Protocol | Fintech

Payroll data is fintech’s $10 billion ‘holy grail’

A glimpse at consumers' paychecks gives crucial clues that help financial firms market mortgages, retirement accounts and more. No wonder it's such a tricky field to master.

An illustration of a magnifying glass examining a paycheck for payroll data.

Payroll data has become a crucial fintech battlefield.

Image: Christopher T. Fong/Protocol

Pinwheel CEO Kurt Lin launched his startup three years ago to chase what he called the "the holy grail" of fintech, connecting payroll data to pretty much any app.

Payroll data is already widely used to verify employees' work status and make it easier for consumers to set up or switch direct deposit accounts. But so much more can be done with all that information recorded on paystubs, Lin said.

"There's an incredible wealth of information that has never really been programmatically unlocked before: things like who you are, how much you make, what you pay in taxes," he told Protocol.

Unlocking that data is expected to unleash a new wave of fintech innovation. And startups like Pinwheel are jockeying for position in the small but growing market as they also grapple with questions around regulations, controversial business practices and the presence of bigger competitors, including Plaid and Finicity.

Lindsay Davis, head of markets at Atomic, estimated the total addressable market for "payroll connectivity and data software" is currently around $10 billion. Alex Johnson, director of fintech research at Cornerstone Advisors, said the market "could be bigger."

Current estimates are likely "based on the initial use cases they've already identified and started selling against," he told Protocol. "There are a lot of other potential use cases that will be discovered over time."

New uses for data

Those could be even more compelling than the ones based on access to bank data, which companies like Yodlee pioneered and Plaid and Finicity later pursued. Payroll data is potentially more valuable and richer, covering other key information, such as 401(k) contributions, taxes and even a consumer's vacation and sick days tally. Even travel companies might want a look.

"Payroll is like the top of the waterfall," Johnson said. "It's where you get all of that from. There's a set of things you can do with payroll data that hasn't been done well with data further down in the stream."

Shmulik Fishman, CEO and founder of Argyle, another payroll data software company, said coming up with new uses for the information has been "one of the most fascinating parts of this business." "Every week, we get a new idea of what this same data set and same platform can be used for," he said.

John Whitfield, Pinwheel's vice president of engineering, argued that payroll software data could spark a new wave of fintech innovation, much like Plaid did by connecting startups like Square, PayPal, Robinhood, SoFi and Affirm to banking data.

"One thing we have in common with Plaid is this idea that we're an underlying platform for a fintech company that has yet to be founded," Whitfield, who is a Plaid alumnus, told Protocol. "That's something that Plaid preached and based their business on — that startup after startup would come in and immediately start using Plaid."

Johnson said the payroll data software industry could even be "stealing a certain amount of share from the data aggregators space." That could be a reason, he argued, "why Plaid is trying to get into the space — because they see it as potentially taking some of their total addressable market away."

"We are focused on the needs of our customers in service of consumers, not individual competitors," a Plaid spokesman said in a statement. "Plaid's entry into the payroll data space is a natural evolution and has been planned for some time."

He called Plaid Income, the company's offering in payroll data software, fintech's "first building block for payroll data, [which] builds on our experience working with the most widely-used fintech services in the world."

Plaid also said when it launched an income-verification product in March that payroll data was the "next frontier" in open finance and that access "to payroll data has tremendous potential to expand financial opportunity and help people lead healthier financial lives."

But it has also proven to be a tough market to crack — even for a new fintech juggernaut.

Hurdles in the quest

In a setback to its payroll data software ambitions, Plaid paused a major payroll-related product just five months into a big offensive to add payroll data to its offerings. The company has said it is not giving up on the space, and that suspending development of its Deposit Switch product does "not signal that Plaid is less committed to the payroll data API space."

But the move underlined the challenges in a market that Davis of Atomic also described as "messy." One reason is the nature of payroll data.

While consumers usually stick with one bank account for years, they may change jobs frequently and become part of different payroll systems, such as ADP, Paychex or Workday. And there are also different rules that govern the way payroll records are kept depending on where the employer and their employees are based.

"You've got the state labor laws that are fragmented state by state," she told Protocol. "You've got the employers that have enabled certain levels of access for their employees. And every employer has [its] own way of integrating with an HR system."

Then there are the different ways that payroll data can be accessed. API connections are "vastly preferred by everyone in the market," because it is more secure, Johnson said. But the big challenge for payroll data software companies, he said, is: "How do you motivate the companies that have this data to build technical integration, a business partnership that allows for access to the data?"

That prompted some companies to get data through screen scraping, where you "go to a payroll portal, ask someone for their username and password, and go in and pull down that data," Finicity CEO Steve Smith said, adding that screen scraping payroll data is an approach that "we will not adopt."

Screen scraping is a controversial and sensitive tactic in the payroll data software market — to the point that some in the industry are reluctant to discuss it.

Pinwheel CEO Kurt Lin Pinwheel CEO Kurt Lin's chasing "the holy grail" of fintech: connecting payroll data to pretty much any app.Photo: Pinwheel

Pinwheel's Lin said "data aggregation is a difficult endeavor and we use a number of methods to connect with payroll platforms," but when asked if those included screen scraping, he said, "No further comment."

Davis of Atomic said the company has used screen scraping "when user-permissioned APIs are not available." One example is when Atomic needs to connect with state unemployment systems, which typically don't have API connectivity.

A Plaid spokesman said the company uses "a combination of API access and screen scraping at the direction of customers."

Some screen scraping tactics have raised alarm.

Plaid has taken heat for reportedly offering to pay users $500 for providing their employer payroll login details. The company denied it did anything illegal, saying it was part of "a voluntary and time-limited pilot program" that involved 12 participants and was meant to "assist Plaid in building consumer-permissioned tools that make it easier for consumers to securely share their information digitally."

Argyle faced similar accusations. Fishman, the company's CEO, denied the accusation, saying, "That's not something that Argyle performs."

Johnson of Cornerstone Advisors said reports of the pay-for-data-access tactics didn't sit well with some payroll data software companies that saw the approach as "essentially spending VC money to bribe your way into getting larger coverage."

"Everyone I talked to in the industry, uniformly, is like, 'This is just bad for all of us. We get the temptation. We get why you might want to use this to build up coverage faster. But it's just bad for the industry overall if you do this,'" Johnson said. "This is the quickest way to regulators just shutting it down and not being on the side of this data sharing."

Setting the rules

There are looming battles over data privacy and ownership that are sure to engulf the payroll data software companies. This was highlighted by recent news that the SEC, under Chairman Gary Gensler, will look more closely into how data analytics and AI are used in financial services and possibly draft new rules that would cover these technologies.

Some companies have taken a proactive approach to the expected wave of regulations. For example, both Finicity, which was acquired by Mastercard last year, and Pinwheel have opted to become Fair Credit Reporting Act-compliant companies. Atomic is looking to be FCRA compliant. "It's not a matter of if, it's when," Davis said.

Being FCRA compliant means these companies must adhere to strict rules related to the handling of consumer data, which includes making sure, as credit reporting agencies do, that the information they collect is accurate and up to date. "We're basically on the hook for having data that actually is of high quality versus otherwise just being a data aggregator," Lin said.

Johnson said being FCRA compliant is significant in fintech where many companies "don't want to have to deal with more regulation than you have to." He added: "The way that data aggregators typically think about that is, 'We're just the pipes that pass data back and forth. We don't hold the data. We don't build consumer reports. We don't add any analysis layer or anything on top of the data.'"

He said it is a "really smart" move to "just lean in and say, 'Look, we're going to get regulated at some point, let's embrace it. Let's be the first one to talk to regulators about this. Let's get out ahead of it.'"

Despite Plaid's unexpected stumble, the company is expected to be a formidable competitor in the space given its track record as a fintech powerhouse. And its smaller rivals know this.

"Plaid's solution has been an integral part of the rise of fintech," Lin said. Davis said Plaid's decision to enter the market is "a huge validation" for the space. "It shows that it is important, that this is a market worth paying attention to, something we've believed for years now," she said.

Johnson echoed that view, calling Plaid's decision to take the "jump with both feet" into this market "a net positive." "The biggest problem you have — and we saw this in bank account aggregation as well — is incumbents just trying to kill this [space] before it gets started," he said.

Plaid, given its size and reach in fintech, can help establish payroll data software "as a category that's not going to go away."

Protocol | Policy

Why Twitch’s 'hate raid' lawsuit isn’t just about Twitch

When is it OK for tech companies to unmask their anonymous users? And when should a violation of terms of service get someone sued?

The case Twitch is bringing against two hate raiders is hardly black and white.

Photo: Caspar Camille Rubin/Unsplash

It isn't hard to figure out who the bad guys are in Twitch's latest lawsuit against two of its users. On one side are two anonymous "hate raiders" who have been allegedly bombarding the gaming platform with abhorrent attacks on Black and LGBTQ+ users, using armies of bots to do it. On the other side is Twitch, a company that, for all the lumps it's taken for ignoring harassment on its platform, is finally standing up to protect its users against persistent violators whom it's been unable to stop any other way.

But the case Twitch is bringing against these hate raiders is hardly black and white. For starters, the plaintiff here isn't an aggrieved user suing another user for defamation on the platform. The plaintiff is the platform itself. Complicating matters more is the fact that, according to a spokesperson, at least part of Twitch's goal in the case is to "shed light on the identity of the individuals behind these attacks," raising complicated questions about when tech companies should be able to use the courts to unmask their own anonymous users and, just as critically, when they should be able to actually sue them for violating their speech policies.

Keep Reading Show less
Issie Lapowsky

Issie Lapowsky ( @issielapowsky) is Protocol's chief correspondent, covering the intersection of technology, politics, and national affairs. She also oversees Protocol's fellowship program. Previously, she was a senior writer at Wired, where she covered the 2016 election and the Facebook beat in its aftermath. Prior to that, Issie worked as a staff writer for Inc. magazine, writing about small business and entrepreneurship. She has also worked as an on-air contributor for CBS News and taught a graduate-level course at New York University's Center for Publishing on how tech giants have affected publishing.

While it's easy to get lost in the operational and technical side of a transaction, it's important to remember the third component of a payment. That is, the human behind the screen.

Over the last two years, many retailers have seen the benefit of investing in new, flexible payments. Ones that reflect the changing lifestyles of younger spenders, who are increasingly holding onto their cash — despite reports to the contrary. This means it's more important than ever for merchants to take note of the latest payment innovations so they can tap into the savings of the COVID-19 generation.

Keep Reading Show less
Antoine Nougue,

Antoine Nougue is Head of Europe at He works with ambitious enterprise businesses to help them scale and grow their operations through payment processing services. He is responsible for leading the European sales, customer success, engineering & implementation teams and is based out of London, U.K.

Protocol | Fintech

When COVID rocked the insurance market, this startup saw opportunity

Ethos has outraised and outmarketed the competition in selling life insurance directly online — but there's still an $887 billion industry to transform.

Life insurance has been slow to change.

Image: courtneyk/Getty Images

Peter Colis cited a striking statistic that he said led him to launch a life insurance startup: One in twenty children will lose a parent before they turn 15.

"No one ever thinks that will happen to them, but that's the statistics," the co-CEO and co-founder of Ethos told Protocol. "If it's a breadwinning parent, the majority of those families will go bankrupt immediately, within three months. Life insurance elegantly solves this problem."

Keep Reading Show less
Benjamin Pimentel

Benjamin Pimentel ( @benpimentel) covers fintech from San Francisco. He has reported on many of the biggest tech stories over the past 20 years for the San Francisco Chronicle, Dow Jones MarketWatch and Business Insider, from the dot-com crash, the rise of cloud computing, social networking and AI to the impact of the Great Recession and the COVID crisis on Silicon Valley and beyond. He can be reached at or via Signal at (510)731-8429.

Protocol | Workplace

Remote work is here to stay. Here are the cybersecurity risks.

Phishing and ransomware are on the rise. Is your remote workforce prepared?

Before your company institutes work-from-home-forever plans, you need to ensure that your workforce is prepared to face the cybersecurity implications of long-term remote work.

Photo: Stefan Wermuth/Bloomberg via Getty Images

The delta variant continues to dash or delay return-to-work plans, but before your company institutes work-from-home-forever plans, you need to ensure that your workforce is prepared to face the cybersecurity implications of long-term remote work.

So far in 2021, CrowdStrike has already observed over 1,400 "big game hunting" ransomware incidents and $180 million in ransom demands averaging over $5 million each. That's due in part to the "expanded attack surface that work-from-home creates," according to CTO Michael Sentonas.

Keep Reading Show less
Michelle Ma
Michelle Ma (@himichellema) is a reporter at Protocol, where she writes about management, leadership and workplace issues in tech. Previously, she was a news editor of live journalism and special coverage for The Wall Street Journal. Prior to that, she worked as a staff writer at Wirecutter. She can be reached at
Protocol | Enterprise

How GitHub COO Erica Brescia runs the coding gold mines

GitHub sits at the center of the world's software-development activity, which makes the Microsoft-owned code repository a major target for hackers and a trend-setter in open source software.

GitHub COO Erica Brescia

Photo: GitHub

An astonishing amount of the code that runs the world's software spends at least part of its life in GitHub. COO Erica Brescia is responsible for making sure that's not a disaster in the making.

Brescia joined GitHub after selling Bitnami, the open-source software deployment tool she co-founded, to VMware in 2019. She's responsible for all operational aspects of GitHub, which was acquired by Microsoft in 2018 for $7.5 billion in one of its largest deals to date.

Keep Reading Show less
Tom Krazit

Tom Krazit ( @tomkrazit) is Protocol's enterprise editor, covering cloud computing and enterprise technology out of the Pacific Northwest. He has written and edited stories about the technology industry for almost two decades for publications such as IDG, CNET, paidContent, and GeekWire, and served as executive editor of Gigaom and Structure.

Latest Stories