New Course: Best Practices for Preventing Business Credit Card Abuse

Best Practices for Preventing Business Credit Card Abuse

Protect your company from business card abuse.

There is a tremendous amount of debate centered on how business expenses should be funded, reported, authorized and reimbursed. Business expense fraud is #4 on the list of most common fraud schemes, behind corruption, billing and noncash. It lasts on average 24 months before it is identified and account for 11% of the total cases of fraud in 100+ employees, 21% in smaller firms according to the Association of Certified Fraud Examiners. This material will show you how can you protect your company and at the same time your employees against fraud while maintaining fairness and equity.

Runtime: 63 minutes

1.0 Credits: CLE, CPE, and SHRM


Wayne Spivak
SBA Consulting, LTD


Best Practices for Preventing Business Credit Card Abuse Agenda

Short History of Business Expenses and How They’ve Grown

  • Started With Outside Sales People
  • Executives
  • Average Employees Have Business Expenses

Who Is Responsible for Business Expenses

  • The Business Should Provide Employees the Tools for Work
  • The Employee Shoulders That Responsibility

Payment Options

  • Petty Cash
  • Expense Report
  • Computer Based Expense Report

– Employee Owned Credit Card(s)

– Business Owned Credit Cards(s)

– Hybrid

Normal Problems With Each Type of Payment Options

  • No Receipt
  • Unauthorized Purchase
  • Error in Card Usage (They Took out Their Business Card, Not Their Personal (or Vice Versa)
  • Lost Receipts
  • Delayed Reports


  • Fake Bills
  • Personal Expenses Taken as Business
  • Extravagant Amounts in Violation of Norms/Policy

Unethical behavior: An open letter to the principals of AgreeYa Solutions

unethical behavior


Have you ever wondered what makes a business just piss you off so bad, that you need to tell the world never, ever do business with them, I do, unethical behavior?

Well, AgreeYa is one of a growing set of businesses whose values in action are so corrupt as to belie that anyone has any idea of what is going on….

As Harry Truman said in both words and actions: “The Buck Stops Here”, which most CEO’s haven’t the foggiest notion of not only who Harry Truman was, but what the phrase means.

Today I received an email from Nikita Awasthi to one of my e-mail accounts I use for testing the employment spectrum, whether I need to nor not.

Here is what she wrote:


“Hi Wayne Spivak:


I came across your resume and wanted to send a quick note your way.  We have an opening that might be a great next step for you.

Please carefully read the Job Description below, and if you would like to pursue this opportunity please email me an updated MS Word version of your resume and call me at your earliest convenience. I appreciate your time and look forward to hearing from you.

Title: Administrative / Executive Assistant
Company: Verizon (only for W2)
Job Location: Basking Ridge, NJ

Job Description: Assist employers by performing secretarial and administrative tasks; Coordinate meetings and prepare minutes – Develop presentations, manage expense reports, time recording (vacations, sick days), coordinate travel arrangements, coordinate monthly status reporting, assist in developing annual budget and monitor monthly charges – Maintain department organizational charts, answer phone overflow and make callbacks – Proof and format documents / correspondence, enter contact information into contact management system, maintain file system for contracts and other important documents – Handle facilities and office supply needs, handle and organize incoming mail, review vendor mailings of products and report findings – Coordinate department gatherings (holiday parties, luncheons, major meetings) – Complete special projects as assigned – Work with confidential materials with minimal supervision – Perform other generic office activities High school diploma or general education degree (GED). Proficiency in Microsoft Word, Excel, PowerPoint and Outlook, verbal and written skills, coordination and time management skills, friendly disposition, good telephone etiquette, ability to multi-task. Requires the ability to work well with all levels of internal management and staff. 1 to 5 years of experience.

Note: Please allow me to reiterate that I chose to contact you either because your resume had been posted to one of the internet job sites to which we subscribe, or you had previously submitted your resume to us, I assumed that you are either looking for a new employment opportunity, or you are interested in investigating the current job market.

If you are not currently seeking employment, or if you would prefer I contact you at some later date, please indicate your date of availability so that I may honor your request.


Thanks again.

Nikita Awasthi
AgreeYa Solutions
(916) 605-4603
605 Coolidge Drive, Folsom, CA 95630”


Now I’ll quote just a bit from the AgreeYa Solutions “About Us/Vision and Values” page:

“AgreeYa’s vision is to be recognized in the markets we serve as a leading global provider of technology and business solutions through innovation, commitment, and talent.  AgreeYa’s core values “I-CARE” are driven by our respect for our employees and our customers. We endeavor to practice these values in all our interactions.


Integrity is the foundation of our individual and collective success. Integrity is a high standard – to achieve it is to continually test ourselves against our best instincts, our best choices and behavior.”

By the way, I-CARE stands for Integrity, Commitment, Advocacy, Respect, and Excellence.  I should say that the acronym is interesting play on concepts; the execution is completely contrarian.



Why must we (those who may be looking for employment or others swept up in a sort that has little to no filtering) be subjected to idiocy of the HR space?  In addition, if this company endorses this brand of staffing, what other less than par, unethical, or illegal practices do they support?

My advice is never do business with AgreeYa, and start letting colleagues, connections and the entire business world know about these type of companies and their shenanigans.


Brands: How to ruin your brand in one paragraph…

Brand and LiesLet’s ruin a brand!

Your company spends a great deal of money on developing its brand.  When I received an email at 9:57 AM from a representative of a company that ruins the company’s brand I act!

In one single paragraph, in the first sentence  the salesperson destroyed any chance of a relationship and the company’s brand.  if I did not like the vendor and if I have not previously communicated with the CEO, I would be naming the company.  I would also never use them and would tell you that their behavior is unethical, and if one took that behavior to the logical extreme, how could you trust them with your information.

Salespeople DO NOT DO THIS (ruin brands)!!!

Here is the first sentence of the e-mail, following “Hi Wayne,”

“I called earlier today about scheduling a brief web demonstration on [product]. “

So let us look at the events.  As previously noted, the e-mail was received at 9:57.  I was in my office since 7 AM that day.  My phone never rang.  I received no voice mails.

What is “earlier”?  9AM, 8AM, 7AM?  This e-mail went out at almost 10AM.  Therefore, our salesperson has time referential issues.  He (and it was a “he”) also has issues with the truth.

Why would I want to work with an individual who starts off a conversation is a bold face lie?  I mean, if it were imaginative and you were trying to win a date with me, well maybe – but it really would have to be creative!  But then again, I have been married for almost 30 years, so dating has not happened in a while.

Nonetheless, what school of sales suggests that you make bold face lies?  Exaggerations, of your product, its usefulness, its productivity quotient, maybe, but something so grandiose and easily fact-checked – I guess the guy thinks he’s POTUS?!

What I did, that you should do!

So, I sent the email to the CEO of the company with the following pre-script:

“This type of email degrades your brand.

This buffoon never called.  So, in his first sentence of his pitch he lies.

Shame on you for not managing your people and brand.”

Simple yet direct.  And the CEO responded:

“I appreciate you sending this to me. You’re right.

I’m looking into this today and changes will be made.

Thanks again for taking the time to provide this feedback. You could’ve easily just deleted and ignored this. “

He (the CEO) is correct; I could have deleted the email and never used his company.  I could be bad-mouthing his company, but instead I want him to learn of misdeeds, correct them, and make a better company.

Why?  Do I think I will get any favors?  No, I think I will get a better vendor, and that is money and time well spent.

Lessons Learned

Sales people:  Don’t Lie!!!!!

CEO’s:  Monitor what your Sales People are doing – they can kill your brand!

Potential Customers – Don’t stand for this type of salesmanship!!!!!  Demand honestly from vendors (current and potential).

Key Performance Indicators (KPI’s)

Key Performance Indicators (KPI)Key Performance Indicators (KPI’s) can be of extreme usefulness to management as well as rank and file.  In fact, almost any item can be turned into a metric and measured.  But when are too many KPI’s detrimental?  Additionally, can there be wrong Key Performance Indicators or unfair Key Performance Indicators or metrics whose goal can’t be met?

KPI’s can run the gamut

One could literally have thousands of Key Performance Indicators.  Think about a company that sells items.  Every SKU is its own metric.  Each product group or type.  A metric on customer, customer type, customer location, salesperson, receivables and payables and the list can go on and on.  Let’s not forget the plethora of financial key ratio’s, which are themselves KPI’s.  Then of course we have metrics related to production, employees, vendors, budgets, taxes, revenue streams and an on-going joke on the long-running TV series M*A*S*H, toliet paper. Continue reading »

Six Ways to Curb the Costs of a Data Breach

Data BreachThere was a recent article in by the title as this article.  In the article, the author Rotem Iram uses the hypothesis about a data breach that “You can’t lose a customer’s or an employee’s data if you don’t have it.”  Essentially this article says ” A good offense will be your best defense.”

Data Breach

Therefore, you are a victim of a data breach.  As I have written previously, it is not an “if,” it is a “when” scenario.  How can you minimize the costs involved from both complying with federal, state and local laws and minimize regulator, if any, fines.

Mr. Iram’s contention, not to keep any data, specifically, data that will cost you money.

For example, if you do not keep customer’s addresses, you can be required to mail via the US Postal Service a letter telling them they’ve been hacked.

However, before he even proposed that ditty, he said destroy those records.  His example on the surface makes sense; but if he were a CFO and not the CEO of a company that provides Cyber-Insurance he would know you just can’t do that willy nilly.

His example, “In 2015, the health insurer Anthem and its affiliates served 69 million customers, yet when they were breached that year, they exposed 78 million records.  The extra nine million records most likely come from former customers.”

Now granted you can archive off-line old addresses.  You can even destroy records that meet the statutory maximum age.  However, he glossed over that point.

Not everything was off the cuff

He did make some very valid points.

  1. Make sure you log files capture the right data to prove that “even if they were attacked, no records were improperly accessed.”
  2. If you take credit-cards, make sure to only use chip readers. “MasterCard reported a 54% reduction in counterfeit card fraud costs at retailers who have switched to chip cards.”
  3. While he didn’t say this, I will suggest that you don’t keep records of the credit card transactions. Use a 3rd party merchant that is PCI compliant and just sends you the pertinent data for finalizing your order as being paid.  As Mr. Iram said, if you don’t have the data, you can be held responsible.
  4. If you get breached, get experienced people to work the breach, your response and the on-going public relations nightmare.
  5. Lastly, which really should have been the first thing mentioned in this article; implement state of the art counter-cyber intrusion systems. They may not stop a breach but they do show that you have done everything possible which could minimize any fines or court awards when you lose the law suit(s) that will be filed.