Why Employee Use of Personal Cards is a Gamble

If your organization still allows employees to use their personal cards for business expenses and then get reimbursed, it is worth another look. Have you considered the risks lately? Early last year, I wrote about a couple ways in which fraud might occur with this approach. Namely, the employee could benefit financially by submitting the same expense more than once or by cancelling a business trip, but still pocketing the reimbursement for a reservation (e.g., airfare, conference registration). Now I am adding another type of fraud to the list. Keep reading to see if your organization is aware of the following risk.

The Receipt Risk

When an employee seeks reimbursement by submitting a receipt that the supplier provided electronically, the employee can change the dollar amount. It doesn’t matter if the receipt is an email (no attachment), such as what Uber provides, or if the receipt is an emailed PDF attachment, such as what a hotel sends. Both can be edited; I verified this firsthand.

When I edited a PDF from a hotel, a pop-up message alerted me that the file was read-only and had to be saved as a new file. Just one easy, extra step…

The Answer

While receipt tampering can happen regardless of the card used—personal card or company card—use of company cards (Commercial Cards) with corporate liability/corporate pay offer controls. Since there are no reimbursements to employees, there is no motivation for an employee to change a dollar amount on a receipt. Accounts payable uses the card issuer’s central bill to initiate payment for all cardholders’ transactions.

If the program has an individual liability/pay arrangement (as some Corporate Travel Card programs do), your organization still has the ability to independently view and verify actual transaction amounts through the card issuer’s technology. It would be possible to catch receipt tampering prior to reimbursing the employee. However, this is a mostly manual exercise that could quickly consume significant time.

The bottom line is, to prevent employee fraud, it is critical to have transaction visibility and to eliminate employee expense reimbursements to the extent possible.

Related Resource

The other fraud risks that I mentioned in the introduction above are described within the 2017 blog post, Why Mandate Card Use for T&E. It also includes another drawback of not having a Commercial Card program for business travel.

Is your organization willing to gamble (and lose) by allowing employees to use their own cards and get reimbursed?

Is your organization willing to gamble (and lose) by allowing employees to use their own cards and get reimbursed?



Subscribe to the Blog

Receive notice of new blog posts.

About the Author

Blog post author Lynn Larson, CPCP, is the founder of Recharged Education. With 20 years of Commercial Card experience, her mission is to make industry education readily accessible to all. Learn more

Smartphone business challenges and trends.

Mobile/smartphones have come a long way in the business world since the early days when they primarily served as mini email devices. Expanded functionality and usage mean new opportunities for efficiencies, but also new challenges. Mary Schaeffer of AP Now writes about one headache below, while I explore some mobile trends. With increased awareness, your organization can determine what, if any, steps it should take to harness the benefits of smartphones while guarding against the risks.    


Smartphones, Receipts and a New Expense Report Auditing Headache

by Mary S. Schaeffer, AP Now

Most employees have smartphones, taking them wherever they go. The phones are especially handy for travelers, who can snap pictures of their meal receipts for their expense reports. It’s a lot easier and cleaner than keeping all those little pieces of paper together. However, all is not rosy in receipt land.

The New Issue

Some employees are submitting the same electronic receipt for the same meal on multiple expense reports. Whether this is being done inadvertently or the employee is actively trying to defraud the employer of a few dollars is a separate issue and one that is difficult to pinpoint definitively. However, from an expense report audit standpoint, it is critical that these duplicate submissions be weeded out and not paid a second time.

Smartphones can play a role in reducing office paperwork, but organizations also need to implement related controls and policies.

Smartphones can play a role in reducing office paperwork, but organizations also need to implement related controls and policies.

The Solution

Insist on employees using a company credit card to prevent them from playing certain games with their expense reports. For those who don’t go this route, using automated expense reporting software will address the problem. When combined with a company card, the information can be automatically loaded into the expense report. Then the employee doesn’t have the opportunity to submit the expense twice.

Organizations who do not use automated software have two primary lines of defense for uncovering duplicates:

  1. The traveling employee’s manager who approves the expense report. Although it is incumbent on them to check everything first, it is a well-known fact that only a few actually check the expense report before approving it. Making managers responsible for what they sign is a good first step.
  2. The group who audits expense reports. For starters, anything that is submitted more than a month or two after the meal should be double checked to ensure it wasn’t included on a prior report. Best-practice companies use data analytics to identify potential duplicate payments of all types, not just those on expense reports.

Concluding Thoughts

Technology is wonderful. It certainly makes many tasks in the business world a lot easier. Expense reporting is no exception. The sneaky thing about technology is that it also introduces problems we didn’t have in the past. This is one such example. By identifying the problem early on, you can create solutions to make sure extra dollars don’t drift out the door on your watch.

2015 Smartphone Studies and News

by Lynn Larson, CPCP

We know mobile payments have entered the Commercial Card world (e.g., American Express and Apple Pay), but this year’s mobile news is even broader. Following are tidbits on four other topics. 

Business Travel

Intriguing 2015 research by Business Travel News (BTN) reveals business travelers have embraced mobile technology, but organizations are slow to respond in terms of mobile policies and understanding what travelers use and want. For example, mobile policies, when they exist, tend to be created in reaction to a certain situation, problem, etc. They often fail to address many aspects of mobile usage, including expense filing, roaming charges and social itinerary sharing. If you are a travel manager, this research is a must-read.

BYOD

Mobile policies are not limited to travel management. They should include a stance on BYOD (bring your own device); specifically, whether employees should use their personal devices for work functions. The debate becomes more heated if the work entails accessing sensitive data or financial records. A 2015 study by CompTIA, Building Digital Organizations, found that 53% of respondents’ organizations allowed no BYOD, compared to 34% in 2013. Security could be one factor. For various considerations, see ComputerWorld’s article on other findings from the study

Data Breaches

With ongoing news about data breaches, it is natural to wonder if there is a mobile path. Per the Verizon 2015 Data Breach Investigations Report, mobile devices are not a preferred vector in data breaches. However, the report also notes mobile devices have clearly demonstrated their ability to be vulnerable. Download the report to learn more about data breaches overall. 

Regulatory Involvement

The U.S. Congress is taking an interest. Earlier this month, the House Energy & Commerce Committee held a hearing to explore mobile payments security and data privacy. Industry experts described security features (e.g., tokenization and biometrics), as well as challenges like having multiple parties involved in the payments process. A key question is whether specific regulatory oversight is needed, such as laws covering mobile payments fraud protection. An article by BankInfoSecurity provides more insight into the hearing.


Final Thoughts

Mobile usage for business purposes will continue to evolve. How can your organization take greater advantage of the benefits? If/when you do so, be thoughtful about your policies to ensure they keep pace.

 

 


About the Authors

Mary S. Schaeffer, a nationally-recognized accounts payable consultant, is the creator of the AP Now website. She speaks regularly at live and online events; has written 18 business books, most focused on accounts payable issues; and has created many CPE courses for CPAs. Additional information can be found at www.ap-now.com.

Lynn Larson, CPCP, is the founder of Recharged Education. With more than 15 years of Commercial Card experience, her mission is to make industry education readily accessible to all. Learn more

Subscribe to the Blog

Gift card purchases—a prize or problem?

Gift cards can be useful for different business purposes, including employee rewards—that is, when the purchase is properly approved, accounted for and taxed as necessary. Gift cards can also be a source of accounts payable fraud, as Mary Schaeffer describes below. Then there is the question of whether to allow gift card purchases via a P-Card. In my experience, organizations are diverse in their opinions, but there is one thing every organization should do.


The Gift Card Issue

by Mary S. Schaeffer, AP Now

As you may have noticed, many restaurants offer gift cards. A few go so far as to add a line to the credit card receipt so the diner can add on a gift card at the time he or she is adding the tip to the bill. This is fine if the person is paying for the meal themselves.

Unfortunately, a few unscrupulous employees have taken to adding on a gift card when taking a business associate out for a meal. If they gave the gift card to the associate, this might be acceptable. However, they could be pocketing the gift card for personal use. This is just one of the reasons a growing number of organizations are now requiring the detailed meal receipt.

The Solution

The solution to this problem comes in two parts. First, mandate use of a corporate credit card, as you might get detailed Level 3 data to help uncover gift card fraud. Also, the transparency of commercial card transactions acts as a deterrent. If you make use of the card optional, those who want to play games will most definitely decide not to use the card. 

The second part of the solution involves the receipt. Companies everywhere are starting to look at receipts in a whole new way—and the change is not exactly what you might expect. This new approach is based on experiences organizations have had as they’ve reviewed documentation provided by traveling employees. Advances in technology have provided greater visibility into reimbursement requests and not everyone is pleased with what they’ve uncovered. Some are starting to ask for the detailed meal receipt.

Now, if you start to require the detailed meal receipt, don’t be surprised if you don’t find gift cards on your employees’ documentation. I would hope your employees would be smart enough to NOT put a gift card on their bill if they know they are going to have to turn in the detail. 

Gift cards can be legitimate employee rewards, but they can also be a source of fraud when an employee buys and pockets as a present.

Gift cards can be legitimate employee rewards, but they can also be a source of fraud when an employee buys and pockets as a present.

Gift Card Purchases via a P-Card

by Lynn Larson, CPCP

Some organizations allow P-Cards to be used for gift card purchases and some do not. For others, it might be an exception. Whatever the case, your policies should address it one way or another. You could even have a stand-alone “Gifts Policy,” but ensure your card program policies refer to it and, if possible, link to it.

If allowed, the policy should specify: 

  • who can purchase gift cards and for what reason(s)
  • what type of pre-purchase approval is required and who else needs to know (e.g., Payroll)
  • the documentation requirements, such as who the gift card is for, why and when it was (or will be) given

Unfortunately, for organizations who do not allow it, there is no systemic way to block gift card purchases. Auditing becomes your best defense. Consider giving more scrutiny to purchases from stores that offer gift cards, such as big box retailers, pharmacies, grocery stores and gas stations. Transactions reflecting an even dollar amount (e.g., $100) might be another clue.


About the Authors

Mary S. Schaeffer, a nationally-recognized accounts payable consultant, is the creator of the AP Now website. She speaks regularly at live and online events; has written 18 business books, most focused on accounts payable issues; and has created many CPE courses for CPAs. Additional information can be found at www.ap-now.com.

Lynn Larson, CPCP, is the founder of Recharged Education. With more than 15 years of Commercial Card experience, her mission is to make industry education readily accessible to all. Learn more

 

Subscribe to the Blog