Payroll data is fintech’s $10 billion ‘holy grail’

A glimpse at consumers' paychecks gives crucial clues that help financial firms market mortgages, retirement accounts and more. No wonder it's such a tricky field to master.

An illustration of a magnifying glass examining a paycheck for payroll data.

Payroll data has become a crucial fintech battlefield.

Image: Christopher T. Fong/Protocol

Pinwheel CEO Kurt Lin launched his startup three years ago to chase what he called the "the holy grail" of fintech, connecting payroll data to pretty much any app.

Payroll data is already widely used to verify employees' work status and make it easier for consumers to set up or switch direct deposit accounts. But so much more can be done with all that information recorded on paystubs, Lin said.

"There's an incredible wealth of information that has never really been programmatically unlocked before: things like who you are, how much you make, what you pay in taxes," he told Protocol.

Unlocking that data is expected to unleash a new wave of fintech innovation. And startups like Pinwheel are jockeying for position in the small but growing market as they also grapple with questions around regulations, controversial business practices and the presence of bigger competitors, including Plaid and Finicity.

Lindsay Davis, head of markets at Atomic, estimated the total addressable market for "payroll connectivity and data software" is currently around $10 billion. Alex Johnson, director of fintech research at Cornerstone Advisors, said the market "could be bigger."

Current estimates are likely "based on the initial use cases they've already identified and started selling against," he told Protocol. "There are a lot of other potential use cases that will be discovered over time."

New uses for data

Those could be even more compelling than the ones based on access to bank data, which companies like Yodlee pioneered and Plaid and Finicity later pursued. Payroll data is potentially more valuable and richer, covering other key information, such as 401(k) contributions, taxes and even a consumer's vacation and sick days tally. Even travel companies might want a look.

"Payroll is like the top of the waterfall," Johnson said. "It's where you get all of that from. There's a set of things you can do with payroll data that hasn't been done well with data further down in the stream."

Shmulik Fishman, CEO and founder of Argyle, another payroll data software company, said coming up with new uses for the information has been "one of the most fascinating parts of this business." "Every week, we get a new idea of what this same data set and same platform can be used for," he said.

John Whitfield, Pinwheel's vice president of engineering, argued that payroll software data could spark a new wave of fintech innovation, much like Plaid did by connecting startups like Square, PayPal, Robinhood, SoFi and Affirm to banking data.

"One thing we have in common with Plaid is this idea that we're an underlying platform for a fintech company that has yet to be founded," Whitfield, who is a Plaid alumnus, told Protocol. "That's something that Plaid preached and based their business on — that startup after startup would come in and immediately start using Plaid."

Johnson said the payroll data software industry could even be "stealing a certain amount of share from the data aggregators space." That could be a reason, he argued, "why Plaid is trying to get into the space — because they see it as potentially taking some of their total addressable market away."

"We are focused on the needs of our customers in service of consumers, not individual competitors," a Plaid spokesman said in a statement. "Plaid's entry into the payroll data space is a natural evolution and has been planned for some time."

He called Plaid Income, the company's offering in payroll data software, fintech's "first building block for payroll data, [which] builds on our experience working with the most widely-used fintech services in the world."

Plaid also said when it launched an income-verification product in March that payroll data was the "next frontier" in open finance and that access "to payroll data has tremendous potential to expand financial opportunity and help people lead healthier financial lives."

But it has also proven to be a tough market to crack — even for a new fintech juggernaut.

Hurdles in the quest

In a setback to its payroll data software ambitions, Plaid paused a major payroll-related product just five months into a big offensive to add payroll data to its offerings. The company has said it is not giving up on the space, and that suspending development of its Deposit Switch product does "not signal that Plaid is less committed to the payroll data API space."

But the move underlined the challenges in a market that Davis of Atomic also described as "messy." One reason is the nature of payroll data.

While consumers usually stick with one bank account for years, they may change jobs frequently and become part of different payroll systems, such as ADP, Paychex or Workday. And there are also different rules that govern the way payroll records are kept depending on where the employer and their employees are based.

"You've got the state labor laws that are fragmented state by state," she told Protocol. "You've got the employers that have enabled certain levels of access for their employees. And every employer has [its] own way of integrating with an HR system."

Then there are the different ways that payroll data can be accessed. API connections are "vastly preferred by everyone in the market," because it is more secure, Johnson said. But the big challenge for payroll data software companies, he said, is: "How do you motivate the companies that have this data to build technical integration, a business partnership that allows for access to the data?"

That prompted some companies to get data through screen scraping, where you "go to a payroll portal, ask someone for their username and password, and go in and pull down that data," Finicity CEO Steve Smith said, adding that screen scraping payroll data is an approach that "we will not adopt."

Screen scraping is a controversial and sensitive tactic in the payroll data software market — to the point that some in the industry are reluctant to discuss it.

Pinwheel CEO Kurt Lin Pinwheel CEO Kurt Lin's chasing "the holy grail" of fintech: connecting payroll data to pretty much any app.Photo: Pinwheel

Pinwheel's Lin said "data aggregation is a difficult endeavor and we use a number of methods to connect with payroll platforms," but when asked if those included screen scraping, he said, "No further comment."

Davis of Atomic said the company has used screen scraping "when user-permissioned APIs are not available." One example is when Atomic needs to connect with state unemployment systems, which typically don't have API connectivity.

A Plaid spokesman said the company uses "a combination of API access and screen scraping at the direction of customers."

Some screen scraping tactics have raised alarm.

Plaid has taken heat for reportedly offering to pay users $500 for providing their employer payroll login details. The company denied it did anything illegal, saying it was part of "a voluntary and time-limited pilot program" that involved 12 participants and was meant to "assist Plaid in building consumer-permissioned tools that make it easier for consumers to securely share their information digitally."

Argyle faced similar accusations. Fishman, the company's CEO, denied the accusation, saying, "That's not something that Argyle performs."

Johnson of Cornerstone Advisors said reports of the pay-for-data-access tactics didn't sit well with some payroll data software companies that saw the approach as "essentially spending VC money to bribe your way into getting larger coverage."

"Everyone I talked to in the industry, uniformly, is like, 'This is just bad for all of us. We get the temptation. We get why you might want to use this to build up coverage faster. But it's just bad for the industry overall if you do this,'" Johnson said. "This is the quickest way to regulators just shutting it down and not being on the side of this data sharing."

Setting the rules

There are looming battles over data privacy and ownership that are sure to engulf the payroll data software companies. This was highlighted by recent news that the SEC, under Chairman Gary Gensler, will look more closely into how data analytics and AI are used in financial services and possibly draft new rules that would cover these technologies.

Some companies have taken a proactive approach to the expected wave of regulations. For example, both Finicity, which was acquired by Mastercard last year, and Pinwheel have opted to become Fair Credit Reporting Act-compliant companies. Atomic is looking to be FCRA compliant. "It's not a matter of if, it's when," Davis said.

Being FCRA compliant means these companies must adhere to strict rules related to the handling of consumer data, which includes making sure, as credit reporting agencies do, that the information they collect is accurate and up to date. "We're basically on the hook for having data that actually is of high quality versus otherwise just being a data aggregator," Lin said.

Johnson said being FCRA compliant is significant in fintech where many companies "don't want to have to deal with more regulation than you have to." He added: "The way that data aggregators typically think about that is, 'We're just the pipes that pass data back and forth. We don't hold the data. We don't build consumer reports. We don't add any analysis layer or anything on top of the data.'"

He said it is a "really smart" move to "just lean in and say, 'Look, we're going to get regulated at some point, let's embrace it. Let's be the first one to talk to regulators about this. Let's get out ahead of it.'"

Despite Plaid's unexpected stumble, the company is expected to be a formidable competitor in the space given its track record as a fintech powerhouse. And its smaller rivals know this.

"Plaid's solution has been an integral part of the rise of fintech," Lin said. Davis said Plaid's decision to enter the market is "a huge validation" for the space. "It shows that it is important, that this is a market worth paying attention to, something we've believed for years now," she said.

Johnson echoed that view, calling Plaid's decision to take the "jump with both feet" into this market "a net positive." "The biggest problem you have — and we saw this in bank account aggregation as well — is incumbents just trying to kill this [space] before it gets started," he said.

Plaid, given its size and reach in fintech, can help establish payroll data software "as a category that's not going to go away."


Supreme Court takes a sledgehammer to greenhouse gas regulations

The court ruled 6-3 that the EPA cannot use the Clean Air Act to regulate greenhouse gases. That leaves a patchwork of policies from states, utilities and, increasingly, tech companies to pick up the slack.

The Supreme Court struck a major blow to the federal government's ability to regulate greenhouse gases.

Eric Lee/Bloomberg via Getty Images

Striking down the right to abortion may be the Supreme Court's highest-profile decision this term. But on Wednesday, the court handed down an equally massive verdict on the federal government's ability to regulate greenhouse gas emissions. In the case of West Virginia v. EPA, the court decided that the agency has no ability to regulate greenhouse gas pollution under the Clean Air Act. Weakening the federal government's powers leaves a patchwork of states, utilities and, increasingly, tech companies to pick up the slack in reducing carbon pollution.

Keep Reading Show less
Brian Kahn

Brian ( @blkahn) is Protocol's climate editor. Previously, he was the managing editor and founding senior writer at Earther, Gizmodo's climate site, where he covered everything from the weather to Big Oil's influence on politics. He also reported for Climate Central and the Wall Street Journal. In the even more distant past, he led sleigh rides to visit a herd of 7,000 elk and boat tours on the deepest lake in the U.S.

Every day, millions of us press the “order” button on our favorite coffee store's mobile application: Our chosen brew will be on the counter when we arrive. It’s a personalized, seamless experience that we have all come to expect. What we don’t know is what’s happening behind the scenes. The mobile application is sourcing data from a database that stores information about each customer and what their favorite coffee drinks are. It is also leveraging event-streaming data in real time to ensure the ingredients for your personal coffee are in supply at your local store.

Applications like this power our daily lives, and if they can’t access massive amounts of data stored in a database as well as stream data “in motion” instantaneously, you — and millions of customers — won’t have these in-the-moment experiences.

Keep Reading Show less
Jennifer Goforth Gregory
Jennifer Goforth Gregory has worked in the B2B technology industry for over 20 years. As a freelance writer she writes for top technology brands, including IBM, HPE, Adobe, AT&T, Verizon, Epson, Oracle, Intel and Square. She specializes in a wide range of technology, such as AI, IoT, cloud, cybersecurity, and CX. Jennifer also wrote a bestselling book The Freelance Content Marketing Writer to help other writers launch a high earning freelance business.

Can crypto regulate itself? The Lummis-Gillibrand bill hopes so.

Creating the equivalent of the stock markets’ FINRA for crypto is the ideal, but experts doubt that it will be easy.

The idea of creating a government-sanctioned private regulatory association has been drawing more attention in the debate over how to rein in a fast-growing industry whose technological quirks have baffled policymakers.

Illustration: Christopher T. Fong/Protocol

Regulating crypto is complicated. That’s why Sens. Cynthia Lummis and Kirsten Gillibrand want to explore the creation of a private sector group to help federal regulators do their job.

The bipartisan bill introduced by Lummis and Gillibrand would require the CFTC and the SEC to work with the crypto industry to look into setting up a self-regulatory organization to “facilitate innovative, efficient and orderly markets for digital assets.”

Keep Reading Show less
Benjamin Pimentel

Benjamin Pimentel ( @benpimentel) covers crypto and fintech from San Francisco. He has reported on many of the biggest tech stories over the past 20 years for the San Francisco Chronicle, Dow Jones MarketWatch and Business Insider, from the dot-com crash, the rise of cloud computing, social networking and AI to the impact of the Great Recession and the COVID crisis on Silicon Valley and beyond. He can be reached at or via Google Voice at (925) 307-9342.


Alperovitch: Cybersecurity defenders can’t be on high alert every day

With the continued threat of Russian cyber escalation, cybersecurity and geopolitics expert Dmitri Alperovitch says it’s not ideal for the U.S. to oscillate between moments of high alert and lesser states of cyber readiness.

Dmitri Alperovitch (the co-founder and former CTO of CrowdStrike) speaks at RSA Conference 2022.

Photo: RSA Conference

When it comes to cybersecurity vigilance, Dmitri Alperovitch wants to see more focus on resiliency of IT systems — and less on doing "surges" around particular dates or events.

For instance, whatever Russia is doing at the moment.

Keep Reading Show less
Kyle Alspach

Kyle Alspach ( @KyleAlspach) is a senior reporter at Protocol, focused on cybersecurity. He has covered the tech industry since 2010 for outlets including VentureBeat, CRN and the Boston Globe. He lives in Portland, Oregon, and can be reached at


How the internet got privatized and how the government could fix it

Author Ben Tarnoff discusses municipal broadband, Web3 and why closing the “digital divide” isn’t enough.

The Biden administration’s Internet for All initiative, which kicked off in May, will roll out grant programs to expand and improve broadband infrastructure, teach digital skills and improve internet access for “everyone in America by the end of the decade.”

Decisions about who is eligible for these grants will be made based on the Federal Communications Commission’s broken, outdated and incorrect broadband maps — maps the FCC plans to update only after funding has been allocated. Inaccurate broadband maps are just one of many barriers to getting everyone in the country successfully online. Internet service providers that use government funds to connect rural and low-income areas have historically provided those regions with slow speeds and poor service, forcing community residents to find reliable internet outside of their homes.

Keep Reading Show less
Aditi Mukund
Aditi Mukund is Protocol’s Data Analyst. Prior to joining Protocol, she was an analyst at The Daily Beast and NPR where she wrangled data into actionable insights for editorial, audience, commerce, subscription, and product teams. She holds a B.S in Cognitive Science, Human Computer Interaction from The University of California, San Diego.
Latest Stories