Announcing Changes to Receipt URL Permissions

Sheena Trepanier

We wanted to take a moment to update everyone on a change we made to improve the security of receipt URL links in Expensify.

Going forward, users can only view receipts if they have sufficient permissions needed to view receipt images via the receipt URL. This directly affects customers who share receipt URL links for invoicing or auditing purposes. 

What’s changed?

As of November 4, 2019, receipt URLs will only display receipt images to individuals with the required permissions. If you do not have the necessary permissions to view a receipt, you will receive a 403 error and the following message.

Permissions needed to view receipt images via URL

In order to view receipts via URL, you must meet at least one criterion from the list below.

• You are the receipt owner

• Be an auditor of the policy the receipt is submitted on

• Be an admin of the policy the receipt is submitted on

• The report submitter has shared the report with you

FAQ: I’m sharing receipt URLs with clients, how do I get them access to view the receipts now?

Sharing receipt images with others is an important functionality for many customers. To preserve the security of your expense information, it will now be necessary to ensure your client or auditor has access to the receipts in Expensify. You can do this in one of three ways.

1. Work with your IT department to grant the client or auditor an email they can use to access Expensify and the receipt images. This account will need a policy invite and the auditor role view receipt URL images.

2. If they already have an Expensify account, you can grant that account the necessary permissions to view receipt images. The account will need a policy invite and the auditor role at minimum to view receipt URL images.

3. If you don’t want to add them to your policy, you can ask them to create a free account using their email. Then, once this account exists, the report can be shared with them to grant them access to view receipt URL images.

A more manual alternative would be to download receipt images individually as needed by clicking the following button on an individual receipt:

cslim

This is BAD change to the feature and causing a lot of issues for us now.

The 2 proposed approach are not going to work for us

 

1. Create client as users in our policy and grant them “Auditor” role – No cause they can see ALL our expenses. We have different clients and projects in our policies.

 

1. Share reports individually with client – which will drive the client crazy especially for me I have 12 people submitting expenses for Client X in a month.

Can you please switch this feature OFF? 

Else we might need to look for another expense management system. 

guyellis1988

This is also going to cause us major issues, for the same reasons outlined by @cslim

This will be unmanageable for us.

An option to allow "public receipt sharing" should be made available per account/policy or a tie in with a cloud storage bucket could be made, images would be written to this bucket and the client can control these permissions.

Jason_Richards_25

Receipt security? Why does a receipt image need security? This change is terrible.

The new receipt sharing options offered are not feasible for how our organization bills some expenses back to our customers. You expect an AP department at an organization that does not use Expensify to just set up a free account to view receipts- like it's that easy and they do not have to go through security processes on their end before starting to use a new software?

Have current Expensify customers asked for receipt security? This is the perfect example of how out of touch Expensify is with customers and how expense information is used.

Sheena Trepanier

Hi @cslim, @Jason_Richards_25, and @guyellis1988, thanks for joining the conversation here!

I would really like to advocate for you all and was hoping you could answer a few questions for me so I can share this feedback?

1. Who is the main user of receipt URLs -- Is this a client, an auditor, or someone in your company who doesn't necessarily use Expensify?
2. How are you currently utilizing the receipt URLs -- Are you exporting them to a spreadsheet and sharing a spreadsheet with your client?
3. If you're sharing them with clients, how is the client using them? What are they using them for?
4. If you knew that receipt URLs were going to stay secured as they currently are now, what other tools in Expensify would you need to continue using the system? 

Thanks so much for the valuable feedback and for getting back to me!

Jason_Richards_25

1. Clients/customers. Certain travel expenses incurred by my company are billed to our customers. 

2. Receipt URLs are exported to a spreadsheet and are included with all of the expense details. A lot of our customers are public universities, so EVERY receipt is required to receive reimbursement for the travel expenses.

3. Our customers require EVERY receipt, and are using them to verify the expenses that are submitted. Sharing a link and having them open it to view the receipt was very convenient. 

4. I really hope receipt URLs do not stay secure- what is the need for this? To continue using the system, a way to select expenses and download all selected receipt images to a PDF would be ideal in place of sharing a link. However, I do not follow why the link needed to be changed. 

How was this changed effective 11/4 and communicated on 11/13? Today I was prepared to send out spreadsheets with links to 150 or so receipts to customers, but now I cannot do this and I have to get each image manually and create a PDF to satisfy our customer's requirements. 

Please consider reversing this secure URL decision until other options are offered by Expensify. Your management of your product is disappointing.

cslim

Hi @Sheena Trepanier

#1 - Client Finance Teams (can be one person, can be a small team of backend processing team). They check the total invoice on expenses submitted versus the proof of receipts submitting.

#2 - We export them every month into a spreadsheet, filter by tags (which are clients / project), filter by billable, and send that filtered spreadsheet along with our invoices.

#3 - Back to #1 , they check one by one that receipts amount tally with what is softcopy of the receipts. If all is good and non-disputable, they will pay us the full amount.

@Jason_Richards_25 that this doesn’t need to be secured. Can you please explore (with urgency) if you can turn this off, and perhaps let policy admins decide consciously that they want to expose their receipts publicly? By default its turned off for security purposes.

Just so you know the IMPACT to us as a business - now our expenses reimbursements are on hold cause clients cannot see the proof of receipts anymore. And I have about 200-300 expenses (PDFs). So we not getting paid for the expenses and will cause cash flow issue to us.

I don’t have an IT team or temps to do the manual work - but that’s the whole idea to use a simple cloud based application like Expensify.

I also have another thread going and explain why some of the workaround do not work.

(A)  - Work with your IT department to grant the client or auditor an email they can use to access Expensify and the receipt images. This account will need a policy invite and the auditor role view receipt URL images.

Reply: Auditor role will then see every single receipt for every single employee I have. I have average of 20-30 clients (some of them competitors). Also clients just needs to see the expenses we incur for them, so they don’t need to be auditor for my policies.

(B) If they already have an Expensify account, you can grant that account the necessary permissions to view receipt images. The account will need a policy invite and the auditor role at minimum to view receipt URL images

Same as above point (A)

 (C) If you don’t want to add them to your policy, you can ask them to create a free account using their email. Then, once this account exists, the report can be shared with them to grant them access to view receipt URL images.

Employee submits 1 report a month. In the report there are company benefits like mobile claims, travel, and then client(s) specific expenses which we mark reimbursable. One employee works across clients and internal stuff and it’s ‘tag’ in the receipt itself. End of the month - I pull a report and filter by tags and send the spreadsheet and supporting docs for our invoices. So I cannot share reports to the clients.

Robert

Bad, bad idea. This is not helpful. Please change it back. A GUID was all the security anyone needs. 

Sheena Trepanier

Hi @Robert, thanks for joining as well. Would you be open to answering the questions below so I can track the feedback?

1. Who is the main user of receipt URLs -- Is this a client, an auditor, or someone in your company who doesn't necessarily use Expensify?
2. How are you currently utilizing the receipt URLs -- Are you exporting them to a spreadsheet and sharing a spreadsheet with your client?
3. If you're sharing them with clients, how is the client using them? What are they using them for?
4. If you knew that receipt URLs were going to stay secured as they currently are now, what other tools in Expensify would you need to continue using the system? 

@cslim and @Jason_Richards_25 -- thank you so much both of you, for taking the time to provide the information I requested.

I have shared this feedback with the team and am following the discussion closely. As I learn more information that is relevant to this change I'll be following up with everyone on this thread. Talk to you soon!

Robert

We export the receipt records, including the link to the receipt to another system. Many people who do not use Expensify need to see the records related to receipts and the images associated with them. If this is not changed back we will likely start evaluating a replacement to Expensify.

StephanieL789

It doesn't matter who I want to share the receipts with. In my case it is for attachment to our accounting system,  I don't want to be in the situation, next month or next year where someone needs to look up the attached reference (perhaps while under audit) and discover no one is available who has access.  If you won't give a way to mass download receipts, then you need to take away this unnecessary restriction.  Ideally, I would like a way to do both!

kdearixon

This one has me banging my head on my desk. Whhhyyyy would you do this?  We integrate into Netsuite. You offer the receipt URL as a field that also loads into Netsuite, which was great for quick research without logging into a completely different system. This allows people, other than Expensify users, to see the details of the expenses that the company incurred. This was actually an important perk when deciding to switch to Expensify!  Are there new laws that require you to do this? If not, then give us the option on whether we want to enforce this or not! We do not want to give everyone audit privileges in Expensify just to view a single receipt image periodically, because then they can see what everyone else spends on their cards, and everyone knows people are snoopy!

Jason_Richards_25

cslimguyellis1988kdearixonStephanieL789Robert all vote up each other's comments to ensure there is more views on this. 

Extremely doubtful @Sheena Trepanier and team Expensify will actually be doing anything about this, but we may as well put in a little effort. They made the decision with little care for how it would affect customers, so why would our concerns cause a change after the fact? 

@Sheena Trepanier Is there an update on advocating for your customers?

cslim

@Sheena Trepanier would be great if the product team can give us an update. This is impacting our business. And if this is not resolved anytime soon, we really have to move to something else for next month’s expense management.

guyellis1988

@Sheena Trepanier

Our use-case is almost identical to the one described by @Jason_Richards_25

If a solution cannot be found, we will be forced to explore alternative systems; this is not something I say lightly, as the years of history and ~50 Expensify users to retrain will be a substantial effort on our side.

The lack of advanced warning to a substantial change such as this is incredibly worrying.

Nicole Trepanier

I just want to let everyone know that we are tracking customer demand for this feature to be reversed. This isn't a short process as we need to see if there is more demand here than there was to secure these URLs before we decide if and when we need to change it. I can't provide an ETA for this decision. I am so sorry for the frustration this has caused you. 

Layne

A bit of warning would have been nice. I recently sent out an 5,000-line expense report to an auditor that they now cannot access, now making it useless. No, I cannot grant them access to my entire account, we have other clients and NDA's. And no, I am not going to manually send them 100's of individual reports to look at.

Instead of making changes that nobody is asking for, how about adding ones that we are? (ie. monthly spending tracking/limits across all reports, improved tag management, etc.)

cslim

Hi @Nicole Trepanier  

Thanks for the update but unfortunately no ETA is not great. Let me (and I hope I speak for the rest of the Expensify customers) give you a date to come back to us.

Please let us know an update by end of this week (22nd Nov). If there is no update, I will take that the this "security" feature remains. This will be a deal breaker for us and we will be migrating off Expensify. We as a business already has expenses unpaid and stuck - that's for September and October, and now November as we continue to use Expensify. We cannot operate like this for another month.

samuel

There should be a few easy options going forward:

1. Give some customers the capability to opt out of new features like this one;
2. Consider creating a new role "External Auditor" that is required to login but can only access receipts.

Jason_Richards_25

@Nicole Trepanier Expensify tells customers about the change a week after it goes into effect and then provides zero alternatives? Excellent customer service shown here.

This change must be due to the new Expensify card, either a regulatory requirement or a way to push customers to it.

maasj

I just discovered this issue.

I can totally understand why some customers don't want their receipts to be public on the web.  If you can't even imagine why then you don't care at all about privacy.  I envy your life.  

But to change existing behavior like this, without warning, and without a way to revert back for those who are willing to accept the privacy implications, is pretty anti-customer behavior.

Our use case is that we have a years-old procedure of exporting reports via CSV and then a custom script processes that CSV file in order to:

• import transaction data into our non-standard accounting system
• make backups of receipt images in case we ever stop using Expensify or Expensify loses their copies due to a computer disaster or Expensify ceases to exist (those things do happen)
• generate custom notifications when someone charges an expense to someone else's fund/budget (via Tags)

We started a project a while back to use the API (which didn't exist when we first started using Expensify) to get what we need instead of using manual CSV exports, but we didn't get that project over the finish line.  I hope the API provides the ability to get receipt images.  If getting them manually via the web app is the only way now, that's really not cool.

Interestingly, e-Receipts are still publicly available.  While not as likely to have incriminating information like the restaurant server's phone number on the married CEO's receipt, e-Receipts can still leak information that some people would rather be private.

So right now some receipts require authentication and some don't, with no way for the customer to control the behavior for either type.  I doubt that any customer asked for this particular outcome.

Please give us a policy setting for receipt privacy!  Please!  I think the default should be that they're private and require authentication, but don't force that on your customers.  Let customers choose to be more risky if they want to be.  Give them a big warning or make them sign a waiver or something, but give 'em the choice, especially when the system operated that way for years.

Please!

Victoria O'leary

Hi @maasj

Thanks for joining the conversation and providing another perspective on the issue of privacy!

We hear you and understand this change might not work for everyone. As was mentioned earlier in the thread, we're working through feedback to see if there is enough demand for the feature to be reversed.

This isn't going to happen overnight because it does take time to gather enough user cases on both ends of the spectrum so we can understand customer demand. We'll keep you informed on this thread so keep an eye out 👀

Susanna_De_Bari1

This decision has rendered our subscription virtually useless. All the gains we made from moving to Expensify has now shifted with having to move receipts back and forward. It is also totally unacceptable to implement this with no notice. 

We will now need to reconsider our subscription as value has diminished significantly. 

maasj

@Victoria O'Leary - You don't need to "reverse" the change.  It doesn't have to be an either-or.  Just give your customers the option to choose.  We can handle it.  

maasj

I checked the API docs yesterday and I don't see any way to download receipts with it.  So it seems like there's currently no way to automate the process of downloading receipts.  Is that correct?

Karisa Latta

Hey everyone!

While we're still working on gathering feedback and looking at our options, have you tried to see if a report PDF would be a good workaround? When you download a report to PDF, you get all the line item data as well as all the receipt images.

You can choose to only have receipt thumbnails or you can choose to add full page receipt images to the PDF. You can then share that PDF file with anyone who needs it. You can also break out the images/pages to customize which receipt images you send off. [Neat tool here.]

Since the report PDF downloads a local copy to your computer, it does not have the receipt security limitation (the limitation only affects receipt URLs).

This won't help all use cases mentioned here, but I hope it benefits at least a few of you.

Jason_Richards_25

@Karisa_Latta at times I am pulling together receipts from 5+ employees to submit to a customer. Thumbnails are too small, so that's not an option. The report PDF means I am manually selecting which pages I want- employees submit reports monthly, not separate reports for each billable customer; completely inefficient. But on top of it your solution is to provide a link to something that requires a payment of $50/year? I already pay for Expensify, and your recommendation is to pay for something else to work around the receipt URL security?

Jason_Richards_25

@maasj
@Susanna_De_Bari1
@samuel
@cslim
@Layne
@guyellis1988
@StephanieL789
@Robert

Everyone vote up on previous and new comments as this is how Expensify views feedback as important or not.

Jason_Richards_25

@Victoria O'Leary the change happens fast and without warning, but a fix takes time? This is how Expensify works- no concern for how customers use the tool when making changes.

cslim

@Karisa_Latta Thanks. Please see my feedback above already.

 (C) If you don’t want to add them to your policy, you can ask them to create a free account using their email. Then, once this account exists, the report can be shared with them to grant them access to view receipt URL images.

Employee submits 1 report a month. In the report there are company benefits like mobile claims, travel, and then client(s) specific expenses which we mark reimbursable. One employee works across multiple clients and internal stuff and it’s ‘tag’ in the receipt itself. End of the month - I pull a report and filter by tags and send the spreadsheet and supporting docs for our invoices. So I cannot share reports to the clients.

You suggestion would be mean we share non-client related receipts to the client which is not required, sharing data which is not required. 

Having 1 report per claimable client is not workable either, employees have to managed 3-4 reports per submission, making it not user friendly at all.

Cortney Ofstad

@cslim thank you for providing that additional context. Please note that the feedback on this post has been shared with the Expensify team directly. However, at this point we don't have any update or additional information about this change the receipt URLs. I apologize for any hassle that this causes, but as soon as there is an update, we will make sure to let everyone know.