Schneier on Security

Last June, when my company sent me to San Francisco for a couple days, I took a cab from the airport to my hotel, and the cab driver handed me a blank receipt where I could have filled in any amount! I've never run into this anywhere else.

(And I did put in the correct amount, in case anyone from my company is reading this.)

@Petrea Mitchell: "Last June, when my company sent me to San Francisco for a couple days, I took a cab from the airport to my hotel, and the cab driver handed me a blank receipt where I could have filled in any amount! I've never run into this anywhere else."
__________

Every cab receipt I've ever received in Chicago was blank, putting us on the honor system. While some people no doubt will exagerate this, we do a double check and would question too high of a ticket based on proximity. (i.e., someone may exagerate it by a couple bucks, hardly the crime of the century that would put them rolling in the dough).

We mitigate travel fraud, to the extend possible, by:
* Travel must be signature pre-approved prior to travel, and then assigned to a coordinator to schedule.
* Having people assigned to booking hotel and travel, not depending on the user to do it.
* Doing per diem for meals. If they spend more than the flat per diem, they eat the difference. if they spend less or nothing, they pocket the difference. Receipt fraud is not an issue.
* Reviewing what few discretionary expenses are left (cab, parking, etc.).
* Travel over a certain amount or time is subject to additional scrutiny.

I'm sure there are some ways to cheat a bit (actually, I could name a few), but we simply do not allow people to book the expensive portions themselves.

Fake receipts may be useful at times, but their usefulness can be reduced if a proper control system is mitigated.

@ Petréa Mitchell

"...the cab driver handed me a blank receipt where I could have filled in any amount! I've never run into this anywhere else."

Interesting. Over decades of business travel I've never once received a cab receipt with the details filled in. Perhaps your cabbie thought you looked particularly nefarious. Of course I always filled mine in accurately as well...

Okay, so perhaps this is common between cab drivers and business travellers (or, at any rate, people who look and act like business travellers).

This might be the site you're looking for:

http://www.falseexpense.com/

I used to travel alot and my company needed receipts for everything. often, I would go to a restaraunt and ask if they had any extra reciept stubs. they would normally give them to you.

this wasnt to rip off my company, but to make sure that I had a receipt for things that you often cant get a receipt for (like buynig lunch from a street vendor, bus fare, etc)

If you offer to tip the driver $5, I'll bet he'll be glad to give you a whole handful of blank receipts.

This is a farce on a systemic issue. Padding expenses takes a *huge bite out of our economy.

Take my real-world-happened-to-me-honest-to-god example:

I totaled my car. My fault. Screw terrorism, it's auto crashes we ought to be worried about. The light was out, it was being treated as a four-way stop, but due to the monotony of my morning drive every day (at the time), I was quite used to simply following the traffic through the intersection. BOOM! Totaled a brand-new car with dealer plates.

So, my fault, I only have liability insurance, they pay for the dealer's car (which had full coverage by the way, due to laws, but whatever).

I bring it in, get an estimate of over $8,000 dollars worth of repairs, mostly aftermarket parts (ie - the cheap stuff).

It went something like this:

"WTF?! I can't afford $8,000 to repair my car, I only paid $9k for it just last year!! Is there anything we can do to get that price to go down?!"

"Sir, what does it matter, your insurance company will cover this damage, it was an accident right?"

"Yes, but I have liability, not full coverage, and it was my fault by 1%. This is all out-of-pocket."

"Ooooh, I see. Let me call you back."

(10 minutes later)

"Okay, I did a little footwork here, looks like we can get you out the door for $2,200 cash."

"Cash? How about my credit card?"

"Same difference."

"So, what did we have to leave out to get the price to drop nearly $6,000 dollars?"

"Well, we just did a little discount on labor, and got my boss to come down a little on the parts."

"..."

Long story short, this stuff happens constantly, everywhere, in every industry. It's killing the economy, especially in the health care industry (in addition to malpractice suits going overboard).

Cost of insurance drives up the cost of doing business, since it's generally required by law in any major industry. Bleeding the insurance companies dry drives up the cost of insurance, which drives up cost of doing business which is taken directly out of the consumer's pocket.

Same with health care. Same with company reimbursement expenses. The company eats it, but in the end, it's your salary that suffers, and the cost to your customers.

That's kind of why I was into Obama's arguments regarding health care. How it cost something like $10k and $50k to treat the exact same illness in two different hospitals, to the same ultimate effect, because of how poorly (or inefficiently) one hospital performed over the other. Paying for results, instead of methodologies, seems the logical solution.

In this instance it seems to me that well-rounded, moderately researched, stern-but-fair per diems would solve the problem. If someone is clever enough to use it all, well, at least there was a hard limit.

shane, sounds easy unless you are traveling on the customer's dime and in a single week, you may have to account for expenses across multiple customers.

receipts are necessary then. and let's face it, you cant always get a receipt when you purchase from a drink machine, etc. And while it doesnt sound like drink machines, street vendors, etc. dont cost much. If you travel 3 - 4 weeks a month, and you have to buy everything you consume while on the road, it really adds up. AND, you have to submit expense reports back to each individual customer.

"Alibi clubs work along similar lines. You can find them on the Internet, and they're loose collections of people willing to help each other out with alibis. Sign up, and you're in. You can ask someone to pretend to be your doctor and call your boss. Or someone to pretend to be your boss and call your spouse. Or maybe someone to pretend to be your spouse and call your boss. Whatever you want, just ask and some anonymous stranger will come to your rescue. And because your accomplice is an anonymous stranger, it's safer than asking a friend to participate in your ruse."

—Bruce's own "The Kindness of Strangers," http://www.schneier.com/essay-262.html

and

http://www.alibinetwork.com/index.jsp

I live in Vegas and take a taxi to and from the airport every few days. ALL taxi receipt I get are blank.

@Shane

That is the negative effect where consumers are forced or are expected to have insurance of any kind. You're experience sounds pretty typical to me, except in many cases the business won't budge much on the price.

Here in Poland taxi receipts (if you want one) are printed by taxi meter. Automatically.

I've heard there's a vending machine at La Guardia that sells blank receipts.

I once forgot to get a receipt on the ride from the airport to the job interview. I did get one for the ride back the next day. I saved the company a bunch of cash by not renting a car. Like an idiot, I didn't make a photoshop copy of the one receipt with the 1st date. Instead, I ended up paying for the first cab ride out of pocket.

If I were ever to be less than completely honest on an expense report, it would be because being honest would be a major f-ing hassle and end up costing me.

On the taxi receipts, it may be that the drivers don't feel like spending time writing. If a blank piece of paper will get people to quit complaining that they want a receipt, why give out anything else?

Where I work, per diem is used for most expenses, and the only thing we save receipts for is stuff that goes on the company credit card--so someone can make sure the card company doesn't mess up.

One way some companies mitigate this is to require that as many expenses as possible (and the big three - hotel, car rental, airfare) be charged on the *company* credit card. The card charge data is fed from the card issuer to the company's expense reporting system. That takes care of the fake receipts problem.

~EdT.

"We mitigate travel fraud, to the extend possible, by:
* Having people assigned to booking hotel and travel, not depending on the user to do it."

Hmm, my anecdotal experience is that the times I've let "assigned people" book hotel and travel when I travel on the job, they've put me in big-name chain hotels that cost on average twice the ones I can google up for myself in an hour when I arrange things myself. Also, the "assigned people" appear never to have heard of discount airlines.

And so what if my EUR 60/night hotel bill is not as objectively verifiable as the EUR 120/night one the "assigned people" would have booked? It couldn't have been entirely fake -- surely I have to sleep *somewhere*. If my employer suspects me of sleeping under a bridge while pocketing the hotel money, that will be one of the lesser of our problems.

Perhaps it is better to pay a lot honestly than to be swindled out of a little -- but expenses fraud must be really, really, rampant if the "assigned people" strategy ends out being a net win.

Cab drivers almost always give me blank receipts to fill out. It would be hard to cheat very much though, because my manager, who has to approve my expense claims, generally knows about what cabs cost.

Isn't this just a special case of "Authenticating Paperwork" ?

Henning: seconded; many corporations claim that the employees will save the company money by going along with the preferred vendor, and these deals are almost always horribly worse than what I could have found myself. My cynical side often wonders who is getting the kickback on these deals.

The car rental market seems split between those companies that mainly rent to business travelers, and those who target individual travelers. The latter companies are cheaper, often a lot cheaper.

Come on Bruce, this is clearly an amateur operation. Tell us how you really do it at BT. ;)

When I worked at [a national telecom] we had to buy everything on the company card... AND provide receipts. You more or less could not expense something not using the card, and the expense system (web app) was based entirely around importing your monthly statement. Then, you are required to print a special cover sheet, tape all your receipts to a sheet of paper, copy it, fax the copy and cover sheet to somewhere and THEN they approve your expenses.

What does this solve, but making all trips cost an extra half day's productivity for each traveller (it's an awful system to use).

I'm sure the insurance companies are all over this site.

About 4 years ago a friend set up the exact same business. Within days of getting the site up he was getting calls and registered mail from different watchdog organizations letting him know they were there.

(he ended up dropping the fraudulent part of the business quickly, and focused on novelty stuff. You'd be surprised how many people want fake ATM receipts with big balances)

This could be just another level of scamming. Who in their right mind would go to the police and report that they didn't get "the fake receipts" that they ordered on the internet? :-D

Wow kids, can you say "accessory to fraud"?

The receipt-costs-money problem goes right down - if I have to use a credit card or get a receipt, I can do that. You want a drink of lemonade and a receipt? Walk into any restaurant and ask, then hand over your company credit card if you want. Instead of $1 for a can of soft drink from a vending machine, you're looking at $5 or $10 for a glass of the same thing with table service and that essential receipt. What sir wants, sir gets.

I've done this and enjoyed it. It became a bit of a game with one of my coworkers at one stage, because after every trip we'd get hassles for sub-$5 purchases where we didn't get receipts. At one stage we managed to get an invoice/receipt that clearly stated "Item X, $1. Prepare invoice $25"... and we were duly reimbursed. We worked out at one stage that between buying things in dumb ways and the cost of processing the claims it would have been cheaper for the company to buy our air tickets and just pay us $200 or so per diem (which at the time was roughly our daily after tax pay). We would have been happier too.

@ Sean,

"You'd be surprised how many people want fake ATM receipts with big balances"

Speaking of fakes what usually gives it away is the paper and the company logo printed on the top.

However a lot of banks etc are now using laser printers for your bank statments etc...

Well using a not to difficult procedure you can lift the "fused toner" off of an existing statment and low and behold you have a genuine blank stock to overprint...

Same in Australia as in Poland - taxi receipts are printed on thermal paper from mobile EFTPOS units. I had a situation where I had to outfit a company-leased apartment - towels, sheets, etc. My boss made me drive around in my own car, pay upfront for everything, then claim it on expenses. Then he argued with me about the $$ figures, even though I had the receipts. Never again! (although, when we let the apt go after 6 months, he told me to keep all the linens etc!)

While at some level of policing reimbursements is necessary, if you go overboard you drive otherwise honest people into fraud. After having valid reimbursements denied a few times for minor technicalities, one tends to identify areas where it's hard to scrutinize and inflate them to make up for past losses or anticipated future losses. Add in bitterness that you're giving your company a few loan for a few weeks or even months until they process it. It's all the easier to convince yourself that this is the right thing to do when the people denying your claims are in another building and you can't interact with them directly; you're several steps removed.

Working for the state is worse, because everyone is in constant cover-your-ass mode. No one wants to be the person who approved an expense that appears on the front of the local papers. Add in a long list vendors who cannot be used because of some petty argument the state is having and suddenly simply following the rules for three day trip can take a few days. Not that you'll be allowed to spend that time without getting yelled at.

Add in the state sponsored credit card you're encouraged to get and use. But it's in your name and all liability is yours. The only "benefit" is that the state gets a copy of the bill. They'll still reject claims made without a receipt, even if it's on the card, but they might use the card's bill to argue with charges. ("It says on the bill that you had breakfast at X for $4.00, why are you claiming another $1?" "Because X just sold me a bagel; I got an orange juice from a vending machine." "Denied.") Not seeing any benefit for me, so go hang.

I'm lucky that by business trips have naturally declined since the rules have gotten increasingly strict. I pity co-workers who make multiple business trips a year.

"Considering buying a thermal printer? Design a sample printout for evaluation."

In the 1970s glory years of journalistic expenses, this was a classic exploit; befriend, or pay, a waiter or a cabbie to provide you with a blank book of receipts, so you could then tailor-make the receipts for your expense account. Hydrogen jukebox, £1,457.98? Just fill in the blank.

Oddly enough, London police officers were recently caught doing just this scam.

If we're all throwing out complaints, I'm surprised no-one's mentioned tollbooths.

Working in Chicago, I could get 4 tiny ($0.65) charges every day, with no receipts. And the rare fine (if the booth is broken, you have to prove it -- without a receipt :) which are hard to expense since they apparently take 10 months to process.

I've had the same issue as some of the above posters, where the company has recently switched over to the policy of making all bookings through a preferred bookings vendor, all expenses must be put on the corporate card, all fuel on the company charge card (which is fine, except it only works in one chain, which is the smallest in this state.) As others have noticed, it costs the company *much* more than the old, paper based, less fraud-resistant system. My corporate card took some time to approve [1]. During that time I had to take a trip that couldn't be processed by the agency, so I booked everything myself and submitted an expense claim back to the company. Our finance department was pretty annoyed and let me know it would be the last time I could get away with that sort of skulduggery -- notwithstanding that compared to the agency, I saved $125 on a two day trip. Common sense would suggest that if you come in well under the usual total, they should be happy you saved them money, and who cares how you reached that total?!

The real WTF, though, is that the main method for bilking the business travel system has nothing to do with inflated expense claims. The real scam is unnecessary travel. When travelling on company business many of the expenses of daily life that would normally be paid out of your own pocket instead get charged back to the company -- and the daily evening meal allowance is for the price of a 4 star restaurant meal, something that one might do once a week (if that) if the company wasn't paying. Thus it is profitable (and fattening) simply to be travelling for the company, and a lot of people seem adept at inveigling themselves into all sorts of trips that could probably be handled with a phone call. The really clever ones have wangled offices in two sites, and visiting their "other office" counts as travelling but is approved automatically instead of having to justify it on a travel request, thus allowing them to bilk the company for meals and fuel as much as 150 days a year, even though simply attending to ones normal job and living at ones normal residence.

This interacts in a particularly pernicious way with Australia's bizarre "novated leasing" arrangements for cars. This is a complicated way to finance a lease on a car in which significant tax breaks are accrued dependant on using the vehicle for some minimum distance per year. Thus the lessee is encouraged to get out on the road and wear out the car as fast as possible! Normally this would be at his expense in unnecessarily turning costly petrol into carbon dioxide and steam, but if you can persuade the company to put your name on a broom closet at the other office, then the company pays! Make sure you don't get home until after 7, though -- then you take the missus out to a restaurant at the company's expense!!

I guess what all of this means is that if you base things on inflexible rule based systems with no allowance for common sense, inventive minds will sit around all day when they should be working, figuring out ways to use those rules to their advantage.

___
1. Because I detest the credit card industry, and so have never before had one. But now our stupid business travel system has forced me to become a SINner.

I really have trouble understanding why companies at all still use reimbursement systems. It's not just you wasting time in filling out statements: in the process those statements will be looked at by at least two other people.
A per diem system solves all these issues and also our customers understand that perfectly. And if someone want's to save on the expenses by eating/sleeping with friends...Good for him! We hope he just has a good time, goes happy to his work and gets results for the customer.

RE how BT

At one time the used to have a per diem but went to a book it all through Hogg Robinson.

Before with perdiem I did a weeks course in Richmond (v posh part of London) got a really nice bnb room for 25 quid in a nice real ale pub on Richmond green after they used to book us into 4 and 5 star hotels at god knows what a night.

Didn’t save any money

Though I did enjoy my months in the Balmoral (one of the first internet projects BT did SWIFT) – though my cunning plan to be their for the Festival fell through.

Only used a taxi on one trip in my life, to and from the airport. In one case he wrote me a receipt on a blank piece of paper, the other was just a number on the back of a business card (cabbies carry business cards?). Cost as much as 3 days car rental for one round-trip to the airport.

@Shane: Trying to keep this about , but do you actually believe that adding government to health care will REDUCE paperwork and overhead? Based on my own experience and what I read in the news, I would estimate that 90% of the US government budget is spent

Only used a taxi on one trip in my life, to and from the airport. In one case he wrote me a receipt on a blank piece of paper, the other was just a number on the back of a business card (cabbies carry business cards?). Cost as much as 3 days car rental for one round-trip to the airport. Irrelevant note, I love the $5 surcharge for picking up the taxi at the airport cab rank on the trip back.

@Shane: Trying to keep this about accounting, not politics, but do you actually believe that adding government into the health care system will REDUCE paperwork and overhead? Based on my own experience and what I read in the news, I would estimate that 90% of the US government budget is spent keeping track of the remaining 10% which is the part that actually does something.

oops. premature clickage.

I usually tell the cabby to write me a receipt for $xx which includes the tip. They always write it up for me.

@Clive:

Unused ATM receipt paper is lying around at banks for anyone to get their hands on. I see it as less an opportunity for expenses fraud and more for the divorce lawyers putting someone at a certian place and time.

@bob: "cabbies carry business cards?)"
_____________

A lot of them do, depending on the area. If you need a taxi, they would rather you call them directly than the main line so they can get the fare.

@Bob

"Trying to keep this about accounting, not politics, but do you actually believe that adding government into the health care system will REDUCE paperwork and overhead?"

I don't think I insinuated that, and if I did, I certainly didn't mean to.

Rather, I was voicing my favoring 'results' over 'methodologies', which I'm sure most can agree the government regulation thereof is far more useful, but it wasn't really about regulation or government at all.

It's about the prevention, or increasing the difficulty, of these types of issues. Say, replacing a broken muffler on a 2004 Honda shouldn't take more than X amount of man-hours priced at a median for auto labor, adding to it the cost of the parts (based on current market value). There should be *very little in the way of fudging that type of number. Same with health care, same with a per diem (or regular travel expenses). $1.50 is reasonable (nowdays) for a soda, $5.00 is ridiculous. So is a $40 dollar cab ride in Chicago, when the train costs $2.25 and goes nearly everywhere.

You find a reasonable amount of money under which certain 'trusted' services / expenses can be performed / provided, and limit the amounts your willing to reimburse based on what was done, not how it was done.

The only reason I brought up Obama or health care was simply because he mentioned the same type of reimbursement philosophy vis-a-vis government provided health care costs.

At my company, you'd be fired in a heartbeat for this. If your job has so little value to you that you'd put at risk for a few measly travel dollars, good riddance. (We also don't spend dollars to bicker about dimes.)

Also, my company allows hand-written (ie. employee generated) receipts below a certain amount. (In many cases the receipts aren't necessary, but reflect a 'log' of petty expenses.)

@Henning, and Joe Buck:

The flip side of your argument is that if you have a company full of expensive specialists (say, engineers or programmers) then it makes no sense to require them to futz about for an hour or two booking their own travel. Instead, you should have one or more dedicated support persons who handle stuff like booking travel, so that the expensive specialists can spend THEIR time doing the things only they can do.

When I worked for a big software company (which shall remain nameless here), they had the rule that employees had to book their own travel. Fortunately, our location had started out as a small company that later got bought and integrated into this larger company, and even more fortunately, we were able to keep doing some of the things that had made us effective as a small company without the big company apparatus really noticing. And one of those things, was having someone who booked all of the travel stuff for a couple hundred programmers. Even without factoring in the cost of an hour of their salary, it was probably 3x as efficient as requiring the programmers to book their own hotels and flights and all that crap. Especially since the majority of them did not travel very often and were not experts on booking travel.

I've mostly worked for per-diem employers. One time I spent two weeks at a winter school at the cut-price end of Tenerife. The per diem was the same as if I'd been staying in Madrid. I netted a fortune :-)

The per diem for travel to the USA at that time was about $70 (in the mid 1990's), which was also ridiculously high. Our administrators used to complain that we were killing them with our high travel expenses, but what else could we do? We didn't set the rates, the government did.

The best defense is (random) auditing. If you find someone who is padding their expense report, you either fire them instantly or give them a warning and flag them for future auditing.

Travelers may be able to get away unnoticed with a few dollars here and there, but they must be really desperate to put their job on the line for a few bucks.

My company requires us to go through a travel agent and book with preferred airline/hotel/car rental partners if possible. The stated rationale is that this exclusivity gets us better discounts. Fortunately we can go to the travel agent's web site (which works just like any other major travel site) and do our own research. When we book, our choices get double-checked by the travel agent for compliance with company rules.

Frequent travelers are required to use a business credit card, which I'm sure gets data mined for suspicious expenses.

This Account Has Been Suspended
Contact the billing/support department as soon as possible.
Submit a support ticket now! http://support.spacerich.com
======

So much for falseexpense.com!

> my anecdotal experience is that the times I've
> let "assigned people" book hotel and travel when
> I travel on the job, they've put me in big-name
> chain hotels that cost on average twice the ones
> I can google up for myself in an hour

I can attest to that. The most opulent place I've ever stayed, by at least an order of magnitude, maybe two, was the Holiday Inn my boss booked me in, the time I spent a week in Syracuse on the employer's dime, for sysadmin and database-schema training for the line-of-business software we use. This hotel was like something out of a movie. It was so much more high-end than any place else I've ever been, it spooked me out a little. I would have been MUCH more comfortable in someplace a little more down to earth.