← Back to projects

Hardware Integration

Paycom Face Forward™ Timeclock

Led end-to-end software launch of Paycom's next-generation hardware timeclock, unifying hardware-to-software architecture across the full stack with C++/SWIG bindings for facial recognition, fingerprint, and RFID authentication at enterprise scale.

Year 2022
Role Lead Software Developer
Status Production - 25,000+ devices
Android AOSP C++ / SWIG RFID Facial Recognition SQLite 25k+ Devices
Product Page

Overview

The Paycom Face Forward™ Timeclock is Paycom's next-generation enterprise hardware timeclock, designed for touchless, high-speed employee authentication at scale. I led the software launch end-to-end - from architecture definition through production deployment across a fleet of 25,000+ devices.

The Challenge

Paycom needed a new timeclock platform that could handle:

  • Multi-modal authentication - facial recognition, fingerprint scanning, and RFID card reads, all sharing a unified Android application layer
  • Enterprise-scale data sync - reliable two-way sync of punch records across a massive device fleet, with zero tolerance for data loss
  • Offline-first operation - devices must continue functioning when network connectivity is unavailable, flushing cached data once reconnected
  • Hardware abstraction - clean separation between the Android app layer and the native C++ SDKs provided by hardware vendors
  • Biometric Privacy - facial geometry data is a protected biometric identifier under BIPA and similar state statutes, requiring encrypted at-rest storage, strict consent gating, and automated retention and deletion workflows.

Architecture

The core challenge was bridging Android (Kotlin/Java) and the native hardware SDKs (C++). I designed and implemented a SWIG binding layer that exposed the C++ facial recognition and RFID APIs to the Android application as idiomatic Kotlin interfaces, handling threading, error propagation, and lifecycle correctly across the JNI boundary.

┌--------------------------------------------------------------┐
|                     Android Application                      |
|                (Kotlin - UI, business logic)                 |
├--------------------------------------------------------------┤
|                     SWIG Binding Layer                       |
|                 (JNI bridge - Kotlin/C++)                    |
├------------------┬------------------┬------------------------┤
| Face Recognition | RFID Peripheral  | Fingerprint Peripheral |
|    SDK (C++)     |    SDK (C++)     |       SDK (C++)        |
└------------------┴------------------┴------------------------┘

Data Sync Engine

The most technically demanding component was the SQLite-backed sync engine. Punch records must be:

  1. Written locally the moment they occur (offline-first)
  2. Queued for transmission to the Paycom backend
  3. Reconciled against the server response to ensure no duplicates or missed records
  4. Pruned from local storage once safely confirmed server-side

I implemented this using Android's background threading primitives, with a state machine per punch record tracking its progression through the sync lifecycle. The engine processes over 15 million records monthly with 100% confidence and integrity.

Biometric Privacy & BIPA Compliance

Some Face Forward Timeclocks capture biometric data. Many states have begun imposing laws that require consent and usages of biometric data to be made clear. These laws imposed concrete obligations and directions we took that shaped several architecture decisions.

Encrypted storage. Facial templates are stored in an encrypted partition using the Android Keystore, ensuring data at rest is protected by hardware-backed keys and isolated from the general application data layer.

Consent gating. No biometric data is captured until the employee completes the consent step on the device. Enrollment cannot be triggered remotely or by an administrator; it requires an active interaction from the employee themselves.

Retention and deletion. The sync engine exposes a deletion endpoint the Paycom backend calls on employee termination, purging the facial template from the device automatically and supporting BIPA's destruction schedule requirement without manual intervention.

Results

  • Launched on schedule to a fleet of 25,000+ devices
  • Sustained 99.9% uptime in production since launch
  • Authentication latency under 1 second for all modalities (face, fingerprint, RFID)
  • Zero data-loss incidents in the sync engine since deployment