that have outgrown the gate model — and most have, without noticing — find that the upgrade pays for itself within a quarter, mostly out of the payroll leakage they could never previously prove. The wall-mounted fingerprint reader was a 2005 answer to a 2005 problem. The problem has moved. The answer should too.
Keep reading
A practical framework for combining selfie evidence, local biometric approval, approved devices, and manager review without slowing employees down.
GeofencingThe real value of geofencing is not the circle on the map. It is the record that connects person, place, time, policy, device, and exception state.
Onsight can help you define geofences, trust controls, exception flows, and reporting rules around your real workforce.
Walk through your rollout
Bring your site structure, employee groups, and compliance concerns.
Book demo