Back to blog posts

Pinwheel Secure: Authentication optimized for market-leading conversion

Pinwheel Team

May 18, 2022

Download case study
Share On:

In typical financial API connectivity, a consumer gives a third party service access to their device or app and connects to their financial account with user credentials. Fintech APIs— like Pinwheel — are the necessary bridge between all the disparate data sources that contain valuable source of truth consumer information. Such a complex web of connected systems requires a thoughtful and time-tested approach to authentication and security. 

We believe the future of payroll will be standardized and accessible via open authorization, or “OAuth” as it’s commonly known. But the reality is we’re not there yet. The payroll connectivity industry has seen various solutions emerge that offer client-side storage or claim OAuth-like authentication, but these approaches have severe limitations. Not to mention, no true OAuth solution exists in the market today.

Pinwheel is continually refining its approach to authentication to benefit consumers, employers, and financial service providers. Today, we’re proud to announce Pinwheel Secure — our new authentication paradigm that’s specifically optimized for conversion and security.

A key outcome of authentication is the ability to securely convert an end user's session into a successful login. Pinwheel Secure, as an authentication paradigm, is the key to enabling our market-leading conversion.

These four essential tenants underpin Pinwheel Secure.

Coverage and ease of use

Pinwheel Secure is built on the foundation of our industry leading coverage of 1,600+ platforms and 80% of US workers which is 300% more than our competitors in the space. An end user's ability to find their platform is essential, so we’ve solved that problem first. 

Additionally, Pinwheel Secure is designed to limit the passing of user credentials between entities. It also offers support for FaceID, Touch ID, and other password managers within Pinwheel Link, our front-end UX that embeds directly into a customer’s application.

Continuous access

Pinwheel Secure supports persistent, user-permissioned connections to a consumer account and enables visibility into things like direct deposit allocations, income, employment history, paystubs, and even hours worked in real time.

Financial service providers can benefit enormously from Pinwheel Secure’s recurring access. Without it, they miss out on a multitude of opportunities: direct deposit allocation monitoring and income and employment monitoring; ongoing paystubs, shifts, income, or employment data needed for cross-sell opportunities such as tax advice and earned wage access (EWA); and knowing if and when a consumer turns off their direct deposit. We’re constantly adding new endpoints to power use cases like EWA, so having the right access in place is crucial to evolving alongside consumer demands.

Without Pinwheel Secure, once a user’s session is over, that’s it. All connection is lost the moment they exit the app, and it’s not established again until the next login by the user. Client-side solutions for credential storage are explicitly limited by this fact. Pinwheel Secure keeps a session live for as long as a platform allows and without relying on a user’s mobile connection.

Account triage

Pinwheel Secure supports pending account statuses for triaging non-deterministic login states. Pending contributes to conversion uplifts as high as 5 percentage points to our clients and occurs when the first attempt to connect (typically a direct deposit switch) doesn’t quite take. There are a number of reasons this could be: a platform’s slow response time leads to timeout or an employer’s settings get in the way. After a failed attempt, Pinwheel triages the pending state within 24 hours, working to reestablish a successful connection, and during which customers can focus on reengaging users (e.g. with an in-app notification).


Last but not least, in addition to the out-of-the-box benefits of Pinwheel Secure, our security- focused culture and design are a part of everything we do. Payroll information is both personal and powerful, and user credentials are no exception. With Pinwheel’s SOC 2 Type 2 certification, our dedicated Chief Information Security Officer, full on-shore development, and unique security solutions like asymmetric key encryption, providers can rest assured that their users’ information is safe. 

Want to know more?

If you’re curious about Pinwheel’s approach to secure authentication, and how it’s powering exciting use cases like earned wage access and next-generation lending, reach out to our team today.

And if you want to join the team building a world-class income data infrastructure, check out our open roles.