Ask HN: Do you use Plaid and give them your banking login info?
It seems like such a horrible idea. I want to send money (to buy a Tesla, or to fund a Coinbase account, or whatever), and so I have to... give a random company the login credentials for my bank? Give them access to all of my business and personal accounts, all of my children's accounts, CDs, IRAs, etc.
It's FAR more than they need. To this day I don't understand why anyone would use Plaid.
15 comments
[ 0.32 ms ] story [ 49.4 ms ] threadIt probably is.
> To this day I don't understand why anyone would use Plaid.
It's more desirable to use a fin-tech company to handle all that than take on the liability yourself, as a company wanting to receive payments (or connect to transaction info, like a lot of the popular budgeting apps do).
Can anyone tell me what the risks are? I seriously thought this was a pretty safe thing to do.
A bad actor with your bank login and password could cause a LOT of mischief.
They have to use bank login and password, so that can scrape your info. No banks tend to implement OAuth. I've been out of the world for 2 years, but last I was in I was kicking and screaming to keep where I worked away from it, and I still warn people off.
I have never understood why don't banks offer READ ONLY api/access to accounts for 3rd budgeting apps/expense trackers or even verifying you for a mortgage.
I run a fintech startup, and as ridiculously insecure as the Plaid model is, there is huge demand for it. Customers want to extract their transaction data and there is no good interbank payment system in the US.
I live in the Ukraine at the moment and the interbank payment system is far better here. Anyone can send money instantly to anyone else just by knowing their account number. The transfer fee is stated up front in the mobile app, and the transfer is instantaneous. Large amounts are protected by a 2FA approval notification, and you may receive a call from your bank. Businesses regularly accept payments through it as well.