At Veryfi, we speak with with Accountants, Bookkeepers and Business Owners on a daily basis. The most common question is around bookkeeping software. It seems that there is too much marketing and not enough substance. Given time, people see past the marketing bluff and start exploring alternative tools for their client bookkeeping. Enter Veryfi.

A question that sometimes pops up is how is Veryfi different to Expensify. In this post we will help answer this question and hopefully bring to light a huge problem in expense management and receipt handling tools. Around 90% of companies providing tools for bookkeepers and accountants ship their client financial offshore for human labor extraction. A data-privacy risk which every business owner should think about.

Research on Google

Google is a brilliant search engine. But it’s better when used in InCognito mode. This way you avoid your browsing history bias and can start surfacing buried articles like the following.

Expensify sends your image receipts with personal data to Mechanical Turkers exposing customer data to the internet

The “machine learning” behind that application you’ve been using to scan your receipts for business expenses and company benefit filings may not have been entirely machine-based—and that could have some privacy implications, despite what the company has advertised. Expensify, the paperless business expense management service with more than 4.5 million users, has been using humans to transcribe at least some of the expense and benefit documents the company’s software processes—and over the past few months, some of those humans were recruited through Amazon’s Mechanical Turk service.

Expensify sent images with personal data to Mechanical Turkers, calls it a feature

And a few more you will find online talking about Expensify’s use of human labor.

Expensify CEO says its ‘automated’ service is ‘proud’ to use humans to process receipts

TL;DR: Expensify’s deceptive mechanical turk army may have resulted in me coming within seconds of losing $30k, and almost certainly leaves them exposed to massive liabilities as they wantonly give away personally identifiable information to low-paid contract workers that are not bound to confidentiality.

Software company Expensify admits to outsourcing work containing sensitive data. One expert says consumers who used the company’s service could be vulnerable to cyberattack:

“It’s a nightmare,” he tells ConsumerAffairs. “You’re outsourcing to individuals you don’t know…[they] probably don’t get more than a few minutes of security training.”

Consumer Affairs on Expensify:

“Anyone who spends half a night in security knows that policy is not protection.” Human workers are prone to be careless or dishonest, he says. Policies do not take into account whether the workers themselves are vulnerable to hacking, among other problems.

Consumer Affairs on Expensify:

Research on Twitter

Twitter is a worldwide platform for people’s voices and opinions. You can find a bucket load of information like the following. This was the moment that exposed Expensify’s mechanical turks.

Expensify exposed
On Twitter

Compare Apps from the App Store

Today, most companies have mobile apps. You can download them from iTunes (for iPhone) or Google Play (for Android) and see for yourself how the product works. Read our guide here on how to assess technical software products.

The general rule of thumb around data extraction software is “Is it real-time?”. If not, then its blowing smoke; shipping data offshore. Avoid. Unless you don’t value your privacy.

Why care?

1. CPAs risk compliance

Technology companies serving CPAs in California not disclosing offshore labor are causing these CPAs to fall out of compliance.

2. Business owners risk identity theft

Business financial activity is a wealth of data that can easily be used for social engineering. Social engineering is when a bad actor knows enough about you to steal your identity by being able to answer security questions from your bank, online services you use etc.

Why hand over the keys to your kingdom without doing your own due-diligence?

3. Business compliance

Services like Expensify do not comply with HIPAA, GDPR, CCPA or data-privacy standards.

  • HIPAA compliance is mandatory for healthcare companies in the US.
  • GPDR compliance is a must for any US company selling their services in Europe or managing European customer’s data.
  • CCPA in California is a smaller version of GDPR.

4. Employees risk their data-privacy

You will need to be transparent with your employees about the lack of data privacy. That Uber receipt they submitted for reimbursements is going to be seen by someone in another country. They will know where you and your employees live. That’s only the beginning. Read more on privacy here.

5. Internal Revenue Code Section (IRC §) 7216

According to the IRS, IRC § 7216 is “a criminal provision enacted by the U.S. Congress in 1971 that prohibits preparers of tax returns from knowingly or recklessly disclosing or using tax return information.” … “A convicted preparer may be fined not more than $1,000 or imprisoned not more than one year or both, for each violation.”

Found this useful?

If you found this post useful then please share it. Education is a start to a better future where you own and control your data and can safely store your business information in the cloud.


No credit card required to sign-up. Trial all Veryfi products for 14 days FREE. View and compare full features

How Veryfi stacks up against others…

Receipt Bank

“Receipt Bank’s data extraction team, certain members of which are based outside the EEA,” Source: Receipt Bank

Read more on Receipt Bank

Botkeeper represents itself as an AI-powered automated accounting solution. Reality: offshore labor in the Philippines doing most of the work.

Read more on Botkeeper
No credit card required.