Any DLer's coughed up their bank password and username to something called Plaid?

I'm Plaid. It's fine, OP.

R1 seriously, the name alone made me queasy.

I just recently learned of Plaid when I had to pay a large bill to a merchant that accepted check (I haven't written a check in 20 years), credit card (plus a 3% fee), or ACH transfer. I chose ACH and was prepared to give my account and routing numbers, like any other ACH transfer. Instead Plaid, a third-party entity, asked for my online banking username and password.

This is a privacy/security nightmare, as the user credentials would give this third party unfettered access to the customer's banking information, including transaction histories and statements, connected accounts/funds, credit cards, address, etc. And there’s the additional concern that in the event Plaid suffers a data breach, the customer’s online banking credentials could be leaked to someone who might drain accounts, etc.

It's outrageous that any corporation would ask for this information in order to execute a simple ACH for which ONLY the account and routing numbers are necessary. It's a brazen and egregious grab for ever more customer data, and yet another overreach by big tech/ corporations that people will accept in the name of convenience.

In my case, I ended up ordering a checkbook from my bank and then wrote and mailed a check to the merchant.

Obviously, OP, but don't do it.

Why would anyone ever consider doing this?

Forward this information to the FTC, OP.

Chase sued, and won, a case against Plaid. Chase does not work with Plaid.

If anyone ever needs a check, you can always ask a teller for a few counter checks. They'll ask if you ordered checks. Just tell them you ordered checks and they haven't come in yet.

Counter checks are blank checks the bank prints up. You have to write your name, address and bank account number on them.

Appreciate the replies.

FYI the bank in question Is BREAD SAVINGS which is paying the highest interest at the moment while NO financial websites are warning people about this application process. I check them all every day. When I looked up BREAD reviews (idiotic name) I found a few complaining about the issue and wanting to report them. Meanwhile Bankrate, Investopedia, Wallethub, ect., say nothing.

I have just finished transferring funds to a bank that I called in advance to verify they use ACH and not a third party entity.

[quote] e with a bank I've never heard of but is a legit bank supposedly.

It’s supposably, you idiot.

No, it's not. "Supposably" is not a word. How embarrassing for you, R9.

R9 I shouldn't have added the supposedly, it's a real bank. It's the financial apps like Plaid and Zelle that banks are using more and more that are the problem. Banks are using these apps to transfer money then denying accountability if something goes wrong--like getting hacked. Sure hope it doesn't happen to you, you sound like a great guy.

"Zelle has attracted a lot of negative publicity on account of various scams that happen using the platform. And Banks are doing little to help here, putting the onus on the users on most occasions. A google search on Zelle scams will bring up a lot of posts of such stories. Zelle does not have any buyer protection and is to be used only with people you know and trust. Some users have also complained of an account created in Zelle without even opting in.

Zelle has been trying to address this by educating its users on the various scams and how to protect their accounts.

Plaid, on the other hand, is called out for its data privacy issues. Many users want to avoid giving out their online bank credentials to Plaid but are often forced to do so as there is no other option.

Plaid, operates on the back end and many users don’t understand how the data is being used and what authorizations they end up giving to the service."

Who is dumber? OP or r9?

Actually r10 are dumberer. Yes, r12?

Plaid is fine, OP. It's used by a lot of apps to provide access to your banking information without giving them the actual account access. There's another one called "Trustly" that I know of, too.

Really R14? It doesn't bother you to give your bank username and password to a finance app? I don't even give it out to other banks.

Venmo uses Plaid to access your bank account.

R15 technically it is passed through the app to Plaid, who issues an authorization to the app for access. Plaid is the trusted authority in this case, and the app doesn't have to store your account access details. Plaid is framed in through the app's internal browser so you're accessing the Plaid secure site directly and they just return the session authorization to the app when you're done.

Plaid then provides access to your bank info using a standardized API so that the app does not have to know the specifics of your bank's particular software, I believe.

I was highly suspicious of it at first so I understand being hesitant about it, but that's basically how it works. It's been around for years now and is used in a lot of places.

I hate all these new 3rd party apps. They are so risky, and sometimes the entity using the app doesn't even care what their customers think. Sometimes the app (like the one OP mentioned are terrible. After years of being able to get our dog license though the city website and in person at city hall, our city outsourced that service to an absolute nightmare called PetData.com. It's an infuriatingly bad interface. My health insurance company has like six "portals" to random sites for medical care searches, billing, patient info etc etc. "We've partnered with PharmaCare BioSomething to meet all your medicin needs....." *Launches you into another website where you have to create a separate username and password*

They're called "white label" apps, and I think far too many companies use them out of some desire to just have an app on the app store.

My credit union uses one. Only banks like Chase, BoA, etc. have the financial and human resources to develop their own apps and supporting infrastructure.

Banks I can understand needing an app, but there's a lot of unnecessary ones out there.

The thing I dislike is when the app functionality doesn't match the website functionality. Usually the website is the king, but lately I've noticed you can do certain things in some apps that aren't available on the website.

R18 there are entire new healthcare companies that are basically just packaged together third party services and then they provide support on top of that mess.

Oscar is one of them. The annoying bit is you don't really know this until you've already signed up with them. It's all outsourced and they provide the branding and some support.

Plaid is a security nightmare.

Imagine millions of login credentials stored un-hashed in a backend waiting to be hacked by ransomware groups.

Imagine when you wake up to realize much of your bank money is gone to a foreign account.

Plaid is more than a security nightmare. It should be considered a *national* security nightmare.

A nation-state could easily leverage any access to those credentials.

For those interested, this is what the security community thinks of Plaid.

[Quote] despite Plaids apparently honest attempts at security, their approach is a privacy nightmare, as you give full access to Plaid, to all and every single information your bank has on you, including loans, funds, investment accounts, credit card statements, address, etc.

[quote] To make matters even worse, they can share all that information with their customers, i.e., the company that wants you to link with them. That means that when, e.g., your rent is paid via Plaid (my landlord uses a service that relies on Plaid), all of that information may be shared with that service! And while they, in turn, may not distribute that data further, you now have to trust another party that they are able to keep your data safe.

Checks?

Isn't that some kind of cereal for the elderly?

[quote] FYI the bank in question Is BREAD SAVINGS

I have all my money in BANK OF VEGETABLES

I used it to sign up with Robinhood. It seemed very sketch to me, so, as soon as the money cleared, I changed my password. A few weeks later, someone tried to access my bank account enough times for my bank to lock the account down. Maybe there was no connection, but I won't be giving it my information again.

I don't get this, do you have like a million dollar to reap some significant CD interests? otherwise, why all the hassle just to get a few hundred or thousand dollars more on the interests, besides a new account will negatively impact your credit score, 30~50 points dropped for a hard pull.

How do you guys use Venmo since Venmo uses plaid to connect your bank account to your Venmo account?

R21 why on earth would you assume they are stored unhashed? That's basic security.

Services like Plaid must pass some of the strictest information security requirements out there to be able to handle financial information like that. That's why no smart company with an online presence (with exceptions like large stores such as Amazon who can pay for their own) wants to store a credit card on their e-commerce store and why you have services like Stripe which, like Plaid, do it for them and act as a gateway. They provide the extra security, the auditing, penetration testing etc. so you don't have to.

I do not like providing my login and password to the bank. The problem is banks, not Plaid. If banking software provided some sort of API that had secure access, along with permissions for various bits about what you can and can't access in the account, it would be quite helpful. But they don't, at least not evenly, so the only way to access that data is through the front-end.

Banks are actually making the whole process less secure because they don't have some shared standard for this sort of thing. Plaid is just a stopgap.

I had to use Plaid last summer to apply for a covid grant I did not get. I have since been notified of a privacy breach and class action suit against Plaid, which I joined.

[quote] Banks are actually making the whole process less secure because they don't have some shared standard for this sort of thing. Plaid is just a stopgap.

I agree it's the banks who love these 3rd party apps. I paid bills and transferred money for years with ChaseQuickPay when one day it became ChasePay with Zelle. So without informing me, Chase put me on a 3rd party app and therefore I assume Zelle has access to all my info.

Banks did have a shared standard in the past, ACH (automated clearing house). Then with everything going mobile the apps took over--easier for the banks and faster than ACH (although the money eventually passes through ACH funnily enough).

The obvious problem is, as every single security company stresses, by using 3rd parties, no matter how encrypted and secure they claim to be, you have increased your risk considerably. Security people say they never ever give their bank password to anyone. When your money went solely through ACH the recipients were required to have a U.S. address. Not so with the apps. Right there you have a huge risk.

ACH is just used for fund transfers though, it doesn't provide balance and other information. That's what the apps fill in. The additional account information that isn't necessarily in a standardized format. So Plaid has custom interfaces for each of the many different banking systems that they then can provide access to using a standard API.

ACH also has no authentication, you just plug the numbers in and go.

R32 the banks have implemented "know your customer" (KYC) since then.

Plaid doesn't just use your bank password to help you move money. They use it to scrape every bit of information off your bank account, again and again, including credit card and loan data. Read their Privacy Policy!

And forget about how secure your password is on their servers. If the Chinese Public Security's file on a billion Chinese can be hacked, anything can.

Anything can be hacked, yes, but the likelihood is low.

Well, if anything can be hacked, the likelihood isn't "low," which is really a nonsense word in this context anyway. What does it mean? Just an attempt to give a meaningless assurance.

Airlines carry lots of insurance. Just how much insurance does a fintech like Plaid carry? The potential liability when you've got millions of bank passwords is enormous. Is the risk even insurable?

There is not legitimate reason that they would need your username and password.

While they MAY pay a slightly higher rate or charge slightly lower fees, it's not worth it. They want this information to:

- lower their own costs because they're cobbling together technology.

- access your accounts, transaction history, and obtain other information.

- circumvent existing banking, consumer, electronic banking, and other regulatory guidelines and protections.

- increase switching costs by trapping you in their financial "ecosystem" by infiltrating your other accounts.

They wouldn't be "hacking" your account as you will likely have authorized them to access your account with your username and password which would be a lot wider authorization than merely account and routing information.

Also, people need to remember that buried within your authorization to transfer money into your account (such as your payroll or your tax refund), you also authorize them to take money out at their discretion. It's always wise to have a separate account into which you have external money transferred in/out (bill payment is different) and another account for your own transactions.

Never use a debit card except at an ATM attached to your bank. The consumer protections on debit transactions are less favorable than credit cards, as well as who is responsible for resolving conflicts (a credit card dispute is resolved by the card company, whereas debit transaction disputes require YOU to resolve).

Let's take just one clause out Plaid's "Privacy Policy:"

"Information about credit accounts, including due dates, balances owed, payment amounts and dates, transaction history, credit limit, repayment status, and interest rate;"

Did you realize that giving Plaid your bank password just to help buy a CD means they'll be downloading your credit card transactions, on a regular basis?

[quote] There is not legitimate reason that they would need your username and password.,

I agree. They don't just want your money, they want everything. Then they tell you they NEED everything to, you know, HELP you.

[quote]. Also, people need to remember that buried within your authorization to transfer money into your account (such as your payroll or your tax refund), you also authorize them to take money out at their discretion. It's always wise to have a separate account into which you have external money transferred in/out (bill payment is different) and another account for your own transactions.

Good idea. A friend had her tax refund sucked out of her account by the Feds (their mistake). Took forever to get it back.

[quote] How do you guys use Venmo since Venmo uses plaid to connect your bank account to your Venmo account?

This may surprise you, but a lot of people don't use Venmo.

OP, as gay men, we usually eschew plaid.

Perhaps your question would be better answered if you could find some lesbians.

[quote] How do you guys use Venmo since Venmo uses plaid to connect your bank account to your Venmo account?

I have my Venmo attached only to one specific credit card so I can’t have my bank account wiped out and reserve the ability to dispute any unauthorized purchases.

[quote] besides a new account will negatively impact your credit score, 30~50 points dropped for a hard pull.

Why would they pull his credit report to open a bank account? I give you money, you use it while giving me interest on it until I need or want it back. No credit report necessary. They’re not offering him a loan.

Know your customer rules mean banks often pull a. credit report when you open an account. Especially a checking account. Ever hear of Chex?

Oh, sure I have. Mom used to make Chex Mix as a snack all the time.

Some apps like SoFi or Robinhood (but not Coinbase for instance) offer ACH as an alternative to Plaid. Not sure if Venmo does that.

Plaid should be illegal.

R37 you're just fear-mongering at this point.

R48 there are actual legitimate reasons as have already been stated, because bank software is not always compatible with each other and Plaid provides a common way to access and modify the data.

Smart to not get involved with that outfit OP. Now, the next smart thing you need to do is immediately quite doing business with Chase bank. They're on the same level as Bank Of America for being a scumbag operation.

R44 is correct, they do not require a credit report on an investment, which is what a CD is. The only thing they want to know is if you have backup withholding with the U.S. Government and trying to lock away your funds so the Feds don't get at them.

The ONLY time I was told there might be a credit check when I opened up a CD, and I've opened 4, is with BREAD as part of the PLAID crap. This was a huge red flag which I didn't even mention.

R44 Why? Because it's financial industry, it doesn't matter you are sending them your money or you borrow money from them, a soft pull is a must! No banks will allow you to open an account without checking who you are and your credit history, and many banks will also notify you there might be a hard inquiry if it's necessary and the tricky thing is, they can't tell you whether a hard inquiry will be trigged or not, the only way to find out is to open an account, so they require you to give them the consent for a hard pull on your credit report, whether there will be one or not is another story, but you do need to give them the consent, and many banks indeed will request a detailed credit report when you open a new CD account.

R52 Credit bureaus don't consider a person's investment or asset when determine their credit, Real estate, CDs, personal savings and investment have zero impact on your credit score, but the number of asset accounts will affect your credit, not from the asset itself or the credit bureaus, it's from the banks or creditors sending them inquiries on your report.

This is a fact: if you give your bank logins to anyone and they transfer your money without your permission the bank will not help you. Your $$ is gone. Don't be stupid.

R53 Banks do NOT check your credit history when opening a checking or savings account or a CD. You need to give them personal information which may or may not be used to uncover any past fraud, frequent overdrafts, or unpaid balances. This is NOT the same thing as getting a credit report.

I don't know where you got the idea that opening an account at a bank requires a credit check.

[quote] I don't know where you got the idea that opening an account at a bank requires a credit check.

R55 maybe it's because I have all said accounts here from different banks. and in the annual credit report I found out the soft/hard inquiries they sent to the bureaus.

Hard pull. Soft pull. It sounds like candy or sex. I don't think there is any area of knowledge I know less about than finance. I know handing out your logins is capital-B Bad, though.

R55 Perhaps some banks don't, but a credit check is common even when you open a CD account. Maybe different 20 years ago.

Well, it makes a huge difference whether it's one or the other. A soft pull is nothing. It doesn't affect your credit score. If some banks are doing hard pulls on credit histories for investments it must be in anticipation of a CD loan---that's when you open a cd and borrow some of the money back in an emergency. Or they are using an app like Plaid.

I saw the lest of banks and only Charles Schwab and one other bank did hard pulls. None of the other major banks on a list of 20 do a hard pull. I can't imagine investors would appreciate their credit being dinged every time they try to give someone their money.

^ but a soft pull is a credit check, that's the point of R58, which is to correct R55's false claim "no credit check required for opening a CD account"

R 60. My claim wasn't "false" but imprecise, as is yours. A soft inquiry does not affect your credit scores and only you can see it, not any lender. If you want to assert that a soft pull is a credit check, therefore implying it's in the same ballpark as a hard inquiry, fine. I think that is very misleading.

Institutions are making soft inquiries ALL the time on you with or without your approval--and whether you applied for credit or not. That's what all those "preapproved" credit card offers are. Calling them both a credit check is obscuring the fundamental difference.

R61 Stop your weasling. You sound like a banker. Or even worse, a fintech worker. All the usual corporate pap trying to make the unpalatable sound palatable.

R62. And you sound like a moron, thinking a soft inquiry is the same as hard. Probably have shitty credit too and spend your days arguing with banks trying to get your repossessed car back.

R63 Better that than selling my soul to Wall Street and screwing over the little guy.

Good luck finding a way to take it with you!

Y’all two are a pisser.

The Bread Savings

High-yield savings 1.65% APY2

1-year CD 2.50% APY2

Put your money in an index fund. All this drama for 2.5%?

At the time it was 3.50% for a 3 year.

Index funds are not FDIC. I know CDs are conservative but this is an amount I can't afford to speculate with at all.

And my point wasn't drama, it was a question about the financial apps banks use. It's a valid concern.

[quote]Index funds are not FDIC.

The risk from investing is independent of FDIC insurance.

The equivalent to FDIC is SIPC which offers similar protections.

[quote] The risk from investing is independent of FDIC insurance.

The risk from investing is that you could lose money, right? With interest disbursements from cds I have a guaranteed income but I realize a brokerage house is the way to go if you want serious return.

[quote]The risk from investing is that you could lose money, right? With interest disbursements from cds I have a guaranteed income but I realize a brokerage house is the way to go if you want serious return.

You clearly have no idea what FDIC is which was implemented to prevent runs on banks by providing insurance so that depositors will not lose their funds if the bank should collapse. FDIC has nothing to do with returns, guaranteed income, or protecting principle - except in the case of the collapse of the deposit institution.

I prefer the gay version. Pastel.

WTF. I know exactly what FDIC insurance is, it guarantees my initial deposit. That's it. I didn't say it guaranteed returns. It has nothing to do with returns. I said because it is so low risk returns will be low. CDs are considered the lowest risk investment because YOU CAN NOT LOSE YOUR PRINCIPAL.

It is possible to lose some or all of your initial investment with index funds. The SPIC does not insure money lost to market forces. Do you even understand risk?

If you desperately need the 2.5%, this weird bank is probably your best bet

Seriously muddled minds here about FDIC and SIPC. FDIC, within limits, backs you if the member bank that issued the CD goes under. But if you invest in shares of a fund or corporation that goes under, SIPC protects you not at all. SIPC protects you, within limits, if there's a problem at the member broker holding those shares for you.

[quote]The SPIC does not insure money lost

Oh, yeah, I’m watching you, buddy. You’re about to board the cancel train!