“When we heard of Citadel and tried it out, it was exactly what we needed,” Dan says. It meets ClearChecks’ criteria and puts control into the...
The future of Payroll API
Citadel and other companies leveraging fair disclosures and front-door access are well-positioned to be ahead of the curve in terms of consumer trust, privacy, and data security.
Consumers are becoming increasingly aware of the value of their data and of the data privacy risks associated with digital services. Citadel and other companies leveraging fair disclosures and front-door access are well-positioned to be ahead of the curve in terms of consumer trust, privacy, and data security.
As the digital economy continues to grow, a consumer privacy revolution has followed. Spearheaded by the E.U. in 2018 with the passage of the “General Data Protection Regulation” (GDPR) legislation. The GDPR ensures that all consumer information is collected legally and limits its use.
In 2020, The California Consumer Protection Act (CCPA) was enacted and, while similar to the GDPR, requires consumer consent. More than thirty states are enacting similar data protection laws and the trend of requiring consumer consent by requesting permission to use their data will continue.
The adoption of CCPA-like laws would make it impossible to sell or leverage consumer data without explicit consent.
What do we mean by ‘fair disclosures?’
Prior to the GDPR and CCPA, most consumers were unaware of the value of their data. The massive data leaks and cyber attacks we see today were uncommon, and many businesses shamelessly monetized data by claiming ownership while avoiding "fair" disclosures.
The use of "fair" disclosures allows the user to see the data access and handling disclosures in a human-readable format.
"Not-so-fair" disclosures require customers to check a box in order for the data to be released to the business. To understand the risks of sharing their data and what they’re consenting to share, a consumer would have to read a fifty-page document written by lawyers that is completely incomprehensible to anyone who does not have a legal degree.
On contrary, take a look at the following Apple App Store screen:
With the CCPA and companies like Apple pushing the privacy envelope, fair disclosures will become more common and will likely soon be legally required.
‘Front door’ access
Although accessing data through the ‘back door’ is a common business practice, at Citadel we’re resetting the standard.
We focus on earning the trust of the consumer, rather than monetizing their data. With the antiquated ‘back door’ access model, the consumer would provide written consent (in the form of a ‘not-so-fair’ disclosure), and any business could pay a fee to the payroll provider or a third-party service to access the data.
Businesses would most likely receive more data than consumers expected to allow and would pay a fortune to gain access to this password-protected data. Both the businesses and consumers lose, while payroll providers and third-party providers would benefit.
Internally, we call accessing data on behalf of consumers and with fair disclosures ‘front-door’ access.
The new ‘front door’ access model is a privacy and consumer-focused alternative. The best way to earn the trust of a consumer is to bring them into the process. At Citadel, we educate users on the process and our disclosures are fair and written in plain language. Our users provide their payroll logins or passwords with confidence that their data is safe, and we create a secure connection to very limited and specific payroll data.
With consumer buy-in and some clever technology, businesses can easily retrieve, read, and update the data that the consumer granted access to. Transparency can develop trust and strengthen relationships with the consumer, but how does it all work?
How does front-door access work?
Most applications that leverage a user’s login credentials to access user data work in a similar fashion:
- Provide a platform for consumer to log into their payroll account
- Securely log in for a user with their provided credentials (e.g. HRIS or Payroll provider)
- Extract the data or make changes to the account
- Return data securely via API
Citadel's experience, for example, looks like this:
The power behind payroll data
Payroll accounts contain a wealth of information (up to 120 data points) and are carefully validated by HR administrators.
Citadel’s payroll API can provide secure access to very meaningful and up-to-date identity data. Any new employee for a business must provide two forms of identification (e.g. driver’s license, Social Security card, Military ID card, US passport, etc), a filled I-9 form to confirm immigration status, and proof of a checking account (USCIS,2021).
In 2020, the Department of Homeland Security increased the fines limit for wrongly filed I-9 forms to $2,332. So, employers maintain high accuracy of the information in payroll accounts and this accurate identifying data becomes securely accessible via API. Here’s a sample of some identity data that can be found in a payroll account:
Citadel’s API also fetches key information about the employer. Businesses must identify themselves when opening a payroll account by including their EIN, address, and other company information.
Citadel is able to gather fundamental employment information about a user that is stored in the payroll account. For example, on the first day of work for a new employee an HR administrator adds the employee to the company's payroll account, enters the start date, and, in most cases, also adds the employee's title, department, and manager.
When any employment ends, the end date is updated on the employee’s payroll account.
Key income data is also available via Citadel’s API. Following the completion of a pay cycle, the new employee is paid in accordance with the W-4 form that they submitted to calculate their taxes. Pay stubs are generated, and payroll is processed. The payroll provider runs calculations and generates W2s at the end of the year. All of this data is stored in the payroll account and instantly accessible via API.
Bank account data is also available inside the payroll account. Before the first payroll run, a new employee would have the option of depositing all of their pay into one bank account or splitting their check into multiple accounts. The account information is logged and accessible with the consent of the employee.
Who benefits from connecting to payroll accounts?
Lenders can improve their loan underwriting and loan servicing processes. Lenders will be able to verify income and employment information much faster and more easily than they do now. Using payroll data directly from pay stubs and W2s, lenders can reduce risk and better understand applicant profiles.
Citadel’s access to the rich dataset available in payroll data is especially valuable for data-hungry processes such as mortgage underwriting. We are able to offer a wealth of accurate income and employment data points and reliable employment tenures for each applicant simply with consent and the click of a button. Our solution for mortgage underwriting significantly streamlines the ‘modern’ electronic paystub upload process and requires a small fraction of effort from the applicant.
While income and employment are routinely verified for mortgages, they are rarely verified for unsecured loans or small-check loans because of the traditionally high costs of verifications. Citadel is changing this - our low verification costs make adding payroll-based verifications to small loans a viable option and adding this verification step will improve underwriting and reduce losses.
Allowing lenders to deduct loan repayments directly from consumers' paychecks is a far superior method of loan servicing. Any lender would prefer the security of having direct access to a consumer's paycheck (with the consumer's consent), rather than having to wait for a consumer to repay a loan from their bank account. Similarly, because the loan has more security, consumers are likely to benefit from a lower interest rate. Pay-attached lending is a type of repayment that has been shown to significantly reduce fraud, improve credit quality, and reduce default rates.
Background screeners can skip the time-consuming process of contacting a consumer’s past employers. Background verification is instant with consumer-consented access to data in their payroll accounts. In addition to verifying only recent employment, most payroll providers store all employment history for a consumer, so background screeners may be able to verify all employment history required for starting a new job with a single click.
Banks can increase LTV by switching a consumer's direct deposit. When deposit-taking institutions connect to payroll, consumers can reroute their direct deposit to a new account, a process known as direct deposit switching. Receiving a consumer's direct deposit has numerous advantages, one specifically being that the account can be automatically funded with payroll, rather than relying on the consumer to transfer funds.
Software companies can also get more seamless and secure access to payroll and HR systems so that all employee data can be pulled into one place. This saves a significant amount of time for the software company, which would otherwise have to build one-off integrations because customers may use different payroll and HR system providers. As a result, payroll access provides these applications with a wealth of new information. For example, a company that assists tech companies in obtaining R&D credits can pull all payroll history through a single API and avoid the need to build multiple integrations.
With the implementation of GDPR, CCPA, and other consumer privacy laws, data control will shift from third parties to end-users. Having a dependable provider to access payroll accounts via an API and with consumer consent (via the front door) can assist businesses in growing and improving unit economics.
We'd love to set up a demo to go over our current offerings and let us show you some exciting products we'll be releasing soon.