Can you explain your program data?

If, without warning, senior management asks you to explain one or more pieces of your card program data, would you be prepared? No matter the topic, you do not want to be fumbling around for an answer. Memorizing key metrics is a good start, but understanding what is behind the numbers is more meaningful. This post describes four things your management may wonder or ask about, and what you should know to shine in the spotlight of their scrutiny.   

Process Savings from Card Usage

Sharing your organization’s process savings via your Intranet and/or in a report to management showcases the value of your P-Card program, so be ready to explain:

  • how you calculated the process savings 
  • how P-Cards save time and money for your organization compared to your other internal purchase-to-pay processes
  • why your organization’s savings are higher or lower than industry averages (RPMG Research is a great resource)

Card Spend

Relaying progress toward goals and how the current year compares to past years helps keep management informed; see examples below. Ensure you can explain any dips and/or upward spikes.

As a program manager, I once had to ask the organization president to sign off on the payment to our card issuer due to the unusual large dollar amount. While face to face in his office, he asked why the total was so high. Fortunately, I had researched that before approaching him, so I was able to answer.  

Revenue Share

Announcing the revenue share (rebate) received from the issuer is always exciting, but do not stop with the dollar total. Include a note about where your organization stands, based on your current contract terms. Are you maximizing the revenue share opportunity? Why or why not?

Internal Fraud/Compliance

Apprising management of the compliance level with card policies and procedures is equally important.

  • If you do not have issues, it is something to highlight, including the reasons for the success. Perhaps you maintain a current risk assessment that drives you to close any control gaps.
  • If you have had internal fraud and/or compliance issues, be able to articulate the contributing factors and related remedies. Also, if there are more compliance problems today than in the past, determine why. Has compliance always been on the poor side, but new/better auditing is uncovering more now?

Internal fraud data, as well as process savings, are two things included within the P-Card Risk Analysis Template from Recharged Education. It is available for purchase or, by attending next week’s virtual workshop, you will receive a complimentary copy.

Ensure you can answer "yes" if management asks whether you can explain a particular piece of card program data.

Ensure you can answer "yes" if management asks whether you can explain a particular piece of card program data.

Analysis without interpretation is just numbers.
— Included in an ad for Emory University, Goizueta Business School

More Resources

Visit the P-Card Metrics webpage for related information.

About the Author

Blog post author Lynn Larson, CPCP, is the founder of Recharged Education. With more than 15 years of Commercial Card experience, her mission is to make industry education readily accessible to all. Learn more

Subscribe to the Blog

Receive notice of new blog posts.

Interface file creation 101.

Uncertainty. Pressure. A faster heart rate. These are just some of the things people feel when they have to develop a new, electronic Commercial Card interface file for a particular system (finance or other). Even if you relish the challenge, formulating a plan can take time. Through personal experience and by helping others, I have learned it is best to break down the project into manageable steps. The following offers direction on four key aspects associated with interface file development. Keep this handy for the next time you face this situation.

Four Key Aspects

  1. Determine what you need the interface file to do/accomplish.
  2. Identify the system into which the interface file will be uploaded, and the related specifications.
  3. Select the relevant card-related data to be included in the interface file.
  4. “Map” where each piece of card data belongs in the interface file, based on system specifications.

In reality, you might work on these aspects concurrently. Remember to build time into your project for file testing purposes. 

Breaking It Down 

1. What Do You Want the File to Accomplish?

What are you seeking and why? Will you need to add or modify fields in the system used for transaction reconciliation? For example, is there a piece of data you need to capture in the interface file that would need to be supplied by cardholders?

Most commonly, an interface file is needed for the finance system, but you need to decide which one—AP system or general ledger. Further, there is more than one way to approach it. For example, will the interface file serve to initiate a payment to the card issuer? Maybe; maybe not. It could depend on how often you pay the issuer, how often cardholders reconcile transactions, and/or other factors.

2. Where Will the Card Data Go?

Can the identified system (#2 above) accommodate a file upload? If so, what are the requirements and specifications? Elements to explore include: fields to be populated, field length and type (e.g., alpha, numeric, or either), any prohibited characters that could cause problems during the file upload, etc. You may need to consult with the system provider/vendor.

Also, your card issuer might be able to offer some insight if any of their other end-user clients have an interface file for the same system. 

Do not let an interface file project overwhelm you. Break it down into manageable stages.

Do not let an interface file project overwhelm you. Break it down into manageable stages.

3. What Card Data is Available?

There are three broad categories of card-related data:

  • Transaction information, such as date, amount, sales tax, and line-item detail (if available); may also include any data entered by the cardholder during reconciliation
  • Supplier information, such as name, address, and merchant category code (MCC)
  • Cardholder/card information, such as name, zip code, and account number

You likely do not need every piece of available data. Determine the information that best supports what you want to accomplish.

4. Where Does Each Piece of Card Data Belong?

The system into which you will upload the file probably does not have field names that exactly match the names of card-related data. You need to figure out what to put where.

Lastly, some data might need to be automatically added to the interface file—to satisfy certain field requirements—versus originating from the card activity. For example, the file specifications might include a field designated as “Payment Type” for which you want a constant default of “PCARD” each time the interface file is downloaded. 

Resources

For an introduction to interface files and information about finance system options, visit the Interface Files webpage. If you are seeking external expertise, contact Recharged Education to inquire about consulting services.

About the Author

Blog post author Lynn Larson, CPCP, is the founder of Recharged Education. With more than 15 years of Commercial Card experience, her mission is to make industry education readily accessible to all. Learn more

Subscribe to the Blog

Receive notice of new blog posts.

Phishing for security weaknesses.

I recently had a déjà vu experience. About a year ago, I wrote about a fraudulent email I received while preparing to deliver a virtual workshop on P-Card risk analyses. This prompted me to share tips and statistics related to information security, and recommend Verizon’s Data Breach Investigations Report as a resource. The same things are occurring again. Another fraudulent email landed in my inbox (different topic this time), another virtual workshop on risk analyses is coming up, Verizon released a new report, and this post offers additional security tips. Keep reading to learn more and see images of the fraudulent emails.

Phishing

There is no shortage of social engineering tactics. Among the most common are phishing expeditions designed to entice people to click links or email attachments that open the door to fraudsters and their malicious software. Last year, I received a fake FedEx email. This month, it was a fake Dropbox email with a link to view an invoice. Ensure your AP department is aware of this scam. While it is not new, they might not have encountered it previously. See related images in the adjacent column.

Per Verizon’s 2017 Data Breach Investigations Report:

  • 7.3% of users across multiple data contributors were successfully phished—whether via a link or an opened attachment.

  • In a typical company (with 30 or more employees), about 15% of all unique users who fell victim once, also took the bait a second time. 

While 7.3% is not huge, just one successful phishing incident can have far-reaching consequences. 

Who will fraudsters catch? Help your cardholders avoid the phishing bait. 

Who will fraudsters catch? Help your cardholders avoid the phishing bait. 

Training Tips

In my related blog post last year (“Attack fraud through training”), I noted that cardholders should be able to differentiate between legitimate communications from the card issuer and fraudulent ones.

To enhance your training efforts, can your issuer share examples of fraudulent emails that target cardholders, as well as real ones that they send? Also train cardholders to pause and evaluate any emails appearing to be from the issuer. For example:

  • Were they expecting an email (e.g., you told them something would be sent pertaining to “X” topic) or is the communication a surprise, which might indicate potential fraud? 
  • Is the sender’s email address consistent with your issuer’s email addresses? Per the images in the next column, fake emails typically reflect odd addresses.
  • Does the email stress urgency (e.g., “You must click here ASAP!”) or include a threat (e.g., “Failure to complete this action could result in card deactivation.”)?

If your training includes a quiz element, then add something related to phishing, such as: If you receive an email that appears to be from the bank and it directs you to click a link to update your contact information, what is the BEST action to take?

Besides NOT clicking on anything, cardholders should notify the appropriate internal party. You/your organization needs to stay informed and take any necessary action (e.g., alerting other cardholders, contacting your issuer, etc.).

Finally, if possible, as part of a process audit, simulate a phishing email to test cardholders’ reactions Do they click on anything? Do they report the suspicious email?

Fraudulent Email Images

Below are the emails mentioned earlier. In each, the sender’s email address has nothing to do with FedEx or Dropbox.

Virtual Workshop

P-Card Risk Analysis

Information security is just one of many topics that I will cover in the three-hour June 21 workshop hosted by AP Now. If you have not completed a robust P-Card program risk analysis recently, this workshop is for you. Registrants will also receive two bonus items:

  1. P-Card risk analysis template with more than 100 questions to help you assess your controls
  2. Guide on revitalizing your P-Card policies and procedures. 

Please visit the AP Now website to learn more and register.

About the Author

Blog post author Lynn Larson, CPCP, is the founder of Recharged Education. With more than 15 years of Commercial Card experience, her mission is to make industry education readily accessible to all. Learn more

Subscribe to the Blog

Receive notice of new blog posts.