At Veryfi, we speak with with accountants, bookkeepers and business owners on a daily basis. The most common question is around bookkeeping software. It seems that there is too much marketing and not enough substance. Given time, people see past the marketing bluff and start exploring alternative tools for their client bookkeeping. Enter Veryfi.
A question that sometimes pops up is “how is Veryfi different to Expensify?”.
In this post we will help answer this question and shed some light on what we consider a dirty secret of data extraction in most accounting, expense management and receipt handling software.
~90% of companies providing software that claims to extract data from receipts or invoices actually ship that data offshore for human labor extraction.
You probably haven’t even questioned what you snap receipts with. Let’s face it. Most business owners don’t.
This interview with the CEO of CloudFactory will give you some comfort in what is being exposed here as true: The company behind Silicon Valley’s dirty little secret. CloudFactory manages offshore cheap labor for many companies in Silicon Valley inc, Expensify to arbitrage the opportunity of having to build real hard tech. Instead relying on humans. If you still cannot believe this to be true, then read The rise of ‘pseudo-AI’: how tech firms quietly use humans to do bots’ work.
This is why Veryfi was started.
Shouldn’t we have flying cars by now. Instead we have companies playing wizard of oz with data.
Sure if you believe their privacy policy, don’t care about your data privacy or your business data. But what you might not know is they have already leaked customer data.
Expensify sends your image receipts with personal data to Mechanical Turkers exposing customer data to the internet.
The “machine learning” behind that application you’ve been using to scan your receipts for business expenses and company benefit filings may not have been entirely machine-based—and that could have some privacy implications, despite what the company has advertised. Expensify, the paperless business expense management service with more than 4.5 million users, has been using humans to transcribe at least some of the expense and benefit documents the company’s software processes—and over the past few months, some of those humans were recruited through Amazon’s Mechanical Turk service.
Source: https://arstechnica.com/information-technology/2017/11/expensify-acknowledges-potential-privacy-problem-by-calling-it-a-feature/
Expensify CEO says its ‘automated’ service is ‘proud’ to use humans to process receipts
Source: http://www.businessinsider.com/expensify-is-proud-to-use-humans-in-its-automated-service-2017-11
TL;DR: Expensify’s deceptive mechanical turk army may have resulted in me coming within seconds of losing $30k, and almost certainly leaves them exposed to massive liabilities as they wantonly give away personally identifiable information to low-paid contract workers that are not bound to confidentiality.
Source: https://news.ycombinator.com/item?id=15796189
Software company Expensify admits to outsourcing work containing sensitive data. One expert says consumers who used the company’s service could be vulnerable to cyberattack:
Source: https://www.consumeraffairs.com/news/software-company-expensify-admits-to-outsourcing-work-containing-sensitive-data-113017.html
“It’s a nightmare,” he tells ConsumerAffairs. “You’re outsourcing to individuals you don’t know…[they] probably don’t get more than a few minutes of security training.”
Consumer Affairs on Expensify: https://www.consumeraffairs.com/news/software-company-expensify-admits-to-outsourcing-work-containing-sensitive-data-113017.html
“Anyone who spends half a night in security knows that policy is not protection.” Human workers are prone to be careless or dishonest, he says. Policies do not take into account whether the workers themselves are vulnerable to hacking, among other problems.
Consumer Affairs on Expensify: https://www.consumeraffairs.com/news/software-company-expensify-admits-to-outsourcing-work-containing-sensitive-data-113017.html
Technology companies serving CPAs in California not disclosing offshore labor are causing these CPAs to fall out of compliance.
Business financial activity is a wealth of data that can easily be used for social engineering. Social engineering is when a bad actor knows enough about you to steal your identity by being able to answer security questions from your bank, online services you use etc.
Why hand over the keys to your kingdom without doing your own due-diligence?
Services like Expensify do not comply with HIPAA, GDPR, CCPA or data-privacy standards.
You will need to be transparent with your employees about the lack of data privacy. That Uber receipt they submitted for reimbursements is going to be seen by someone in another country. They will know where you and your employees live. That’s only the beginning. Read more on privacy here.
According to the IRS, IRC § 7216 is “a criminal provision enacted by the U.S. Congress in 1971 that prohibits preparers of tax returns from knowingly or recklessly disclosing or using tax return information.” … “A convicted preparer may be fined not more than $1,000 or imprisoned not more than one year or both, for each violation.”
Why am I obsessed with confidential client info privacy issues and bots that turn out to be humans offshore? Here’s one really good reason: Internal Revenue Code Section (IRC §) 7216
— Blake Oliver (@BlakeTOliver) March 15, 2019