This type of centralisation makes me sad, but it's probably true for most startups. By using Plaid or an Open Banking service from another party (e.g. Experian) you'll pay fees to get information you can get for free if you integrate directly with the banks.
Even though the open banking APIs are uniform, any company wishing to use them still has to register with each and every bank, and test the integration works with each one. Until you've done it once, it's hard to know whether it will be easy (you write the code once, and it works flawlessly for all banks) or you have edge cases (e.g. some banks have funny timeout issues). So if you're a developer on a deadline, you will likely prefer to use a single API.
For the data Plaid was providing, this isn't really true at all in the US. Last I checked, the big banks were very guarded in their API access and you either had to have (1) a large payment (2) a high minimum balance and (3) pay for an audit from their auditor of choice.
I think Europe is different in this regard but the US players really had no incentive to do anything Plaid offered.
Right, I'm talking specifically about open banking, which isn't a thing in the US.
This also hints that a not-Visa competitor will appear in the credit union space, since credit unions often have a shared provider for banking websites (and bill pay, and etc.) and would presumably set up their own competitive API provider on top of that.
...which suggests you're not necessarily paying for the integration with a free service - you're paying for the integration at a grand scale. I.E. - paying to not have to do all that work yourself.
If they'd all support a standard API, plaid would vaporize overnight.
In the UK, the banks already support a standard API, but it's still easier for developers to use an intermediary to access those APIs. Because using Plaid or Experian they don't need per-bank credentials and tests.
They also push all the risk in terms of Plaid being compromised onto the User's, instead of the service provider.
This is a winning deal for Plaid, because in the event of an undiscovered breach, there is no proof in the form of say, hackers running off with Plaid's hypothetical Autonomous System's credentials and generating fraudulent activity that can be shut down by just patching the breach and changing Plaid's credentials.
Instead, banks have to scratch their heads and figure out why all these seemingly random customers are calling about fraudulent activity at right around the same time.
It's absolutely terrible in the diagnostics department, but seemingly ideal for exploiting legal grey areas for avoiding culpability if something goes wrong.
I'm not sure federated OAuth is the answer, but it's a damn sight better than what Plaid is doing.