Note: all links in this post go to Portuguese language sources. Translations are a collaboration between Google and me.
My brother in São Paulo tipped me off to a rubber finger scandal in the Greater S.P. health service.
Doctor busted in SP for falsifying colleagues fingerprints with silicone (Floha de S. Paulo – Portuguese)
A doctor was arrested red-handed on Sunday, March 10 for using silicone fingers to fake the fingerprints use to mark the attendance of colleagues. She and the other doctors are employees of Samu Service (Emergency Medical Care) for Ferraz de Vasconcelos, in Greater São Paulo.
According to police, Thauane Nunes Ferreira, 28, registered the attendance of 11 doctors and 20 nurses. She told police she practiced the irregularity because she was coerced by her boss.
Greater SP: Doctors suspected of faking attendance are removed (Floha de S. Paulo – Portuguese)
Six Samu Service (Emergency Medical Care) doctors in Ferraz de Vasconcelos, Greater São Paulo, paid R$ 4,800 [ed. $2,450 US] to the coordinator of the service in the city, Jorge Luiz Cury, in order to avoid working four 24-hours shifts per month for which they were paid, City Hall says. Police are investigating the case. The city pulled the servers allegedly involved in the fraud.
The day before yesterday [ed. see above], when the scheme was discovered, doctor Thauane Nunes Ferreira, 28, was arrested in the act of using mock fingers with silicone fingerprints to mark the attendance of six colleagues.
Where they have been adopted, biometrics have made ghostbusting easier. In this case, with time-and-attendance biometrics deployed someone had to create and use 31 rubber fingers (pictured at both links above). That draws attention. Without biometrics, scaling up the time-and-attendance fraud while decreasing the risk of detection would have been much easier. If this allegedly corrupt boss was willing to go up to at least 31 rubber fingers, how many paper employees would he have tried?
According to Wikipedia, Ferraz de Vasconcelos, where the fraud took place, is second-poorest of Greater São Paulo’s 39 municipalities. Congratulations to all involved for stopping this instance of the corrupt stealing resources meant to provide health care to people far less fortunate than the doctors and administrators involved.
[Via] Drudge and the BBC are now on the story. If you didn’t want to wade through the Portuguese pieces linked above, you may be interested in these.
Upon closer examination of the the photos of the fake fingers used, another thought comes to mind. It certainly appears as though the fake fingers were created with the participation of their owners, making them evidence for the prosecution that they were complicit in the fraud. As it is, the fake fingers used in the fraud come from a variety of live finger models. In the two examples pictured below, the one on the left appears to belong to a male and the one on the right appears to belong to a female. If the counterfeiter wasn’t working from live models, there would be no reason to add a fingernail to the back of the fake finger.
Had the doctors’ prints been somehow lifted via subterfuge and placed onto a silicone finger without their knowledge, we might expect all of the fake fingers to look very similar as the finger counterfeiter might have used his own finger as a model and simply placed the doctors’ prints on it. Alternatively, as with The Old Gummi Bear Trick, the item bearing the fingerprints needn’t look much like a finger at all.
Without biometrics (and with a more careful set of individuals), it might have been very difficult to prove that the doctors involved weren’t just victims of identity theft by a corrupt official. With the evidence on hand (!) it should be a simple matter to determine if the fake fingers match those of the ghost doctors.
A larger question is whether this story argues for or against the adoption of biometric systems for time-and-attendance. Nobody should claim that biometrics or any other security or ID management measure is perfect and infallible. Nothing is infallible. In this case, however, it appears that having a biometric rather than a paper-based time-and-attendance system increased the costs and complexity of committing the fraud. It made executing its daily function (clocking in) more difficult to do without being noticed. And (at least in this case) it forced those complicit in the scheme to create pretty significant evidence of their involvement.
As a manager or law enforcement official, which case would you rather prosecute: one with rubber fingers or one with only a paper trail?
Note: This post has undergone a few revisions for the purposes of updating the post, correcting typographical or grammatical errors and to add clarity.