Hacker News new | past | comments | ask | show | jobs | submit login

Collecting actual banking credentials is how plaid works, quite literally. One needs to be clinically insane to give your bank login creds to a third party voluntarily!

I refuse to do business with any business that uses plaid and has no sane alternative to get bank account numbers (deposit two small amounts, three days later I tell you what they are)

First time i saw it, i assumed the website had been hacked. I was actually more horrified when I found out that this was working as intended and some website wanted my bank password!






Indeed. Sharing your banking credentials with a third party almost certainly violates the terms of service you agreed on with your bank. If the third party has a security lapse and your bank account is drained, your bank might just claim that you authorized that transaction with your credentials, so it's a valid transaction and they won't shell out their own money to refund your loss.

If in doubt, you should check your bank's terms of service for online banking.


> I refuse to do business with any business that uses plaid and has no sane alternative to get bank account numbers (deposit two small amounts, three days later I tell you what they are)

I'm a bit horrified this is still a thing, too. Doing this just confirms you have the correct account and routing number, so you can deposit and withdrawal. It won't allow you to see transactions--will it?

FWIW, a minority of banks have "linked apps" that allow you to revoke access from the bank's website (some are clear they're restricting it to read-only access). But I'm not sure how consistent or widespread this kind of thing is. I doubt if you're offering a service like Plaid you could rely on only supporting these institutions.


> First time i saw it, i assumed the website had been hacked. I was actually more horrified when I found out that this was working as intended and some website wanted my bank password!

This was my exact same impression. Even after some Googling and asking friends where I learned this was a thing, I was still very wary that it was legit.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: