using plaid for bank verification

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
Topic Author
sambb
Posts: 3011
Joined: Sun Mar 10, 2013 3:31 pm

using plaid for bank verification

Post by sambb »

any idea on this process and how pften it is used?
User avatar
Svensk Anga
Posts: 869
Joined: Sun Dec 23, 2012 5:16 pm

Re: using plaid for bank verification

Post by Svensk Anga »

I ran into this when a CD matured at a credit union recently. I tried to link my home credit union so I could push funds via ACH and avoid a hold. Credit Union with the CD used plaid for verification. Did not work. Wound up taking a cashier's check and suffering the check clearing hold.
toofache32
Posts: 2245
Joined: Sun Mar 04, 2012 6:30 pm

Re: using plaid for bank verification

Post by toofache32 »

I recently found out Coinbase uses them to verify bank accounts. I hope they are legit.
User avatar
JoMoney
Posts: 11524
Joined: Tue Jul 23, 2013 5:31 am

Re: using plaid for bank verification

Post by JoMoney »

I've had Fidelity try to use it to verify a checking account I wanted to link.
It creeps me out. I shouldn't be supplying my login credentials to a third party or having to agree to additional third party terms of service to link a bank account.

FWIW, I think Visa bought Plaid...
https://usa.visa.com/about-visa/newsroo ... 16856.html
"To achieve satisfactory investment results is easier than most people realize; to achieve superior results is harder than it looks." - Benjamin Graham
drk
Posts: 2388
Joined: Mon Jul 24, 2017 10:33 pm
Location: Overlooking Elliott Bay

Re: using plaid for bank verification

Post by drk »

JoMoney wrote: Sat May 08, 2021 10:29 pm FWIW, I think Visa bought Plaid...
https://usa.visa.com/about-visa/newsroo ... 16856.html
The transaction was cancelled at the start of the year. DOJ sued to stop it because of antitrust concerns.
CoralReef
Posts: 8
Joined: Wed Apr 14, 2021 9:39 pm
Location: PNW

Re: using plaid for bank verification

Post by CoralReef »

It’s used a lot, but I won’t use it. Just one more potential target for hackers. Plus, my banks’ deposit account agreements specifically say they are not liable for losses if I furnish login details to a third party.
SlowMovingInvestor
Posts: 2807
Joined: Sun Sep 11, 2016 11:27 am

Re: using plaid for bank verification

Post by SlowMovingInvestor »

I think plaid doesn't store creds if you merely use it to link 2 bank accounts for ACH (instead of using the manual 2 deposit method).


Once the link is setup, Plaid isn't used anymore. But again, this is only for FIs that can actually do ACH to each other.
Portfolio: 50% DOGE, 10% SPACs, 10% Frozen OJ futures, 10% MOON ETF, 10% NFTs , 5% FOMO ETF, 5% New Jersey Delis with $100M market cap :)
Makefile
Posts: 852
Joined: Fri Apr 22, 2016 11:03 pm

Re: using plaid for bank verification

Post by Makefile »

CoralReef wrote: Sat May 08, 2021 10:49 pm It’s used a lot, but I won’t use it. Just one more potential target for hackers. Plus, my banks’ deposit account agreements specifically say they are not liable for losses if I furnish login details to a third party.
I get a paper copy of the PNC Bank annual report (long story... relative who worked for a predecessor bank back in the 1980s and bought certificate shares that turned into one of those Computershare accounts). They actually call out these third party services as a security risk in the report. It seems they realize these services have a boneheaded security model, but apparently accept the risk. It seems specifically directed at things like Yodlee. Sometimes it feels like those services are just a hugely sophisticated phishing attack :P And it would be so simple to do it better--all the banks would need to do is let you have two passwords, one with full access and one with read-only access to use with these services.
A number of our customers choose to use financial applications (apps) that allow them to view banking and other financial account information, often held at different financial institutions, on a single platform, to monitor the performance of their investments, to compare financial and investment products, to make payments or transfer funds, and otherwise to help manage their finances and investments. Financial apps often ask users to provide their secure banking log-in information and credentials (username and password) so the apps can link to users’ accounts at financial institutions. Companies offering these apps frequently use third-party data aggregators – behind-the-scenes technology companies that serve as a data-gathering service provider – to deliver customer financial data that is used by the financial apps. To do this, data aggregators are provided with customers’ log-in information and credentials, which allows the aggregators to access the customers’ online account and “scrape” the customers’ data, often on a daily or even more frequent basis. That same information has the potential to facilitate fraud if it is not properly protected. In fact, the Director of the FinCEN has stated that FinCEN has seen high incidences of fraud, including ACH fraud, credit card fraud, and wire fraud,
enabled through the use of synthetic identities and through account takeovers via these platforms. In some cases, cybercriminals appear to be using such data aggregators and integrators to facilitate account takeovers and fraudulent wires. PNC has and may continue to face increased financial exposure due to fraudulent activity associated with the increased use of these apps and data aggregators. Even where PNC does not have responsibility for fraud losses associated with these apps and data aggregators, PNC could suffer increased reputational harm when such losses occur.
acegolfer
Posts: 2524
Joined: Tue Aug 25, 2009 9:40 am

Re: using plaid for bank verification

Post by acegolfer »

Depends on your bank. If the bank uses tokens, then plaid won't store login. Otherwise, plaid will store login. To tell whether it's using token or not, change bank password. If plaid asks for new password, then it stored your login.
SlowMovingInvestor
Posts: 2807
Joined: Sun Sep 11, 2016 11:27 am

Re: using plaid for bank verification

Post by SlowMovingInvestor »

Makefile wrote: Sat May 08, 2021 11:17 pm

I get a paper copy of the PNC Bank annual report (long story... relative who worked for a predecessor bank back in the 1980s and bought certificate shares that turned into one of those Computershare accounts). They actually call out these third party services as a security risk in the report. It seems they realize these services have a boneheaded security model, but apparently accept the risk. It seems specifically directed at things like Yodlee. Sometimes it feels like those services are just a hugely sophisticated phishing attack :P And it would be so simple to do it better--all the banks would need to do is let you have two passwords, one with full access and one with read-only access to use with these services.
I believe in some cases, banks return tokens to aggregators that are read only.

But I don't use aggregators any more than I'd use TurboTax online.
Portfolio: 50% DOGE, 10% SPACs, 10% Frozen OJ futures, 10% MOON ETF, 10% NFTs , 5% FOMO ETF, 5% New Jersey Delis with $100M market cap :)
Post Reply