diff --git a/lib/secure_api/api_token/validation.rb b/lib/secure_api/api_token/validation.rb
index 7b1a731..3e7e9a3 100644
--- a/lib/secure_api/api_token/validation.rb
+++ b/lib/secure_api/api_token/validation.rb
@@ -85,7 +85,7 @@ def within_time_tolerance(clear_token)
       clear_token[/#{prefix}([0-9]+)#{suffix}/]
       token_time = $1 || 0
       elapsed_time = timestamp.to_i - token_time.to_i
-      elapsed_time < time_tolerance_seconds
+      elapsed_time.abs < time_tolerance_seconds
     end
   end
 end
diff --git a/test/api_token_test.rb b/test/api_token_test.rb
index 9d7f70f..1525ec5 100644
--- a/test/api_token_test.rb
+++ b/test/api_token_test.rb
@@ -52,6 +52,20 @@ def test_a_token_with_the_correct_info_and_time_stamp_gt_10_mins_old_is_invalid
     end
   end
 
+  def test_a_token_with_a_future_timestamp_beyond_tolerance_is_invalid
+    twenty_minutes_ago = Time.now.utc.to_i - (60 * 20)
+    ApiToken.stub(:timestamp, twenty_minutes_ago) do
+      refute ApiToken.valid?(@token)
+    end
+  end
+
+  def test_a_token_with_a_future_timestamp_within_tolerance_is_valid
+    nine_minutes_ago = Time.now.utc.to_i - (60 * 9)
+    ApiToken.stub(:timestamp, nine_minutes_ago) do
+      assert ApiToken.valid?(@token)
+    end
+  end
+
   def test_legacy_encryption_and_decryption_when_enabled
     SecureApi.configure do |config|
       config.secure_api_pass_phrase = 'test pass phrase'