Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsOff topicXero Accounting ... Are you serious?
icepicknz

309 posts

Ultimate Geek

Trusted

#129351 12-Sep-2013 10:52
Send private message

Hey guys,

After your opinion on something and I guess to also advise people that use Xero of a serious flaw in their system.

If and when you start using Xero, who ever creates the account and becomes the subscriber is then the sole person with permission to the account.
So for instance if you have your PA, Accountant or in our case an old Director create the account, they are the only ones that can control it.
If said PA, Accountant or ex Director become disgruntled with the company, there is no way to transfer the account to another user without that persons permission.

Our company recently had a Director stood down, he had the 'subscriber' status and refused to transfer it and Xero wouldnt do anything; even though


  • Our company name was on all the account data

  • Our company holds the direct debit for payment of the account

  • Our company signed authority for the bank feeds

  • The 2 remaining directors have signing authority over the bank accounts

  • We contacted Xero and pointed them to the companies website showing we had authority over the data as directors

  • The old director was stood down nearly 2 weeks ago


When asked of Xero what do we do, they suggested we export the data and reimport it and start again, there was no simple process around this however.
When asked how you open the account in the company name to ensure this doesnt happen again, we were suggested to use a shared email box rather than a single person.
When I asked what happens in the case of a shared mailbox, someone with access to that mailbox could just change the subscriber to themselves and walk out and hold us ransom, nothing can be done.

I find it hard to believe a company of Xero's size could leave a company so open to abuse.

In the case of all our bank accounts etc, we just contacted the bank and suppliers and stated they need to stand down the director and to view the Companies (Government) website to view the data themselves.
New forms were sent out to us and process was followed.

Does anyone have any suggestions as what to do from here?
Would love to hear from others that may have been a similar case.
Be warned of this huge flaw in their systems!

Cheers
Barry




Barry Murphy
ISPMap - New Zealand ISP map
Vibe Communications LTD - Business ISP and Wholesale Carrier



Any comments made by myself don't reflect the views of my employer, they are mine and mine alone

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2 | 3 | 4 | 5
lurker
831 posts

Ultimate Geek

Lifetime subscriber

  #894680 12-Sep-2013 11:17
Send private message

Can't you threaten legal action against the director if he refuses to transfer?



hairy1
3332 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #894683 12-Sep-2013 11:22
Send private message

That doesn't fix the problem. The ability to have more than one admin is one advantage of cloud computing.




My views (except when I am looking out their windows) are not those of my employer.

icepicknz

309 posts

Ultimate Geek

Trusted

  #894684 12-Sep-2013 11:24
Send private message

We are still seeking legal advice, however Xero state that the account is linked to his personal account.

When I asked Xero how you setup a business account to attach the company to they said you can't you'd have to setup a group email under the company, however this is how I suggested someone could then Hijack the account and just change the subscriber to their own email address; they confirmed yes this would be possible and nothing could be done.

Multiple admins or subscribers would be a much better option, then a procedure to remove one of them if required, i.e. looking at the companies records.




Barry Murphy
ISPMap - New Zealand ISP map
Vibe Communications LTD - Business ISP and Wholesale Carrier



Any comments made by myself don't reflect the views of my employer, they are mine and mine alone



Zeon
3918 posts

Uber Geek

Trusted

  #894713 12-Sep-2013 12:42
Send private message

Can't they just manually handle this situation? Perhaps you could obtain a court order to force the ex director to hand over access or force Xero to move the account details. Seriously I'm surprised that a company this is meant to be dynamic like Xero can't use common sense and manually sort out the information. just check the companies office for verification and that's all that should be needed.

There are a hell of a lot fo Xero fan boys out there many of whom gloss over situations like this.




Speedtest 2019-10-14

CYaBro
4590 posts

Uber Geek

ID Verified
Trusted

  #894720 12-Sep-2013 12:52
Send private message

So are you saying the ex-director created the company Xero account using their own personal email address?
If they created it with a company email address you could easily get access to that.




Opinions are my own and not the views of my employer.

icepicknz

309 posts

Ultimate Geek

Trusted

  #894722 12-Sep-2013 12:56
Send private message

Yes he used his personal email address correct, though even if it was a company email address obtaining access to someone elses email address is illegal unfortunately.




Barry Murphy
ISPMap - New Zealand ISP map
Vibe Communications LTD - Business ISP and Wholesale Carrier



Any comments made by myself don't reflect the views of my employer, they are mine and mine alone

CYaBro
4590 posts

Uber Geek

ID Verified
Trusted

  #894728 12-Sep-2013 13:01
Send private message

icepicknz: Yes he used his personal email address correct, though even if it was a company email address obtaining access to someone elses email address is illegal unfortunately.


Not if they've left the company surely??
This happens all the time.

EG: Barbara has left our company and we need her emails redirected to Susie please.

But you are right, this does sound rather crazy that Xero don't have an easy system in place for this sort of thing.




Opinions are my own and not the views of my employer.

 
 
 
 

Trade NZ and US shares and funds with Sharesies (affiliate link).
Inphinity
2780 posts

Uber Geek


  #894730 12-Sep-2013 13:03
Send private message

icepicknz: Yes he used his personal email address correct, though even if it was a company email address obtaining access to someone elses email address is illegal unfortunately.


Not if it's a mailbox on a domain owned by the company.

icepicknz

309 posts

Ultimate Geek

Trusted

  #894731 12-Sep-2013 13:04
Send private message

I guess so, however there is no process in place to stop that person transferring the subscription from their company email to a personal email address; or having multiple 'subscribers' or 'admins' that have authority over the account. So that person could transfer the account to their personal account. When I asked Xero about this, they said that was possible and they would have to wait for said 'subscriber' to release authority.

I'm awaiting their legal team to contact me as I suggested this is a huge flaw in the system, however having to wait days between replies doesnt help!




Barry Murphy
ISPMap - New Zealand ISP map
Vibe Communications LTD - Business ISP and Wholesale Carrier



Any comments made by myself don't reflect the views of my employer, they are mine and mine alone

timmmay
20591 posts

Uber Geek

Trusted
Lifetime subscriber

  #894744 12-Sep-2013 13:29
Send private message

Since you obviously have legal authority over the data, the business, and the Xero account suggest Xero try something like this

update USERS set EMAIL="director@company.com" where email="old@email.com"

If they say no then I guess you ask them to create you a new account, and shut off the old one. Alternately there are plenty of accounting systems you can move to.

I'm very surprised and a little disappointed Xero haven't got a process for this. I use them myself, and they're generally very good.

mattwnz
20178 posts

Uber Geek


  #894755 12-Sep-2013 14:03
Send private message

Surely they have a form that you can fill in to change the ownership of the account, that you can fill in manually and sign, and they can then manually check and authenticate the details. This is one of the concerns I have with this whole cloud model, especially with accounting, as there is a lack of control for the company. If you had just purchased software to install on your own PC, you wouldn't have the problem. Maybe the IRD could help, as they should be able to authenticate your details for them.

icepicknz

309 posts

Ultimate Geek

Trusted

  #894760 12-Sep-2013 14:13
Send private message

mattwnz: Surely they have a form that you can fill in to change the ownership of the account, that you can fill in manually and sign, and they can then manually check and authenticate the details. This is one of the concerns I have with this whole cloud model, especially with accounting, as there is a lack of control for the company. If you had just purchased software to install on your own PC, you wouldn't have the problem. Maybe the IRD could help, as they should be able to authenticate your details for them.


This is the point I made to them and they pointed me to clause 2 - https://www.xero.com/nz/about/terms/




Barry Murphy
ISPMap - New Zealand ISP map
Vibe Communications LTD - Business ISP and Wholesale Carrier



Any comments made by myself don't reflect the views of my employer, they are mine and mine alone

timmmay
20591 posts

Uber Geek

Trusted
Lifetime subscriber

  #894773 12-Sep-2013 14:48
Send private message

Seems like there should be a way to change the subscriber. Perhaps you need to explore legal options against your ex director.

mattwnz
20178 posts

Uber Geek


  #894775 12-Sep-2013 14:52
Send private message

Maybe they need a warning when someone signs up, that only the owner of the company can signup, or have checks that the main person in charge of the account is actually the owner.

What do they do if the main subscriber no longer has access to the email address they signed up under. eg They signup with an xtra address, and then they change ISPs and no longer have access to it, and and they don't know their login details? How would they then get them reset to a new email address?

CYaBro
4590 posts

Uber Geek

ID Verified
Trusted

  #894794 12-Sep-2013 15:49
Send private message

mattwnz: 

What do they do if the main subscriber no longer has access to the email address they signed up under. eg They signup with an xtra address, and then they change ISPs and no longer have access to it, and and they don't know their login details? How would they then get them reset to a new email address?


Exactly what I was thinking myself.




Opinions are my own and not the views of my employer.

 1 | 2 | 3 | 4 | 5
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Gen Threat Report Reveals Rise in Crypto, Sextortion and Tech Support Scams
Posted 7-Aug-2025 13:09

Logitech G and McLaren Racing Sign New, Expanded Multi-Year Partnership
Posted 7-Aug-2025 13:00

A Third of New Zealanders Fall for Online Scams Says Trend Micro
Posted 7-Aug-2025 12:43

OPPO Releases Its Most Stylish and Compact Smartwatch Yet, the Watch X2 Mini.
Posted 7-Aug-2025 12:37

Epson Launches New High-End EH-LS9000B Home Theatre Laser Projector
Posted 7-Aug-2025 12:34

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright