Expensify vs Veryfi

At Veryfi, we speak with with accountants, bookkeepers and business owners on a daily basis. The most common question is around bookkeeping software. It seems that there is too much marketing and not enough substance. Given time, people see past the marketing bluff and start exploring alternative tools for their client bookkeeping. Enter Veryfi.

A question that sometimes pops up is “how is Veryfi different to Expensify?”.

In this post we will help answer this question and shed some light on what we consider a dirty secret of data extraction in most accounting, expense management and receipt handling software.

Dirty secrets of data extraction

~90% of companies providing software that claims to extract data from receipts or invoices actually ship that data offshore for human labor extraction.

You probably haven’t even questioned what you snap receipts with. Let’s face it. Most business owners don’t.

This interview with the CEO of CloudFactory will give you some comfort in what is being exposed here as true: The company behind Silicon Valley’s dirty little secret. CloudFactory manages offshore cheap labor for many companies in Silicon Valley inc, Expensify to arbitrage the opportunity of having to build real hard tech. Instead relying on humans. If you still cannot believe this to be true, then read The rise of ‘pseudo-AI’: how tech firms quietly use humans to do bots’ work.

Let’s raise the bar together

This is why Veryfi was started.

1. To give you a safer option where your data and your privacy is valued,
2. to empower you with real-time data to make smarter decisions and
3. in the process raise the bar on data extraction technology.

Shouldn’t we have flying cars by now. Instead we have companies playing wizard of oz with data.

Is Expensify safe to use?

Sure if you believe their privacy policy, don’t care about your data privacy or your business data. But what you might not know is they have already leaked customer data.

Expensify sends your image receipts with personal data to Mechanical Turkers exposing customer data to the internet.

The “machine learning” behind that application you’ve been using to scan your receipts for business expenses and company benefit filings may not have been entirely machine-based—and that could have some privacy implications, despite what the company has advertised. Expensify, the paperless business expense management service with more than 4.5 million users, has been using humans to transcribe at least some of the expense and benefit documents the company’s software processes—and over the past few months, some of those humans were recruited through Amazon’s Mechanical Turk service.
Source: https://arstechnica.com/information-technology/2017/11/expensify-acknowledges-potential-privacy-problem-by-calling-it-a-feature/

Expensify CEO says its ‘automated’ service is ‘proud’ to use humans to process receipts
Source: http://www.businessinsider.com/expensify-is-proud-to-use-humans-in-its-automated-service-2017-11

TL;DR: Expensify’s deceptive mechanical turk army may have resulted in me coming within seconds of losing $30k, and almost certainly leaves them exposed to massive liabilities as they wantonly give away personally identifiable information to low-paid contract workers that are not bound to confidentiality.
Source: https://news.ycombinator.com/item?id=15796189

Software company Expensify admits to outsourcing work containing sensitive data. One expert says consumers who used the company’s service could be vulnerable to cyberattack:
Source: https://www.consumeraffairs.com/news/software-company-expensify-admits-to-outsourcing-work-containing-sensitive-data-113017.html

“It’s a nightmare,” he tells ConsumerAffairs. “You’re outsourcing to individuals you don’t know…[they] probably don’t get more than a few minutes of security training.”

Consumer Affairs on Expensify: https://www.consumeraffairs.com/news/software-company-expensify-admits-to-outsourcing-work-containing-sensitive-data-113017.html

“Anyone who spends half a night in security knows that policy is not protection.” Human workers are prone to be careless or dishonest, he says. Policies do not take into account whether the workers themselves are vulnerable to hacking, among other problems.

Consumer Affairs on Expensify: https://www.consumeraffairs.com/news/software-company-expensify-admits-to-outsourcing-work-containing-sensitive-data-113017.html

Why Care

1. CPAs risk compliance

Technology companies serving CPAs in California not disclosing offshore labor are causing these CPAs to fall out of compliance.

2. Business owners risk identity theft

Business financial activity is a wealth of data that can easily be used for social engineering. Social engineering is when a bad actor knows enough about you to steal your identity by being able to answer security questions from your bank, online services you use etc.

Why hand over the keys to your kingdom without doing your own due-diligence?

3. Business compliance

Services like Expensify do not comply with HIPAA, GDPR, CCPA or data-privacy standards.

• HIPAA compliance is mandatory for healthcare companies in the US.
• GPDR compliance is a must for any US company selling their services in Europe or managing European customer’s data.
• CCPA in California is a smaller version of GDPR. Come January 2020 it is enforceable.

4. Employee data-privacy

You will need to be transparent with your employees about the lack of data privacy. That Uber receipt they submitted for reimbursements is going to be seen by someone in another country. They will know where you and your employees live. That’s only the beginning. Read more on privacy here.

5. Internal Revenue Code Section (IRC §) 7216

According to the IRS, IRC § 7216 is “a criminal provision enacted by the U.S. Congress in 1971 that prohibits preparers of tax returns from knowingly or recklessly disclosing or using tax return information.” … “A convicted preparer may be fined not more than $1,000 or imprisoned not more than one year or both, for each violation.”

Why am I obsessed with confidential client info privacy issues and bots that turn out to be humans offshore? Here’s one really good reason: Internal Revenue Code Section (IRC §) 7216

— Blake Oliver (@BlakeTOliver) March 15, 2019