The staffing industry is one of the biggest targets for cybersecurity attacks, and in this episode of The Staffing Show, we are joined by the founder and CEO of Benefits in a Card, Carl Stecker, to discuss the hidden data risks in staffing payroll and how to combat them. Tuning in, you’ll hear all about Carl’s career, why integration in the staffing industry is imperative, what his Benefit Sync Portal does, security breaches to watch out for, and so much more! We delve into how integration within Benefits in a Card is impacting the company’s growth before discussing how their clients use the incredible benefits in their marketing strategies. Carl even tells us why he believes the staffing industry should embrace AI. Finally, hear why spending time with family is the most valuable investment you can make and be inspired to check out Benefits in a Card. Thanks for listening in!
[0:01:26] DF: Hello, everyone. Thank you for joining us for another episode of The Staffing Show. Today, we are digging into the hidden data risks in staffing payroll, and how benefits can actually win you new talent in a down market. I’m joined by Carl Stecker, who’s been in the game for 33 years, founded Net Profit, sold at Equifax. He’s now the CEO and Founder of Benefits in a Card, and is currently rolling out Benefits Sync and FreeRx. Benefits in a Card has over 262 integrations directly into payroll, ATS, and HRIS systems. Carl, super excited to have you on the show today, and to dig into this topic. Thanks so much for joining me.
[0:02:06] CS: It’s my pleasure, David. Thank you.
[0:02:09] DF: Awesome. Well, to kick things off, so everybody has a little bit of background on who you are and what Benefits in a Card is, could you tell us a little bit how you got into the staffing industry, and then I want to jump in and learn a little bit about Benefits in a Card.
[0:02:20] CS: Sure. Yeah. How we got into staffing, we founded Net Profit in 1990, and got into the tax credit arena in ’92, processing, at the time, it was to targeted jobs, tax credit, which we all know as WOTC, watch the credits, welfare to work, so on and so forth. We bought a company, I believe, ’94, and they had a big staffing client base. We were big in the food industry, the kill floor operations, processing, Conagra, Tyson Foods, folks like that. Then when we got into the staffing industry, we made an acquisition, got into the staffing industry, and not only was it a poor acquisition on my part, I also – you got to own it sometimes. But I did not understand the staffing industry. I did not understand how you turned people on and off. The fact that when they come into the branch, you got to catch them right away, get them to fill out whatever you need filled out, or you lose them.
Because when staffing dispatches, they’re not coming back into the office for a second interview, they’re going right to the job. At the time, the company was losing about $70,000 a month. I can remember standing in a parking lot, for some reason this comes to mind, and wondering how I was going to survive this. It became very clear to me that I needed to either figure it out with our team or abort, right?
I think a lot of companies get into staffing because they see the high numbers, and they see the payroll, and the head count, and it’s like, the dollar signs flash. If you can’t work with staffing in the way that staffing works and be seamless to them, you’re in trouble. The mid-90s was my really big learning experience. We started going to the conferences, we started talking to people, we started really learning the industry, and grew to just love it.
I guess, it was about ’98, ’99, David, we were up in DC, and we were lobbying for the extension of the WOTC credit. I was having dinner with three of our staffing clients. They looked at me and said, “Hey you get our payroll weekly. You’re integrated into our hiring platform. Why can’t you come up with an affordable benefits solution?” I was like, “What does that look like? What do you currently have in place?” Now, keep in mind, I knew absolutely nothing about health insurance at the time. I don’t even think I had my own. Seriously. But I’m a very optimistic fellow, and so is my management team. We were like, okay, we can probably do this.
They started talking to us about, well, at the time, all that was available was your major medical plans, Blue Cross, United, Aetna, Sigma, so on and so forth, or they had the supplemental plans, your Aflac plans, where if you get hit by a buffalo at 1.00 on a Wednesday, you might get $50. That was where they were at. What the feedback I was getting was, if people do stay long enough, that 90-day wait, or 120-day wait, they stay long enough to get coverage, they can’t afford it. That started the research, if you will. We started flying around the country, meeting with carriers. Quickly discerned that we would only work with A-plus-rated carriers. That became very apparent quick. That’s when it started. Several million dollars later and two years of development, out popped Benefits in a Card. That’s how we got here.
[0:06:11] DF: That’s amazing. Now, how many people are on your benefits? How many people are being helped because of you guys today?
[0:06:18] CS: Oh, hundreds of thousands.
[0:06:19] DF: That’s incredible. Incredible.
[0:06:22] CS: It’s been a real cool journey. We’ve been able to help a lot of people.
[0:06:26] DF: I love that. I love that. I know one of the things you and I talked about previously was just the level of risk that goes into the payroll and the way that people are transferring and integrating their data with their other systems. Could you tell me a little bit about how that shows up within the staff industry, anything that the agencies that are listening to this today should know?
[0:06:48] CS: Yes. It’s another story and one that’s a bit embarrassing. At the back end of Benefits in a Card, Net Profit, FreeRX, Benefit Sync, you name it, we truly, behind the scenes, are a technology operation. Our tech stack is almost as large as our bilingual call center.
[0:07:10] DF: That’s so wild. I mean, 262 integrations is insane. That’s a lot of energy.
[0:07:17] CS: That was since the beginning. We started the integration path January of ’24. The embarrassing part about the story is I ignored integrations for 15 years. I saw our competitors blurt them out. I saw marketplace partners. I saw all of that. I’m an operations guy. I’m not a sales guy. I am not a marketing guy. I’m looking at it completely operational. I think part of, well, I know, part of what shied me away was that some of the fees that companies wanted to charge to integrate with. I saw it as, okay, we’ve got the platform. We’ve got the technology. Why would we want to drive up the end user cost?
Long story short, at the end of ’23 at our Christmas luncheon, our Director of Client Happiness, Karen Porta, came to me and said, “Carl, we’ve got to start integrations.” I said, “Why?” She said, “Our clients want it.”“Well, that’s all you got to say to me. Karen and I have been working together for 12, 13 years now, she knows exactly what button to push to get me to move. It’s funny. I said, “Okay, Karen.” I said, “January 1, so two weeks later, let’s kick off an initiative to do these integrations.”
January rolled around, I started making phone calls. I really wanted to do it personally, where I was talking to the Aviontes, the TempWorks, the Greenshades, everybody’s supporting the industry, and just getting a feel for it. I knew that I wanted API integrations. What was shocking to me is that no one in our space, in the health, the benefit space, no one was API integrated. I said, well, how are you getting your files? How do you get your files? They said, “Well, we get them either CSV, flat file, email, Wi-Fi, and Excel, sending over your whole payroll.” It really turned me on my head.
I’m not a super tech guy. I’ve learned a lot about it more than I ever thought I’d know, but I knew this was really bad. I knew that it was insecure. It was all of those things, a massive vulnerability. I’m seeing on our own front all these hacks and attempted hacks and things coming through. I walked into my IT Director’s office, and I said to Gary Wright, I said, “Gary,” I said, “You’re not going to believe this.” He says, “What’s that?” I said, “All of the staffing industry is sending payroll in flat files, Excel, CSV, Wi-Fi.” I’m like, “Okay. Well, what do you do with this?” He looked at me and he said, “Carl, payroll data security in the staffing industry is non-negotiable.” That’s when I realized, this is going to cost a bundle. It just is what it is.
As you mentioned, a year and 10 months later, we are now API integrated with 262 payroll HRIS systems and ATS systems. We cover the gamut. We did that to be able to make sure that as we’re bringing new clients in, we’ve got a secure way to do so and a secure way to handle their data. We decided to take it a step further. I had a conversation with some of my friends at Hartford, and they’re one of the probably the biggest writer, or insurer of cybersecurity policies. I started talking to them about this, and I said, “How would this affect your cybersecurity rates?” They said, “Well, Carl. If you’ve got payroll, if you’re now handling payroll in an API manner and you can document all this, that you’re doing it for the company and certify them, if you will, issue a certificate that they can bring to us to show us exactly what they’re doing, they’ll get a 20% discount on their cyber policy.” I thought, that’s fantastic.
About that time was when we decided that we either needed to start another company or create a division. I thought it sounded less expensive to start a new division, David, than it would be to start a new company. I was incredibly wrong about that. We were several million dollars into this initiative and quest, if you will, to secure the staffing industry, and it’s not going to slow down. We created Benefit Sync as a division of Benefits in a Card to, one, manage all these different integrations. Then we came up with a certificate, if you will, that we issued to clients when we onboard them, so that they can take that to their cybersecurity policy carrier. Then we started to talk about it amongst our team. We said, let’s take this one step further. We need to provide training on phishing, ransomware, all of these other things, so that our clients can have access to it. I want to do it for free. Yeah, it’s a tall order. But I wanted to do all of this stuff for free.
[0:12:44] DF: That sounds like a great idea. Did they get on board right away, or any challenges there?
[0:12:50] CS: Well, no. Not from a client perspective. They’re glad to hear it’s free, but we partnered with NINJIO, which there’s a couple big ones out there. There’s NINJIO. There’s KnowBe4. We’re talking to them right now. But we partnered with NINJIO. If you go to the Benefits in a Card website, you’ll see in the upper right-hand corner, you’ll see Benefit Sync API. If you click on that, it’ll take you into the Benefit Sync portal. We’ve got the certificate side of it, and then we’ve got the NINJIO training. We can assign you a username, password, and the clients can avail themselves of all of that NINJIO training at no cost to them. So, they can send out phishing emails and then see who clicked on it, right, and do some corrective coaching.
It’s a way for them to train their staff, because we’ve all – I want to be really, really clear about this. All of these mistakes that I will talk about in our conversation today, I’ve made. We’ve made as a company. Yeah. I’m no really smart guy that figured all this out. I’ve made all these mistakes. We’ve had breaches. We’ve had stuff stolen. It’s probably why I’m so hypersensitive, if you will.
[0:14:04] DF: Yeah. You’ve experienced what it’s like. What are some of the types of breaches of either you’ve experienced that happen frequently within the industry? What you can be watching out for?
[0:14:16] CS: Most of them are phishing. One of the attacks that we’re seeing more and more of with AI, and cyber breaches have gone up in staffing, healthcare, and payroll by 900% since 2024. In the past year and 10 months that we’ve been working on this, breaches have gone up 900%. That’s an incredible number. The other big number that I’m watching is AI is going to double in the next six months. Breaches will double in the next six months.
[0:14:49] DF: At least.
[0:14:51] CS: Yes. Exactly.
[0:14:52] DF: The capabilities and the quality of the attacks is improving, I’m saying, right now.
[0:14:59] CS: Yeah. The staffing industry is a $212-billion-dollar target for cybersecurity acts and breaches. It’s not going to slow down. The one trend that we’ve seen really, really start to escalate through AI is actual voice. People trying to come in, they’re either calling you, or they’re trying to get your credentials, or they’re calling in to somebody in your organization, and people, they’ll get a conversation going, and all of a sudden, they’re giving them passwords, or they’re giving them their credentials, or something of that sort. We’re seeing more and more stuff done live in voice.
I had a guy call me. I was on a walk one day on a weekend, and he called me, and it sounded really legit. It was the police department. They were saying that I had a parking citation and that they were going to come pick me up, or whatever. I think, okay. I’m out on my walk, right? Basically, it was this guy wanted me to pay him $2,000 over the phone. I said, “Well, let me just get you to the address. Go ahead and send the SWAT car over, right?” Hung up the phone. I mean, it’s a really, really – people, they’ve gotten so assertive, aggressive almost. I mean, it’s uncanny.
[0:16:20] DF: It’s wild. I feel like the tactic right now is they know people make rash decisions when they’re afraid of loss, and the scared bit from Coinbase, cryptocurrency, wallet, texts almost every day, and like, hey, we’re trying to reset your password. If you didn’t do this, call us. It’s never ever a real thing, but there’s the level of the degree that people are going to do on these hacks is pretty amazing right now.
One of the questions I have for you is when you do see a loss at a staffing firm that’s benefits-related, related to the compliance side of things, what’s usually the response? Is it the data, the process, the people? What do you see driving the loss of that, not winning the cases?
[0:17:04] CS: Well, 42% of the breaches are human error. I’ve had some people argue with me, well, we use FTP server, we use a secure FTP server, so on, so forth. Well, in that environment, you send that data, it’s stored somewhere for a period of time, and then carries on. Firewalls mean nothing anymore for data breach. Basically, data on the move that’s unencrypted, or that’s stored somewhere is what they’re capturing. That’s what we’re seeing a lot of. We’re seeing a lot of it just from people – we’re creatures of habit, right? We’re used to doing things, or maybe we’re not at the office, we’re on our Wi-Fi somewhere, and hey, I’ve got to get this done. If it’s a person in benefits or HR. They’ve got to get that feed out to the provider. They don’t think as much about security.
One of the things is we – I didn’t mention this, but one of the things we did as we ran down this road, we were really hustling to get all these integrations done, and it dawned on us, well, wait a minute. What about our clients that aren’t part of an integration, or that do payroll in-house? How are we going to protect them, and how do we transmit their data?
As part of that thought process, we developed an API application that a client can go into our benefits wizard, which is our proprietary software platform, our operating system, if you will. They can download our app, drop and drag their payroll into it, it encrypts it, and sends it back to us API.
[0:18:47] DF: That’s amazing. Even for the people that don’t have the direct API, ATS integration, or HR payroll integration, you’re able to have the same level of encryption, so that it’s not going to be picked up over the airwaves, essentially.
[0:19:01] CS: Exactly. I don’t know. It was one of those things where you’re running so fast, you run so hard to get all these integrations on, and it was like, “Uh-oh. What about my friends and my clients?” They don’t have that. How are we going to solve that issue? That’s where our tech team became – They really excelled on developing that app. I mean, they made it happen in short order.
[0:19:22] DF: Now, it sounds like the last two years, you guys have dug deep into the integration tech side of the business. How is that impacting the growth of your business overall? What are you seeing in terms of where you guys are going?
[0:19:35] CS: We’re starting to see it, it’s really catching on, because people are starting to realize the risk. I mean, you don’t think much of it until you see a headline that pops up that a manpower franchise just got hacked and lost data on 144,000 people, and all their client list. That hits you right square. Then you’ve got UKG, the old Chronos. Chronos was huge in staffing for years. UKG got lifted, and they didn’t make payroll for Tesla, Whole Foods, or PepsiCo. I mean, that’s a problem.
[0:20:12] DF: That’s a problem. Yeah.
[0:20:14] CS: Those are the things we’re seeing more. I think as the awareness goes up, people are realizing that maybe I’m not just some quack talking about security. Because I’m truly not. This was not something that was done as a marketing effort. It was strictly operational and it tied down the staffing industry, secure the industry, help the industry any way you can.
[0:20:42] DF: I haven’t even thought about the cybersecurity element of that to saving on those costs a lot, and probably, worth the effort of integrating and moving forward just as that kind of a baseline. One of the other areas that I know you and I talked about briefly, just the levels of coverage. I know, I think the stat that you had shared was that 40% of workers in the staffing industry have spousal coverage. Is that something that some people have coverage when they’re coming into it? But then, they’re also, I know that we’re seeing in healthcare staffing and beyond that right now, benefits being offered can actually be a pretty significant differentiator in terms of how you drive growth, especially when pay rates are flat. How are people using your Benefits in a Card from that perspective?
[0:21:26] CS: I’ll share with you a little bit about FreeRx, which is part of the explanation to that question. I was going in for my second open heart, and they give you a bunch of medications, right? To keep inflammation down, so on and so forth. When I say a bunch, I mean, a slew of medications. I went to the pharmacy to pick up my meds and it sounded like it was elective surgery, so I had to do what they told me to do. I got hit with a $407 deductible. I thought, I’ve got Blue Cross Blue Shield, Major Medical, best plan money can buy, our whole team has the same plan. How can this be? I’m like, how can I be paying a $400 deductible when I’ve got a $1,500, or $1,800 a month insurance bill?
Long story short, I turned around, paid the bill. Like I said, didn’t have a choice. I paid the bill, and I know more than hit the door, and I started thinking, this could be somebody’s car payment. This could be their grocery budget for their family. This could be their daycare allowance for the week. I mean, all of this, it just was like a wave that came over me, and I’m like, this system is broke and we need to fix it.
In my 25 years as CEO of Benefits in a Card, we’re constantly reviewing plan designs. We’re constantly looking for new programs and platforms, and what’s the best benefit we can offer? How can we get it for the least amount of money, so that we can get uninsured and the underinsured? How do we help them? That’s where we end up. How can we help? Long story short, we hired three pharmacists. We instructed them. We wanted a formulary that covered 90% of the prescriptions written in generic medications.
Typically, the formularies that I’ve seen come across my desk are 30 to 50. Recently, I’ve seen a couple out there with maybe 200 medications. Our platform has about 1,000 medications. We started out with 815, and it keeps growing. Out of those were 128 acute medications that you need right away. Then we built in a network of 70,000-plus pharmacies that people can – if they’ve got an acute medication, they can go to their local CVS, Walgreens, Walmart, Target, Publix, Coles, Albertsons, pick up their prescription. Show their FreeRX card, and their prescription is filled, no deductible, no copay.
Then somebody on the team said, “Well, what if they don’t have a doctor?” Well, that’s a great idea. We built in virtual urgent care, so that if the child’s sick on the weekend, if your kid’s sick and you can’t get them on an antibiotic, or can’t get them better, or what have you, they’re not just losing a day of school, or a daycare, you’re losing a day of work, too. That’s important in the staffing industry is how do we get people fixed? How do we get them better? How do we help them so that they can get back to work? We built that in. That entire package, all of their medications, their telehealth, their urgent care, their network, all of that is $5.99 a week for individual and $6.99 a week for their entire family.
[0:24:51] DF: Crazy.
[0:24:52] CS: The reason I shared that story with you, and this is something that we’re going to open to the public market, it’s a lot less expensive for staffing, where it’s 20 – An individual, that’s $25.95 a month. In the public market, it’s $49.95 a month. It’s a significant discount. But we knew that we could do that because of the turnover in this space. We watched the numbers very carefully, but we can do it for a lot less and for staffing. The reason I shared that is when you asked me about benefits and how that drives retention and people, when we saw we had a big provider fall out of the space, I guess, in January of this year, so we started to get a lot of phone calls. People started, okay, let us see what we can do. We’re never going to be the cheapest. We don’t aspire to be the cheapest. We aspire to be the best.
Send us what you have in place now, and we’ll evaluate it, we’ll see what we can do, and obviously, there were situations where you had a lot of rollovers, so we had to try to do some price matching and then offer a more robust plan that they could buy up into. One of the things that really jumped out at our team, and then, actually, Karen, our lead account manager, came to me and she said, “Did you know that these plans to buy more life, like if you want to buy life insurance, or you want to buy dental, or vision, or something that’s not covered under your major medical plan, or the FreeRX plan, you want to sign up for FreeRX?”
If I went home and told my wife, “Hey, I can get medications for the entire family for $6.99 a week, plus virtual telehealth,” she’d be like, “Go do it.” In staffing, 40%, and I’ll use the number 40%, because it’s more like 50. But 40% of the people that come through your door are going to be on spousal coverage. They’re either on their husband’s coverage or their wife’s coverage. They don’t need medical, but they may need more life insurance, or want more life insurance. They may want FreeRX, because there’s certain medications that their plan doesn’t cover. Whatever the case may be, with the current plans that they have in place, the majority of the staffing industry, they couldn’t buy FreeRX, or additional life insurance unless they bought a medical plan, either a MAC plan or an indemnity plan with it. Now, that FreeRX benefit that would have cost them $5.99 a week, they’re now paying $30 a week for it. That to me was just like, holy cow. Because everything that we do is, and you can pick and choose, and we do that just for this reason. Because the more sticky I can make my clients to their employees, the more I’m helping them, the more I’m helping the company, and also, the more we’re helping the employees, because we’re giving them the benefit that they wouldn’t have had access to otherwise. If somebody can afford $6.99 a week, they can’t afford $26.99 a week.
[0:28:05] DF: Yeah. That makes a ton of sense. I know when you think about where the industry’s at right now, or some of the challenges I hear, is like, how do we get people to stay around longer if we want better lifetime value on the candidates that we do find? Then also, finding ways to differentiate in terms of what you are offering, how do you guys, or how do the customers that are using you use the benefit from a marketing perspective? Are there approaches that you see from that? What’s that look like?
[0:28:34] CS: Yeah. And Benefit Sync and the API, and how clients handle the payroll data is a big deal. The other big deal is what kind of benefits you offer. Are you ACA compliant? All of those things. What we want to do is give our clients a toolkit, if you will, so that when they’re going in and they’re talking to their clients, they can show where we offer our people this, this, this, and this, and we’re handling your data, your payroll, in a very secure fashion through Benefit Sync API. These are all huge selling tools for the staffing company.
[0:29:16] DF: Yeah. Where do you see – are they putting that on the job ads? Is it recruiters’ scripts? What’s the, any recommended approach for how they use it when they’re going to market?
[0:29:26] CS: Yes. I think putting it on the recruiters’ scripts is one way. I think that right now, or actually, next week, we’re kicking off all our client calls to educate them on the new Benefit Sync app that converts to API. We’re going to be training them on the NINJIO training, how to get into the portal, assigning them passwords, usernames, things like that. A part of this is also, it’s part of their marketing. It’s part of the staffing company’s marketing that this is what they’re providing. What we’re seeing is that, especially with FreeRx, we’re getting calls from companies that are using a staffing company that want to roll it out to the rest of their people.
[0:30:05] DF: Oh, that’s great.
[0:30:07] CS: Yeah. Which, – what that tells me is our clients are, they’re proud of it.
[0:30:12] DF: Yeah. That’s great. That’s great. With all the years that you’ve spent on the staffing industry, we’re zooming out a little bit, what are some of the, cybersecurity is obviously a key trend shifting to more integrated and automated approaches? What are some of the other major trends in terms of where you see the staffing industry go and moving towards the next three to five years? Any predictions, or forecasts?
[0:30:35] CS: Yeah. I think we were having a conversation last week talking about some of the maybe threats that could be happening to the –
[0:30:46] DF: Potential threat right now with AI. Yeah.
[0:30:47] CS: Yeah. LinkedIn is looking at going into the staffing space. Indeed is looking at going into the staffing space. Well, these are all things that staffing companies use to recruit. That’s a little uncomfortable thought process. Then you’ve got one of the – when we were doing the roundtables about it, one of the people had brought up robots and robotics. I went, “Hey, hold on a minute. Why don’t we start staffing robots?” A couple of people in the room looked at me like I had three heads. In my mind, in a light industrial environment, look, I can take a fob, plug it into a robot, I can plug my operational manual, my whatever piece of equipment. I can download that into a bot, and that bot can do the job. He now knows more than I could take in three years of training. Under the new tax bill, I can buy a hundred bots. I can depreciate them, year one, there’s a capex, right? Now, they’re pure profit. Don’t be afraid. Embrace it. If that’s where some of the industry is going, this could be a huge opportunity. Why wouldn’t we be doing that?
[0:32:03] DF: I’ve actually had a conversation. I can’t remember the name of the company, but it was somebody who, their entire vision was to be the largest robotic staffing agency in the world. The conversation with the guy that I was starting, that was the goal. That’s it. “I want to staff robots.”
[0:32:21] CS: Yeah. It may surprise you three years from now that he’s on to something.
[0:32:25] DF: Yeah. I see what NVIDIA is doing. It’s wild. A lot of changes happening pretty rapidly right now. Before we jump into the speed round, any other comments you have on the industry, or anything else you want to share about Benefits in a Card?
[0:32:37] CS: No. I think we’ve covered a good bit of it.
[0:32:40] DF: Yeah. It was a great conversation. I’ve got a few last questions for you and then we’ll round it up.
[0:32:44] CS: Sure.
[0:32:45] DF: What book, or books have you given most as a gift, or have been most influential to you, and why?
[0:32:53] CS: The book that I’m just finishing right now, which I would highly encourage everyone to read, is The Science of Scaling. It was awarded by Tony Robbins. It is a fabulous book.
[0:33:07] DF: That just popped up on my feed. I think I might have just purchased it on Audible, but haven’t got into it. What is one of the best, or most worthwhile investments you’ve ever made? It could be money, time, energy, or something else.
[0:33:19] CS: The most valuable investment I’ve ever made?
[0:33:22] DF: Yeah. What is one of the best or most worthwhile investments you’ve ever made? It could be money, time, energy, or anything else.
[0:33:28] CS: The time I spend with my family.
[0:33:30] DF: Love it. Love it. What should listeners download, or do immediately after this episode?
[0:33:36] CS: Call Benefits in a Card and get secure. The best-in-class benefits and get secure.
[0:33:44] DF: I love it. Well, Carl really enjoyed having you on the podcast today. Enjoyed the conversation and hope the listeners got some insight out of it. Thanks so much for joining.
[0:33:53] CS: Thank you, David. It’s always a pleasure to see you.
