Questions loom about payroll data provider Argyle’s motives to pay users for login details
Argyle, a fintech startup that aspires to become the “Plaid for employment records” by offering consumers capabilities to grant permission to access their payroll data, is being scrutinized over its motives to collect payroll data and offering to pay consumers for access to login information.
Why should we care?
Screen scraping, or the practice of giving an application access to user login details for the purposes of “scraping” account data, has long been critiqued for its security vulnerabilities. Reports suggest Argyle took that up a notch by offering to pay users for their payroll login information. Argyle, and domains allegedly traced back to it, reportedly offered to pay users up to $500 for passing on login information, and the alluring prospect of monthly $25 payments as long as the credentials continued to work. Argyle’s corporate pitch is to offer lenders easy access to an applicant’s employment records in one place. For gig workers, this can mean multiple employers’ payments can be accessed in one place. Sounds like a great idea – but it comes with security risks. And paying for people’s login details may contravene U.S. hacking laws. The company recently secured $20M in Series A funding led by Bain Capital Ventures. “They are not paying this money just to be able to sell people services, they are doing so to maintain their screen-scraping software API,” IT consultant Steve Friedl told security analyst Brian Krebs. “This is essentially paying employees to help Argyle hack their payroll provider.” Argyle didn’t respond to outlets’ requests for comment.