Plaid Bank Credential Risks

I know, right? I tried Venmo, PayPal, my own bank...none of them offer it. Even though my bank is one of the biggest banks in the country that has a great online banking portal and my boyfriend and I bank at the same place.Not everybody is going to be comfortable providing credentials to a third party, I totally understand...but that is what's generally required in the US banking system for API access to bank accounts at multiple institutions, for better or for worse. If it makes

Generally speaking, bank APIs are for use by businesses that want to be able to pull bank customer data. There are integration hoops and so forth. They are not for end user use.Plaid has, or used to have, a mode where in preprod you could give it your credentials to a limited number of organizations and then pull in your data. Not sure that survived the Visa acquisition, but even if it did- personally implementing a Plaid integration gave me the willies. Handing over creds was in clear violat

I'm not sure. It is possible that some banks have an API that Plaid uses, but this issue has been known for several years and discussed on here quite a bit. Plaid even had a large settlement due to privacy violations.

Doesn't Plaid provide their API by taking user's online banking logins and scraping the sites? Seems like a huge risk.

This sounds horrible.In Europe there is the PSD2 [1] standard that basically forces (since 2020) all banks to provide some form of API to access and control customer accounts. And since all banks already had to go thorugh the work of creating an API, some of them even make them completely publicly avaiable (which isn't strictly required by PSD2).I once built a script to pull all transactions from my bank account to create a financial history in just one afternoon. No scraping or shady

Plaid asks for your raw bank credentials so that it can scrape up data. That's why I've always refused to use it.

this sounds incredibly hard to do - plaid's moat is that it is a bunch of work to keep up to date with all these different bank UI's, plus many banks have moved to OAuth which they only provide to trusted partners - like plaid. You cant get an oauth token to your BofA account just because you have an account there

Does it collect your bank username and password, or work directly with banking APIs? Every time I see some service trying to do this via Plaid I cringe.

I use a budget app called YNAB (You Need A Budget). It's great, but if I want to connect it to my bank account so I don't forget to add a transaction, I need to literally give my bank account number and password to Plaid, a 3rd party service that logs into my online banking portal as me in order to screen-scrape my transaction data, because my bank does not offer an API. Do you not see a problem with this? Not only is it a terrible idea from a security stand-point, but it

Looks like Betterment & Wealthfront use plaid, which could affect many on HN [1][2].[1] https://www.quora.com/Why-doesnt-Betterment-or-Wealthfront-u...[2] <a href="https://www.investmentnews.com/article/20190108/FREE/190109954/plaid-buys-data-aggregation-rival-quovo