
Plaid co-founder William Hockey is leaving - theBashShell
https://medium.com/@williamhockey/transitions-8e0ed5257ac2
======
basch
What did Plaid do that Yodlee/Envestnet didnt? Was there some sort of
collective amnesia, where everyone pretended this wasnt a solved problem, and
to fund it being reinvented?

What does Plaid do better? Is it just a more modern stable variant, or does
the end user experience something more akin to "one plaid account for all my
plaid connected services." Do I have to type my bank account number in twice
if I sign up for two services that utilize plaid?

~~~
GregorStocks
When Plaid originally launched, their value proposition was much higher-
quality connections to the top dozen or so most popular institutions in the
United States - fewer data quality issues and better integration with MFA than
you could get by screen-scraping. Since those banks have about half the bank
accounts in the US, that's pretty nice. They later started supporting long-
tail banks (the 15,000 or so other institutions in the United States),
although without the same data-quality advantage as they have for the big
banks.

From the perspective of a new startup, Plaid also has a much more modern API
and treats documentation as a much higher priority than most of their
competitors - you can get up and running in an afternoon, which is absolutely
not the case for every provider in the space.

Plaid also had much better support, at least in the early days - level 1
support was a native English speaker with deep technical knowledge of the
product, level 2 support was a founder of the company.

~~~
basch
Yodlee had direct data api access to bank databases before Plaid was a sperm
in an investors pocket. Its been more than a screen scraper for a long time.

~~~
GregorStocks
Well, I don't have experience with the quality of Yodlee's data, but I can
certainly confirm that around 2014 there were Plaid competitors who had much
worse support for big banks than Plaid did. Compared to Yodlee, Plaid might
have just been competing on price, developer experience, and support.

------
paws
If I understand right, using Plaid means giving bank account credentials to a
3rd party by design.

Let's say, for sake of argument, one day a Plaid user logs on to their bank
account and discovers missing funds. Does the bank get to say Plaid users
automatically lost consumer protections under e.g. Reg E and similar by
sharing account credentials? Not an expert but it seems to me the answer is
probably yes.

~~~
justaguyhere
Services like Plaid and Mint can only read data, isn't it? Has that changed?

~~~
tehwebguy
I mean, not if you give them your username and password

~~~
rufugee
A relatively simple fix for this would be for banks to allow me to create a
read-only user ID and a transactional user ID...I could hand the read-only
credentials to services like Plaid. I suggested this to Fidelity over a year
ago and they looked at me like I was crazy.

Banking in the US is so horrible at the moment. there’s an immense opportunity
for someone to come through and give a better consumer experience, but I fear
the barriers to entry are far too high. I had high hopes for Simple.com, but
they ended up destroying about every useful feature they had and falling way
short of the mark...

~~~
imgabe
Yes, I've wanted this for years. I still use Mint but I hate the password
part.

There was a clever hack someone posted here a while ago about using the email
alerts feature to essentially get a read-only feed of transactions from a bank
account. It does require you to parse the email and build your own system, so
it wouldn't work for most people.

~~~
findjashua
i did this for personal use a while back, but the biggest issue i faced was
that the merchant name in the email alert was truncated, so it wasn't the same
level of info quality that mint/plaid can provide (since they have the
complete merchant name)

------
wexxx
This is William’s post. It’s worth going to the source.

[https://medium.com/@williamhockey/transitions-8e0ed5257ac2](https://medium.com/@williamhockey/transitions-8e0ed5257ac2)

~~~
dang
Ok, we'll change to that from [https://techcrunch.com/2019/06/18/fresh-
off-a-2-65b-valuatio...](https://techcrunch.com/2019/06/18/fresh-
off-a-2-65b-valuation-plaid-co-founder-william-hockey-is-leaving). Thanks!

------
zaksoup
Plaid's entire ideology has always seemed back-asswards to me. As far as I can
tell it boils down to

1) Ask users for their plaintext login details to financial institutions

2) Store those details unhashed because they'll be used to authenticate
directly with said institutions because they're not implementing some sort of
reasonable Oauth flow

3) If users have 2fa enabled and the 3rd party doesn't allow app-specific
passwords ask users to disable 2fa JUST so the user can use Plaid???

It seems like the product goes against every single good practice that
websites have been trying to train into their users for years i.e. `Don't type
your password for abc.com unless you literally see abc.com in the URL bar`.
Not to mention they masquerade as an Oauth flow with plaid.js on sites that
support it.

Can somebody explain ANY way in which Plaid is a net good for
users/security/etc??

~~~
jamiequint
Everything you described is fundamentally a problem with banks not with Plaid.

Plaid solves the problem of people wanting to give third-parties access to
their financial data. The fact that in some cases it's a kludge to work around
this and not secure end-to-end (although I do think Plaid natively supports
2FA now, at least for some banks) is due to the banks not making this easy.

At the end of the day people are going to get what they want, and many many
many people prefer convenience (in this case, the ability to use third-party
services like Truebill, Mint, etc etc) over perfect end-to-end security.

~~~
mbesto
> Everything you described is fundamentally a problem with banks not with
> Plaid.

I don't disagree, but banking is not an arena where "creative disruption" that
has harmful side effects should be welcomed. The reason you can't send money
from one bank to another efficiently in the US but can in the UK is purely due
to regulation. Or why there isn't an Open Banking Initiative in the US but
there is in the UK. Once again, regulation.

The private market _isn 't_ making the solution better in this case because
their implementation is reckless and potentially harmful.

~~~
jamiequint
> The private market isn't making the solution better in this case because
> their implementation is reckless and potentially harmful.

You could make this same argument about the existence of online banking. At
some point utility supercedes risk. Personally, I feel fortunate to live in a
society where I am able to make that decision for myself rather than the
government making it for me.

~~~
mbesto
> You could make this same argument about the existence of online banking.

How so? If I'm using Wells Fargo and I find out they have a breach, I can
happily switch to another bank because they're clearly being incompetent. If a
software provider that I'm using uses Plaid and Plaid gets hacked, then my
banking data is potentially compromised. The bank has zero control over that,
so there is no impetus for me to change banks, yet it's their data that has
been compromised.

> Personally, I feel fortunate to live in a society where I am able to make
> that decision for myself rather than the government making it for me.

For most things, yes I agree. Do you think it's any coincidence that the banks
haven't adopted modern/secure API access even though their consumers demand
it? That's not the definition of a free market and is at odds with "having a
free choice is better than having the government do it for me".

------
mars4rp
I was trying to get a mortgage and the agent made me download their app and
fill it there. I had to put my bank username and pass in the app. I thought it
is Auth2 and I am putting those credentials in the bank website.

Now I am wondering could it been Plaid? I read that they are mimicking bank's
page design. there was no URL in the app to verify where I am putting my
credential in.

now that I am thinking about it, it was super stupid of me.

~~~
Waterluvian
A mortgage broker should have a fiduciary duty and part of that should make it
criminal to lead you down a dark hallway like that.

I recently dealt with one and it was so refreshing to have someone who
consciously knew their job was to be my guide and educator through the
process.

------
bcp2384
The fact they haven't even provided a very simple admin panel for end users to
revoke access is all you need to know about this company's ethics.

~~~
mifreewil
FWIW, I'm very familiar with Plaid as I've worked in several FinTech startups
using Plaid for various reasons. If you simply want to revoke Plaid's access
all you need to do is change your bank password. Of course, all past data will
live on in Plaid. If you're a EU user, you can request to have your data
removed. Curious what their response might be if you're not in the EU. Hate to
be cynical, but I bet they'll ignore you as is all too common for customer
service these days.

------
root_axis
Plaid is a great product that can provide alternative paths to credit for
people with poor credit scores, but the fact that they give developers access
to all your banking activity for months after using it once is pretty scummy.
The ethical thing to do would be to provide a one-time snapshot unless the
user is made explicitly aware of and agrees to allow the developer to access
their bank transactions whenever they like.

------
divyahansg
Is changing my password the only way to disconnect Plaid's access to my bank
account?

~~~
pingpongchef
I don't think it's the only way, but it is one way to do it with certainty.

