Corporate card misuse is rarely dramatic. It is low-visibility, habitual, and systematically missed by monthly reconciliation. Businesses that switch to real-time transaction monitoring consistently find policy breaches, FBT gaps, and fraud signals in their first three months of data — before any ATO review.
What the data actually shows
Corporate card fraud is not always a rogue employee running offshore purchases through a business Amex. More often it looks like this: a $94 grocery shop on a Tuesday charged to a card that should cover client entertainment. A $340 dinner for six with no attendee list and no business purpose recorded. A new vendor charged twice in the same week by a cardholder with no approval on file.
None of these look like fraud at a glance. Most sail through monthly reconciliation untouched. When we run three months of corporate card data through the SpendGuard detection engine, we consistently find the same patterns across businesses of all sizes:
- Personal merchant category codes — groceries, pharmacies, petrol stations — on business cards with no expense justification
- Split transactions sitting just below approval thresholds, sometimes to the same vendor on the same day
- Entertainment and meal spend with no FBT documentation attached
- First-time vendors processed without any supplier approval on record
These are not exotic attack patterns. They are the ordinary, low-visibility leakage that happens when your only control is a manager casting an eye over a PDF at month-end.
Why monthly reconciliation is not enough
The assumption behind monthly reconciliation is that your finance team will catch anomalies by reviewing spend after the fact. In practice, reviewers are looking at transaction volumes that make granular analysis impossible, with no baseline to compare against and no automated flagging to direct their attention.
By the time a pattern surfaces — a cardholder charging personal expenses for eight months, a vendor receiving duplicate payments — the damage is done. Recovery is slow, legally complex, and expensive.
Real-time monitoring changes the equation fundamentally. When every transaction is scored against your spend policy, approved vendor list, and FBT thresholds at the moment it posts, your finance team is working with exceptions rather than searching for them.
The board governance angle
Repeated spend policy breaches are increasingly treated as a control failure at board level, not just an HR matter. Regulators and auditors are looking for systematic evidence that controls are working — not just that a policy document exists.
Businesses that can demonstrate automated, real-time monitoring with a full audit trail are in a categorically different position during any review or audit. The question your board should be asking is not whether you have a corporate card policy. It is whether you have any evidence the policy is actually being enforced.
What SpendGuard monitors
SpendGuard runs four detection modules against every transaction. The Policy Checker flags personal spend merchant categories, split transactions, out-of-policy vendors, and spend limit breaches in real time. The FBT Detector identifies entertainment and meal spend subject to FBT, captures attendee counts and business purpose at point of expense, and generates RFBA data for payroll. Fraud Scoring gives every transaction a 0–100 risk score built on velocity anomalies, after-hours patterns, and transaction splitting signatures. Supplier Check flags new or unregistered vendors before spend continues.
The entire system runs inside your existing Microsoft 365 environment. Your transaction data never leaves your M365 tenant.
Send us three months of corporate card exports as a CSV. We run them through the SpendGuard engine and return a plain-English report showing your policy breach count, FBT exposure estimate, fraud risk flags, and new vendor exposure. No software to install, no commitment required.
Frequently asked questions
What types of corporate card misuse does SpendGuard detect?
SpendGuard detects personal spend on business cards, split transactions designed to avoid approval thresholds, unapproved vendor use, entertainment and meal spend with missing FBT documentation, and new vendor transactions with no supplier approval on record. Every transaction receives a risk score — not just a sample.
How is real-time monitoring different from monthly reconciliation?
Monthly reconciliation reviews spend after it has occurred, with no automated baseline to compare against. Real-time monitoring scores every transaction at the point it posts — flagging exceptions immediately so your finance team can act before a pattern becomes a problem. SpendGuard also maintains a full audit trail of every flag, decision, and resolution.
Does SpendGuard require new software or new logins for our team?
No. SpendGuard is built on Microsoft 365 and Power BI, which most businesses with 20 or more employees already licence. Alerts and dashboards appear inside your existing M365 environment. Your transaction data never leaves your tenant — the detection engine calls your data via API and writes results back to your Power BI dataset.
What accounting systems does SpendGuard connect to?
SpendGuard connects to Xero, MYOB AccountRight and Business, and SAP Concur. It also supports Basiq CDR API for direct Australian bank feeds and an OFX/CSV ingest path via a SharePoint drop zone for any system that can export transactions.
See what is hiding in your card data
Send us three months of corporate card exports. We will show you your policy breach count, FBT exposure, and fraud risk flags before you commit to anything.