How Aurion Gives Staff A Secure Payroll Experience

This blog is the first in our Security Series about how we keep your payroll and HR data secure and accessible at all times.


When one of our customers’ employees logs into their Aurion Self Service portal or opens the Aurion app to see their latest payslip or update their personal information, they expect their financial data to be secured from theft or manipulation.

We can assure our customers that our software platform is as secure as can be. However, because the human element is the weakest link in online security, we’ve integrated some nifty features to ensure our end-users are acting as securely as possible.

Secure Self-Service The Aurion mobile app offers a secure and user-friendly experience. Once set up and linked to their Self Service account, employees can log into the app using their mobile device sign-in, whether by code, fingerprint or face ID.

They can download payslips, apply for leave and more, without needing to log onto a website or make a call – so no more painful password re-sets.

To prevent manual errors from creeping in, Aurion Self Service data entry fields are designed to prevent incorrect information types being entered. For example, selecting a Time Code in a Self Service claim form requires hours and minutes to be entered rather than a unit value.

Our customers can also choose to configure their own Aurion system with our stringent rules for internal passwords:

  • 10 characters minimum
  • 90-day expiry
  • Mix of upper and lower case, numerals and special characters.

Stay off the phish hook Attempts at ‘phishing’ to steal and manipulate someone’s identity through fraudulent communications like password re-sets are one of the most common security threats to an employee, and we’ve reduced the likelihood users will fall for an email-based phishing attempt.

Aurion end-users receive a notification if their bank account details have been changed (diverting legitimate payments is the phisher’s prize catch) – which can only be done by the authorised company administrator or the individual themselves – so any unexplained change can be identified immediately.

Please note: If an end-user has changed their bank account but have not received an alert, they should contact their local Aurion administrator.

The email received by users when they select ‘forgot password’ in Aurion Self Service can be customised to display specific text, logos and images, for each pay entity being administered. As an extra sign of authenticity, the display shows (approximately) how many minutes it will take for the legitimate password re-set email to arrive.

Find out more about our secure services – read our blog An Even More Secure Experience with Aurion and  Master The Art Of COVID-19 Self-Defence for advice on protecting yourself and your business from cyber-scams.