One of the most common request we field from small business owners and human resource professionals is the need for payroll integration. It’s an important request, because it negates the need to update multiple systems. Our goal at Flock (www.helloflock.com) is for our customers to have one single system of record that connects and updates other peripheral systems like payroll and insurance. However, data integrity and security are foremost for us. Unfortunately, there are several approaches being taken by other software vendors that expose sensitive customer data to errors, mistakes, and (gasp) potential data breaches. Here’s the good, the bad, and the ugly of payroll integration.
If a payroll system has an API-based integration, then this is the cleanest and safest way of integrating sensitive data between two systems. In this case, one system (an HR system like Flock) acts as the system of record and passes specific event data to the payroll system. The next time you hear someone talk about payroll integration or ‘sync’, ask if they use an API-based integration.
The second approach is to get a change alert when a pertinent field is updated in your HR system. The alert or report has all the information you need to update the payroll system. While not an integration, this is a safe and secure way of migrating the information into your payroll system.
A few vendors play fast and loose and trick the user under the pretext of words like ‘payroll sync’ or simpy ‘sync’. In this case, the administrative user creates a ‘bookkeeper’ or ‘accountant’ role in the payroll system and passes that login information (and password) to the other software vendor. The software vendor then provides this information to a legion of data entry employees, who are alerted to any changes and manually login and update the payroll system, masquerading as the employer. This is akin to a call center approach, except that all of your employees’ sensitive data is at stake in this case. Of course, it’s also fraught with errors.
Another ‘ready, fire, aim’ approach is to build on the ‘Bad’ way and make it ‘Ugly’. In this ‘Ugly’ approach, the software vendor uses the login and password to create an automated script and maps certain fields that need to be updated. This automated script logs in to the payroll system on a recurring basis, updates the relevant information, and logs out. This can be highly dangerous because:
- The login and password are seldom encrypted. In other words, they’re stored in a database or spreadsheet that can be hacked
- The login information can be high-jacked as the script continues to log in and out of the payroll system
- If the fields are not continually checked for updates and re-mapped, this can result in significant errors
- There can be significant strain on the payroll system if a lot of accounts are being logged into simultaneously and updated, causing the system to crash or shutdown
For more on the Bad and Ugly ways of integrating with a payroll system, you can search the internet for ‘ADP and Zenefits’.
We recommend choosing the Good, safe, and secure way of transmitting your secure data between your HR system and your payroll system. Always ask questions about the type of integration, how secure it is, and if a software vendor asks for your username and password, even under the ruse of calling it a ‘payroll sync’, just say No.