Small Business Series

New Course: Best Practices for Preventing Business Credit Card Abuse

Best Practices for Preventing Business Credit Card Abuse

Protect your company from business card abuse.

There is a tremendous amount of debate centered on how business expenses should be funded, reported, authorized and reimbursed. Business expense fraud is #4 on the list of most common fraud schemes, behind corruption, billing and noncash. It lasts on average 24 months before it is identified and account for 11% of the total cases of fraud in 100+ employees, 21% in smaller firms according to the Association of Certified Fraud Examiners. This material will show you how can you protect your company and at the same time your employees against fraud while maintaining fairness and equity.

Runtime: 63 minutes

1.0 Credits: CLE, CPE, and SHRM


Wayne Spivak
SBA Consulting, LTD


Best Practices for Preventing Business Credit Card Abuse Agenda

Short History of Business Expenses and How They’ve Grown

  • Started With Outside Sales People
  • Executives
  • Average Employees Have Business Expenses

Who Is Responsible for Business Expenses

  • The Business Should Provide Employees the Tools for Work
  • The Employee Shoulders That Responsibility

Payment Options

  • Petty Cash
  • Expense Report
  • Computer Based Expense Report

– Employee Owned Credit Card(s)

– Business Owned Credit Cards(s)

– Hybrid

Normal Problems With Each Type of Payment Options

  • No Receipt
  • Unauthorized Purchase
  • Error in Card Usage (They Took out Their Business Card, Not Their Personal (or Vice Versa)
  • Lost Receipts
  • Delayed Reports


  • Fake Bills
  • Personal Expenses Taken as Business
  • Extravagant Amounts in Violation of Norms/Policy

Brands: How to ruin your brand in one paragraph…

Brand and LiesLet’s ruin a brand!

Your company spends a great deal of money on developing its brand.  When I received an email at 9:57 AM from a representative of a company that ruins the company’s brand I act!

In one single paragraph, in the first sentence  the salesperson destroyed any chance of a relationship and the company’s brand.  if I did not like the vendor and if I have not previously communicated with the CEO, I would be naming the company.  I would also never use them and would tell you that their behavior is unethical, and if one took that behavior to the logical extreme, how could you trust them with your information.

Salespeople DO NOT DO THIS (ruin brands)!!!

Here is the first sentence of the e-mail, following “Hi Wayne,”

“I called earlier today about scheduling a brief web demonstration on [product]. “

So let us look at the events.  As previously noted, the e-mail was received at 9:57.  I was in my office since 7 AM that day.  My phone never rang.  I received no voice mails.

What is “earlier”?  9AM, 8AM, 7AM?  This e-mail went out at almost 10AM.  Therefore, our salesperson has time referential issues.  He (and it was a “he”) also has issues with the truth.

Why would I want to work with an individual who starts off a conversation is a bold face lie?  I mean, if it were imaginative and you were trying to win a date with me, well maybe – but it really would have to be creative!  But then again, I have been married for almost 30 years, so dating has not happened in a while.

Nonetheless, what school of sales suggests that you make bold face lies?  Exaggerations, of your product, its usefulness, its productivity quotient, maybe, but something so grandiose and easily fact-checked – I guess the guy thinks he’s POTUS?!

What I did, that you should do!

So, I sent the email to the CEO of the company with the following pre-script:

“This type of email degrades your brand.

This buffoon never called.  So, in his first sentence of his pitch he lies.

Shame on you for not managing your people and brand.”

Simple yet direct.  And the CEO responded:

“I appreciate you sending this to me. You’re right.

I’m looking into this today and changes will be made.

Thanks again for taking the time to provide this feedback. You could’ve easily just deleted and ignored this. “

He (the CEO) is correct; I could have deleted the email and never used his company.  I could be bad-mouthing his company, but instead I want him to learn of misdeeds, correct them, and make a better company.

Why?  Do I think I will get any favors?  No, I think I will get a better vendor, and that is money and time well spent.

Lessons Learned

Sales people:  Don’t Lie!!!!!

CEO’s:  Monitor what your Sales People are doing – they can kill your brand!

Potential Customers – Don’t stand for this type of salesmanship!!!!!  Demand honestly from vendors (current and potential).

Six Ways to Curb the Costs of a Data Breach

Data BreachThere was a recent article in by the title as this article.  In the article, the author Rotem Iram uses the hypothesis about a data breach that “You can’t lose a customer’s or an employee’s data if you don’t have it.”  Essentially this article says ” A good offense will be your best defense.”

Data Breach

Therefore, you are a victim of a data breach.  As I have written previously, it is not an “if,” it is a “when” scenario.  How can you minimize the costs involved from both complying with federal, state and local laws and minimize regulator, if any, fines.

Mr. Iram’s contention, not to keep any data, specifically, data that will cost you money.

For example, if you do not keep customer’s addresses, you can be required to mail via the US Postal Service a letter telling them they’ve been hacked.

However, before he even proposed that ditty, he said destroy those records.  His example on the surface makes sense; but if he were a CFO and not the CEO of a company that provides Cyber-Insurance he would know you just can’t do that willy nilly.

His example, “In 2015, the health insurer Anthem and its affiliates served 69 million customers, yet when they were breached that year, they exposed 78 million records.  The extra nine million records most likely come from former customers.”

Now granted you can archive off-line old addresses.  You can even destroy records that meet the statutory maximum age.  However, he glossed over that point.

Not everything was off the cuff

He did make some very valid points.

  1. Make sure you log files capture the right data to prove that “even if they were attacked, no records were improperly accessed.”
  2. If you take credit-cards, make sure to only use chip readers. “MasterCard reported a 54% reduction in counterfeit card fraud costs at retailers who have switched to chip cards.”
  3. While he didn’t say this, I will suggest that you don’t keep records of the credit card transactions. Use a 3rd party merchant that is PCI compliant and just sends you the pertinent data for finalizing your order as being paid.  As Mr. Iram said, if you don’t have the data, you can be held responsible.
  4. If you get breached, get experienced people to work the breach, your response and the on-going public relations nightmare.
  5. Lastly, which really should have been the first thing mentioned in this article; implement state of the art counter-cyber intrusion systems. They may not stop a breach but they do show that you have done everything possible which could minimize any fines or court awards when you lose the law suit(s) that will be filed.

Planning tips to relieve the angst

Planning Angst

Planning is not easy

SBA * Consulting is currently working with a start-up company.  The CEO and COO are actually old hands in the industry. But nevertheless, this is a start-up and we are starting from scratch.  We are planning for everything since nothing has been created.

There is no Chart of Accounts, no logo, no policies on returns, and no warehouse yet.  We have a product line, but no branding.  We haven’t decided on the office layout and the buildout hasn’t even started.

Let’s not even talk about the website and the e-commerce solution or any other part of the information technology schema.  We are a start-up.

In out project management outline, we have approximately 150 different items to discuss.  Some are “now” items; others are next month and next quarter.  However, all are important and need to be addressed. Continue reading »

Why you need to use a real accounting system

accounting systemThis is a story of a company that is currently using Excel instead of a real accounting system.

I recently was talking to a prospective client who has been in business multiple years and is doing rather nicely.  They are on the cusp of a dramatic increase in sales and as such new that they needed to bring on in some capacity a Chief Financial Officer.

Accounting System vs Excel

During the course of our wide-ranging discussion, I asked what accounting system he was using.  His answer was a little shocking in that this established, multi-year business was using Excel spreadsheets.  When I said that was really an insufficient and potentially a dangerous way to keep one’s books and records, he asked why? Continue reading »