Common Paymaster: What you need to know

After the close of every quarter, businesses are reminded of the many existing tax code intricacies. One lesser known layer not to be taken lightly is the common paymaster rule. This rule can have a major effect on employers with distributed workforces where employees work in multiple locations.

common paymaster

What is a Common Paymaster?

The IRS describes the common paymaster provision as a special rule for paying taxes.  When an employee simultaneously works for several related entities during a given year, the parent entity as a whole will end up overpaying certain payroll taxes. A common paymaster is a designated entity that pays wages to that employee on behalf of the related entities, thus only being charged for that employee’s share of payroll taxes once.

Let’s look at an example:

restaurant serverTom works at a restaurant, Dining Inc. He works at Location A on the weekdays and Location B on the weekends. Dining Inc. will be charged for Federal Unemployment Tax (FUTA) on all of Tom’s wages from each location separately, even if together his wages exceed the $7000 wage base.

This is where a common paymaster comes into play. Under certain conditions, the IRS grants Dining Inc. the right to designate Location A or B as a common paymaster. If Location A is deemed the common paymaster, it can issue Tom a consolidated paycheck that reflects his hours worked at both locations. Instead of the employer being subject to two wage bases for FUTA (and state unemployment tax (SUTA) in states where common pay is allowed) with respect to Tom, the employer is only subject to one.

The IRS also allows the use of a common paymaster for Social Security tax purposes. State laws vary on recognizing a common paymaster for SUTA reporting. StratEx clients can check with their Service Team, and anyone can check with applicable state agencies to see if common paymaster is a feasible option in your state of operation.


Common paymaster provisions can also come into play when calculating overtime. First, a company and its related entities must meet the IRS’s criteria for common paymaster AND the Department of Labor’s requirements for joint employment. Then, the designated common paymaster can be used to calculate overtime for employees who work across the related corporations. Since it is a single entity, the common paymaster makes it much easier to calculate overtime for the employees paid under it rather than manually calculating overtime across the different entities.

Is common paymaster in play for your business?

The exact verbiage of the rule states that “If two or more related corporations employ the same individual at the same time and pay this individual through a common paymaster that is one of the corporations, the corporations are considered to be a single employer.”

Corporations are considered “related” for instances such as when fifty percent of one corporation’s officers are also officers of the other corporation, or when thirty percent of employees simultaneously work between the two corporations. The common paymaster is also responsible for keeping payroll records and remitting payroll taxes for the employees it pays as a common paymaster.

For more information, you can see how the IRS lays out exact provisions for common paymasters in Publication 15-A and Regulations section 31.3121(s)-1.

eStratEx: Some Added Security

As we continue to improve our flagship software, we keep a keen eye on security and what’s happening in the industry and the world around us. With that in mind, in the next few releases you will see several new security-oriented features that will ensure your eStratEx experience continues to be safe and secure. Here’s an overview of what to expect:
1) When eStratEx pioneered the HR SaaS concept, many employees were not comfortable with the concept of self-service. Therefore, our default Manager role enabled the managers to help employees with pay stubs, name and SSN, and direct deposit information unless you asked for a custom Manager role without those options. These days, the majority of employees are comfortable with self-service, and so, in the near future, we will flip our assumption: employees will manage their own pay stubs, name, and direct deposits and the default Manager role will not have access to change this information unless you ask for a custom role so that they can. If you have a custom Manager role that has this access but you would like to remove it, please reach out to us. We will reach out to clients that are using default Manager roles in case they need a new custom role with this access.
2) Users will need to change their passwords at least every six months. Once this update is released, anyone that has not changed their password in the past six months will be asked to change it. If you would like employees to change their passwords every 30 or 90 days, reach out to us and we can customize this time frame for you. To avoid a rush of password help requests after the next release, we advise you to reach out to all employees and ask them to proactively change their passwords if they have not done so recently.
3) We will be rolling out two factor authentication to HR+ users. If you are an HR Admin, you will be emailed a code the first time you login in a given day and you will need to enter the code to continue with the login process. While two factor authentication will be required of all HR+ users, you will optionally have the ability to enforce the same rules to your managers as well.
4) In conjunction with number 3, you will be able to limit HR+ users and/or managers to login from specific IP addresses. For example, you may elect to only allow HR+ access from your corporate offices. This functionality will be optional and configurable by you directly in the system.
We will always be looking at our processes and policies to ensure a productive and safe experience for all of our users. If you have feedback or suggestions for these or any other changes, please do not hesitate to reach out to us at

Protecting you from your browser!

Most eStratEx users are aware that we at StratEx strongly encourage use of a modern browser when accessing eStratEx and Spokeware. This is not because we want to make life difficult, but rather because a modern version of your favorite browser will yield the most operational and secure user experience.

It is in this spirit that we will be phasing out support for old Secure Sockets Layer (SSL) protocols. SSL is a security measure employed by internet browsers and websites, allowing for the secure transmission of private data online. Just like browsers themselves, these security protocols are improved and updated over time. Research published in late 2014 revealed that older versions of SSL contain vulnerabilities which can be exploited by hackers. Eliminating support for these older versions will help ensure you are not unintentionally exposing yourself and your data to attack by using insecure technology.

What does this mean for you?

Most users will experience no disruption. All modern browsers use the latest protocols (TLS 1.0, 1.1 or 1.2) by default.

Internet Explorer versions 7-10 support the latest protocols, but they are not enabled by default. Anyone using these versions of IE may need to update their browser settings. To do so:

1. Go to Tools>Internet Options
2. Select the Advanced Tab
3. Scroll to the Security Section
4. Select the checkbox Use TLS 1.0

No users should be operating on versions older than IE 7, as we communicated the decision to end support for old versions of Internet Explorer late last year. If anyone is, however, they may not have the option to update their version to a secure protocol and therefore will not be able to access the site unless they update their browser altogether.

On May 20th, 2015, these changes will be implemented for system downloads (reports, attachments, document library files, etc.). Anyone using old SSL will be unable to download files from eStratEx after this date. On July 4th, the changes will be applied to the site as a whole, preventing all access for those still using insecure protocols.

If you have any questions, or need assistance updating your browser version or settings, please contact your friendly Service Team at StratEx.

Ending Support for Old Versions of Internet Explorer

As we continue to push out beautiful new releases to our flagship software, we are announcing that we are matching Microsoft’s and Google’s policies and ending support for old versions of Internet Explorer.

We continue to utilize new technologies that were not around a decade ago when IE 7 and IE 8 were released and thus cannot continue to support those versions while still providing you with the best possible experience in our system. While IE9 is slightly newer, it is still three major releases behind the current IE11 and lacks in many ways.

Thus, going forward we will only support IE11 and IE10 not running in compatibility mode, because it is time for out with the old.

Any questions? ask your friendly service specialist, or tweet me @born2code

eStratEx 2014R7 Release

The 2014R7 release of our flagship software has been released last night. As our users know, we release in place, with no down time and no interruptions. There has been nearly 50 items in this release, those impacting the end user are detailed in the release notes. We will have a separate blog post describing some of the functional changes in this release but I wanted to touch on some of the technical changes today.

As you may know the eStratEx stack is built on a MySQL back-end running on Ubuntu. We use Percona MySQL and not just because Percona is a client, as we used them before they became a client, but because of its superior performance.

The data access layer and the business layer are written in .NET, specifically VB.NET and C#. They currently run on II7 deployed on Windows 2008R2 but with the recent decisions of Microsoft to open up .NET and to make it truly cross platform we may be running it on Ubuntu in the future.

The front end is written using HTML, Javascript, CSS. We hand crafted a lot of our front end code with jQuery being the main library we typically used in our system. As of this release we are starting to use Bootstrap V3 for eStratEx.

eStratEx Login

This will allow us to provide a crisp, modern, refresh to our user interface. It will also allow us to focus on Mobile First strategy, where each aspect of our application is meant to run beautifully in your favorite mobile device. After some debate we chose this approach over releasing a handicapped, limited app providing minimal functionality to our users as have been adopted by others.

In conjunction with our Bootstrap v3 change we have switched to using Knockout v3. We have used knockout in the past on few admin pages but now we are fully embracing the Model-View-View Model (MVVM) pattern across the application. Our front end and middle layers are now very similar to what Microsoft is doing with their Azure portal.  When we started eStratEx however ASP.NET MVC was a very nascent technology and thus we went with class web forms. Two million lines of code later we are not about to re-do our system in MVC. However, all the neat stuff Microsoft is doing for web forms is making that a moot point. We are using Friendly URLs, as described by Microsoft’s Scott Hanselman (@shanselman), and URL routing to build out MVC style interface using web forms. Microsoft has a vision for a unified ASP.NET and we are capitalizing on that fully.

As soon as you login to the application you will start to notice the new changes made possible via combining the best of knockout, bootstrap, .Net and MySQL.



to Node or to Go

The recent news of trouble in node land is unsettling. Nodejs is am amazing technology with a big following. Companies such as Linked-In bought into it from the early beginning. Microsoft is making it a first class citizen in the Visual Studio eco system. AWS just launched a new service based on node, and has a great sdk for it. Joyent has embraced it from the get go and is now the corporate sponsor.  This is just a small set of nodejs related projects and companies, the list is huge.

We use nodejs for our home grown development tracking and management system and we are currently in the process of building out micro services to support our ever growing SaaS offering. Up till now the plan was to build out those micro services in nodejs. Now, being micro services, they do not really need to be all written in a single language. Especially those days with Docker taking over the world, it is very easy to develop different services in different technologies.

None the less, we would like to know that we have a goto option for a micro service build out, that we made a strategic decision to commit to a direction. Up till few days ago, that direction was Nodejs.

We have not changed our minds yet, Nodejs is not going away, and it still supported by a strong backer and if good things happen the rift will be healed and the community will come back together and keep pushing it forward.

However, we are now considering other options. One of the things that we have considered seriously is Google’s Go. It is a beautiful language, statically linked, so it is perfect for Docker deployment. It is supported by Google and has a ton of packages. What it does not have, yet, is an official AWS SDK from Amazon. That’s really the main reason that tilted the scale in favor of nodejs, up till now.

Now, it is decision time, to Node || to Go

Why did Koding move away from containers and Docker to virtual machines?

great writeup on scaling containers

From their newsletter: Celebrating 500k dev milestone with a global hackathon and a $35,000 prize!

PS: In the past Koding suffered from a few stability issues and it pained us. Now, we're powered by AWS and every VM you get is an AWS VM. No more LXC's, no hacks and no dockerization which means no more downtime. Just this month we have turned on more than a 100,000 VMs – yes you read that right… a 100,000 VMs with 99.9% uptime. If you have not done it yet, come give us another try… we guarantee that you will like it very much.

Why did Koding move away from containers and Docker to virtual machines?