> The bank said in the court filings that the interface "dupes" consumers into believing they are entering personal information into TD Bank's trusted platform.
> "In reality, however, consumers are unwittingly giving their login credentials to the defendant, who takes the information, stores it on its servers, and uses it to mine consumers' bank records for valuable data (e.g., transaction histories, loans, etc.), which the defendant monetizes by selling to third parties," TD claimed in the court records.
Also, giving your credentials to any third party, including Plaid, voids the warranty at many financial institutions. If your account gets hacked and your money stolen, you may find out that the zero liability policy no longer applies to you.
These investors have reputations to protect. This type of thing would certainly come out in diligence:
"How do you gain access to the customer's account data with their bank?"
"We impersonate their bank."
"Do you tell them you do this?"
"Ok, that's probably fine."
How in the hell does this conversation pass muster?
There are organizations and companies that are trying to do this legitimately, through open standards and real incentives to both FIs and customers to share information in exchanges:
- Open Banking Project: https://www.openbankproject.com/
- MX: https://www.mx.com/
P.S. Can we get real Markdown support already? The fact that the Markdown URL format isn't supported is extremely user-hostile.
Even if I did understand that they are storing and using my credentials, I should be able to expect from a reputable business that they are not scraping irrelevant transaction data and then using it for purposes that don't explicitly support the app I am using. Selling my transaction history definitely isn't supporting the use case I'm authorizing.
> We do not sell or rent personal information that we collect.
What Plaid has said on record they DON'T do is take that data they provided to the broker, bundle it up, and then sell it to marketing firms or hedge funds or other random third parties for which the user didn't explicitly ask their data to be shared.
“Plaid does not sell and has never sold consumers’ personal information or data. Consumer data is obtained and used with consumer consent. Plaid believes strongly that consumers should have permission-based access to and control over their financial data, and embodies these principles in its practices."
That's pretty strong language.
I love the way they are literally defined as "the leading financial data aggregation platform in the United States", rather than "the leading financial integrations platform".
Seems like Justice does know their real business. And they don't seem to care.
[reference link syntax]: https://daringfireball.net/projects/markdown/basics
That is never going to work. The reason the world works the way it works is because banks dont want to give easy access, so market opportunity for companies like Plaid exists.
Another definition may be domestic API access to bank accounts, which I agree will continue to be policy in the UK. It won't be PSD2 open banking, though.
Additionally the U.K. has generally been on the leading edge of open banking, which is why our standards weren’t identical to the EUs for a while. It’s going nowhere, and pass-porting will make no difference.
The only real impact of Brexit is the open banking entities will need to register separately in the U.K. and the EU, and be subject to two different regulators. But that’s just paperwork for the most part.
It's not that simple. The FCA is no longer an EEA National Competent Authority and UK Third Party Providers must register with an EEA NCA to continue to operate in the EEA. Domestic legislation which put PSD2 in force is of course still UK law, and domestic TPPs and Account Servicing Payment Service Providers can continue to operate together (even using the same eiDAS certs), but they cannot engage in open banking with the rest of the EU/EEA.
PSD2 and its supporting institutions (EBA, EPC, ECJ) no longer apply to the UK.
> Additionally the U.K. has generally been on the leading edge of open banking, which is why our standards weren’t identical to the EUs for a while. It’s going nowhere, and pass-porting will make no difference.
Internally, maybe, but UK TPPs and ASPSPs can no longer interoperate with EU/EEA TPPs and ASPSPs unless they register with an EU/EEA NCA, and thus become subject to EU Directives. Again it comes back to your definition of "open banking". If you mean only UK banks and firms being able to operate an open banking scheme, then you are correct that this will continue. If you mean open banking as defined by PSD2, it has already come to an end in the UK.
> The only real impact of Brexit is the open banking entities will need to register separately in the U.K. and the EU, and be subject to two different regulators. But that’s just paperwork for the most part.
So either UK TPPs and ASPSPs have to abide by EU Directives (if possible - the UK legislature may diverge from the EU in unreconcilable ways), or the UK has to maintain alignment with the EU indefinitely. Doesn't seem like just paperwork to me.
As discussed elsewhere in this thread, this requires a definition of "open banking" which is separate from PSD2 and not what the phrase commonly meant until now. The distinction isn't between "open banking" and "cross-border banking" - the distinction is between:
* PSD2 compliant "open banking" between TPPs and ASPSPs,
* Some banks in the UK must have APIs "open banking".
Up until January 1st, the phrase "open banking" referred to the former. The latter may become accepted as the definition in the UK, but it is materially different to the original meaning.
There was a get-out, but it was a bad one for the banks - if any bank did not provide a compliant API by a specific date (IIRC sometime last year) then they would have to keep their web sites entirely unaltered in order to support scraping.
Hear hear! Markdown is definitely the new formatting standard, and it's amazing (I even take notes in .md files).
If someone came to me and asked me to build what Plaid has built, I would decline the work. I would assume that impersonating a bank would be illegal. I would assume that the banks I am impersonating would treat me as a malicious actor. I would assume that I would go to jail for building a system like this.
Thanks to EFF, this scummy tactic used to kill Aaron Swartz is no more.
Seems like a bad bet to me.
> When this is implemented, Plaid will access customer information through the bank’s secure API (application programming interface) connection. That will allow customers to share their information more safely and quickly with Plaid and the financial apps it supports while protecting their bank username and password.
and also Wells Fargo:
> The API used in the agreement will utilize a more secure, tokenized “handshake” between the companies’ servers through which customers’ financial data will be shared. Once integrated, the API will allow customers to share their financial data, while also maintaining the privacy of their user credentials. The enrollment process will be easy and designed to work seamlessly within Plaid-supported apps’ user experiences.
I think it would be good to do some quick Google searches before getting (all of) the torches out.
From their website : "When you choose to connect your financial accounts to an app using Plaid, you will be prompted to enter the username and password associated with those accounts. Plaid then links your accounts to the app you want to use so you can share your data."
The whole company is a privacy and security disaster. Of course it’s annoying that banks don’t provide reasonable OAuth APIs, but Plaid “disrupts” that by deceiving consumers into dangerous security vulnerabilities with their most sensitive personal data.
When you use Plaid, you don't get the impression that's what they're doing. We're used to dialogs to "give permissions to an app" that don't share our user/password with anybody. Plaid purposefully emulates those dialogs and gives you the impression that you're just logging in with your bank, instead of explicitly telling you "we will store your user and password and use that to log-i with your bank".
I guess technically they just say, "you will be prompted to enter the username and password associated with those accounts" and don't specify that they (Plaid) will be using your credentials, but I don't think it's clear enough that you are giving your credentials away!
And since you can’t rely on an API, “there’s no other option” which compounds with the fact that coding up a web scraper for a specific bank takes maybe a dozen programmer-hours. Then throw on a disclaimer to cover legal, and start counting your billions of unhatched eggs.
There are people who take advantage of that and are very successful. Disgusting because it is just another form of deceiving people's trust.
The trouble is, giving someone your account number also makes it not the bank's problem what they do with that number, even if it was clearly unauthorized by you. There's no good way to do ACH transfers without a high degree of trust in the recipient.
Furthermore, "open" banking is very misleading because it's only open to corporations with deep pockets to obtain an AISP license/certification*, but doesn't even allow the account holder to gain API access to their own account. Unless you're lucky enough to be with a modern bank that provides that as a feature (which is legally separate from Open Banking, though often it's the same API), your only workaround is to sign up for TrueLayer yourself just to access your own account through them.
* given the "deep pockets" requirement, it almost forces all the account aggregator apps/services (Emma, Yolt, etc) to have a somewhat scummy business model and monetize the captured data. Wouldn't it have been nicer that you didn't need deep pockets to gain read-only access, so that an indie developer could make such an account aggregator and not have to resort to a scummy business model to fund the certification/compliance expenses?
That's not quite true. The CMA9 have to follow the Open Banking spec, and some other non-cma9 banks have decided to follow the same spec. In practise, there's some deviation from the spec between the banks (in part, due to ambiguity in the spec), but it's not like they're all pulling their own spec out of the air.
> Furthermore, "open" banking is very misleading because it's only open to corporations with deep pockets to obtain an AISP license/certification*, but doesn't even allow the account holder to gain API access to their own account. Unless you're lucky enough to be with a modern bank that provides that as a feature (which is legally separate from Open Banking, though often it's the same API), your only workaround is to sign up for TrueLayer yourself just to access your own account through them.
The 'deep pockets' don't need to be as deep as implied. I think it's <~£3k. It's not something that only big companies can afford, but I agree, it's not something that an individual would use to test out an idea, which would push them towards something like TrueLayer.
Do you have any more details? If this is indeed the price and it's a one-time cost without costly maintenance overheads (such as ongoing audits) I might just pay that to be able to release simple money management or just better UIs than the existing banks (even modern bank's apps have gotten worse lately as they try to push their "premium" offerings - looking at Monzo specifically here).
So no, it wouldn't have been nicer, it would have been a scammers delight.
And yes, it does require a consistent API, thought it's perhaps open to a bit too much interpretation.
Restricting API access doesn't help. There are plenty of idiots out there who willingly install remote access software on their computers/phones, fall for "authorized push payment" fraud when scammers tell them to move their money to a "safe account" or to pay overdue "taxes" (gullibility taxes?) over the phone and even use the two-factor card readers despite the "do not use over the phone" text being printed right on them.
I'm not sure how read-only API access would benefit scammers (if people can be tricked into granting API access, they will usually just as well install remote access software or just do the payments manually) but it would open up a nice field of self-contained, on-device money management apps that don't need significant corporate (most likely VC) backing with all the (usually) nasty ramifications that entails.
Information leaks are always useful to scammers, extortionists, blackmailers etc. It's one reason we protect financial info.
Like the other poster said, VC money isn't really needed, though the process of getting accredited with the FCA is more than just paying for a license. The Open Banking Implementation Entity (or just Open Banking Ltd, whatever they're calling themselves at the moment) may be able to help you go through the accreditation process if you approach them, they were certainly talking about doing that for people a couple of years back.
And before that you can sign up to their public sandbox service as a "Technical Service Provider" to start developing against the ecosystem, for nothing (I've done this though I've not really used the capability for anything).(You may need a Ltd company for this, can't remember off the top of my head)
> If you voluntarily disclose your account number to another personal orally, electronically, in writing or by other means, you are deemed to authorize each item, including electronic debits, which result from your disclosure. We may pay these items and charge your account.
It may be that there is some rule that says just giving someone a check doesn't count as "voluntarily disclosing" your account number.
Ah that’s the key though, you have to tell them to reverse it. I think you have 60 days in most cases. But the onus is on you to dispute the debit.
Hence why I avoid ever linking my bank to anything.
> What bank in the U.S. wont reverse fraudulent ACH debits?
If you admit to handing out signed blank checks, I would hope that most if not all banks would at least have a discussion with you about how you may be not the customer they are looking for.
They're tricking people into handing over the information, and then they're using it for purposes that may harm the victim, so like I said, it's hard to draw a line.
"We may collect, use, and share End User Information in an aggregated, de-identified, or anonymized manner (that does not identify you personally) for any purpose permitted under applicable law. This includes creating or using aggregated, de-identified, or anonymized data based on the collected information to develop new services and to facilitate research."
This is a cop-out used by a lot of services these days. De-identified data can be and is routinely re-identified. For financial transaction data this is fairly easy. For example, if you buy location data, it's trivial to determine where someone's home is, and therefore their likely identity.
Once you have a set of locations a person visited, you can correlate them with financial transactions. Even just a couple of retail transactions are often unique. You were probably the only person who was at your neighborhood Starbucks on Monday at 6:37am and also at Starbucks on Friday at 7:32am. Your credit card transactions provide a time and a location for every retail transaction.
I believe that Plaid doesn’t work with just anyone, and they do attempt to put some limited controls in place to block bad actors - just like any other platform in the world.
All that said, the parent were suggesting that Plaid itself bundled and resold data for marketing purposes which it does not do (though I believe some of its competitors might).
You should hold their feet to the fire for real issues (potential for misuse by companies that use Plaid to gather info, security concerns), not imaginary ones
Phishing people's bank credentials has been fully established as a computer crime (not even just bad within civil law).
Alas, I've lived in Silicon Valley too long to believe that anything moral will ever occur when there's money to be made.
It makes me sad that people actually admire this place for anything other than the geography.
So does, for example, Yodlee, when you use them to have an API for bank statements. I cannot say if they too monetize the data that opens up to them for grabs.
It took legislation and years of preparation to enforce APIs and interoperability onto European banks (yes, I can now use bank A's app to view my account balance in bank B, while maintaining control over what kind of access I'm giving). Can't see it happening in the US, though, although the demand for such APIs is clearly there, given that companies like Plaid and Yodlee prosper.
edit It's shit like this that just screams for the Fed to force FIs to implement a standard API for verifying accounts and making transfers. I bet half of fintech would collapse overnight, but the collective cost savings would be in the billions.
Funny enough, I've seen that be the case at some banks that simultaneously integrate Plaid into their online account application flow for the initial/funding deposit but. Pretty ironic that users are implicitly coerced into voiding their liability protection at their existing bank during the course of opening an account at a new one. Who wouldn't hesitate to turn around and also invalidate your liability protections themselves if you
used your new bank's credentials with Plaid elsewhere.
Of course, once those portals are enabled we enter the Facebook game: Where a lot of customers will blindly give all access to Plaid like companies, and then consumer group advocates will criticize for the amount of information that they are (still) mining from ignoring customers.
From an HTTPS perspective this is still pretty concerning though. AFAIK browsers would block the Plaid widget if someone tried to load it insecurely and the page was HTTPS (what users have been trained to look for). But without going into devtools there is no easy way to verify that the widget is actually a real Plaid widget, thus POSTing your password directly to their server and not the merchant's, and no way at all to verify that they have such a partnership with your bank sanctioning them to collect your password.
I'm not sure how well it is catching on. Seems like they're diversifying more into other whitelabel products for fintech companies.
I tell my founders to always always fly straight or don't fly at all because if you cut corners or deceive, it will come back to you.
Had they been honest and played by the rules they could be sitting on a massive windfall.
Unfortunately, some VCs and founders think like gangsters and get surprised when things dont plan out. Just because it worked for someone in your circle doesn't mean its gonna work for you. It is a horrible behavior to emulate.
> When using a fintech app, you may be providing your confidential TD username and password directly to third parties over whom TD has no control. Please be aware that the sharing of your TD credentials is contrary to the terms of our agreements, and TD will not be responsible for any harm that results from the sharing of your credentials.
PS Yes I know people like Ben Thompson  and even the US Treasury (mentioned in the same link) advocated for a private solution like Plaid (and nearly by extension Visa), but seriously this seems like something that needs to be government regulated to prevent incentives for selling user data.
First, they're transparent about being a 3rd party that's part of the flow (see https://plaid.com/blog/the-all-new-plaid-link/). It's clear it's Plaid, they use neutral colors and not the bank's, etc. They have a portal where you can manage your data (https://my.plaid.com/).
Second, they are very open about not selling data (unlike most of the their competitors). It's in their terms and their website (see https://plaid.com/how-we-handle-data/). I guess that could change, but from working with them I know it's part of their positioning so I'd be surprised if that changed.
Third, they've announced bank integrations and afaik they're moving to OAuth where the banks support it (I've seen this in the wild, but can't replicate right now). The key here is where banks support it. I think you have to look at the historical context: the banks do not want you to own your data as a consumer. They don't want fintech apps to exist. Having talked to banks about integrating directly with them, it's onerous and only the big players can do it. Plaid's fighting the good fight for fintech startups.
But yeah it's a less-than-ideal solution and it sucks that it doesn't work without creds flowing through and it's not clear regulators or banks will work to make it better. That sucks. I just think bashing on Plaid here is one-sided.
(throwaway account because I work in fintech)
Every time I've been confronted with a Plaid-backed bank login prompt, they use the bank's colors and logo, the word "Plaid" or their logo is either nowhere to be found or is in tiny fine print, and I run away screaming from that service.
I can appreciate that Plaid is trying to push stuff forwards, but (Presumably) storing your bank credentials in plain-text is a far worse than a "less-than-ideal solution".
The idea is the bank can't shut off Teller clients without shutting off their own customers. This involves a lot of iOS reverse engineering.
So things like Plaid's Capital One integration breaking for months have never happened with Teller - who've been running for something like 5 years now.
That said, I personally wasn't surprised to see they have this access. It makes sense that if you give them your bank password, they will have full access to your account unless they clearly convince me otherwise.
for the uninitiated:
This is why Facebook is so pissed off at Apple that it dares to ASK users first.
"Most users aren't aware what data is gathered about them" is about 10x more accurate than "users don't care about privacy", even though it's the latter that gets repeated all the time (with some help from the surveillance companies themselves spreading this propaganda).
You can then
1. Use XMR as an anonymizing bridge to pseudonymous ETH or ADA wallets
2. Grow wealth with ETH or ADA smart contracts/decentralized finance
3. When you want to spend, transfer funds from your ETH/ADA wallets over the XMR bridge to newly generated spend wallets. (There's potential for a chain-analysis correlation attack at this point if you aren't careful with how you are withdrawing.)
Really, it's all a nightmare and very difficult to do it now, but I'll be damned if someone doesn't develop an app or program that does this all seamlessly in a few years.
No, you cannot anonymously tax every transaction at some rate. Tax rates don't work that way, in a vacuum.
> The DOJ cited Visa CEO Al Kelly’s description of the deal as an “insurance policy” to neutralize a “threat to our important US debit business.”
In antitrust law, intent matters. If your primary motivating intent is to make the market less competitive, that's what gets the book thrown at you. That's why it can be so hard to prosecute antitrust, because it's pretty easy to lie your way out as long as there's no direct proof of intent.
Let's take Facebook's acquisition of Instagram. Did they buy Instagram because they saw Instagram as a threat, or did they buy Instagram because they wanted to acquire their talent and improve their product? For a long time, you could argue it was the latter case, which warded off antitrust suits. Recently, some emails came to light where they explicitly talked about taking out Instagram because they were beginning to pose a threat. Now there's a smoking gun and a strong case to be made, which may well be prosecuted in the near future.
As with most questionable business practices, they're not wise to be transparent about their true reasons for doing it, and inevitably they admit to their true reasons anyway.
There are several iterations to deals that size with increasing levels of scrutiny.
If that applies to anyone here, my sympathies and best of luck figuring out what's next for Plaid. Hopefully the morale hit isn't too big on the team.
It's also kind of indicative of how small startup ambitions have become. Acquisition has become a measure of success, not failure.
Hackers and startups are two very different groups with very different ideologies and goals and incentives. No idea why you group them together. Some startups have no technical founders even.
>"change the world" and "make a difference"
Startups are businesses and like all businesses in the end they wish to make money. VCs, for example, are very clearly investors and not philanthropists. They are high risk, high reward businesses which means they need to change things to get those returns but in the end they are a business.
>How does selling to Visa accomplish those things?
It gives Plaid financial stability and long term platform for its technology. If its technology makes the world a better place then its continual existence does make a difference.
> Some startups have no technical founders even.
Hackers in the sense that I mean it have an innate need to understand things deeply, and a tendency to value achieving this directly (e.g. do something, don't just read up about it). As a result most hackers with any real talent will have achieved an unusually high level of expertise/mastery in at least one, often a few, technical areas. This is a result of having really spent a lot of time with it, in ways that may look "obsessive" to others.
This is by no means restricted to software. Another common characteristic is a tendency to take things apart (physically or virtually) to see how they tick.
Tech workers want to buy homes and go on vacations just like everyone else. That's a good thing. They had an opportunity to make a lot of money making banking services easier for everyone; that's awesome and should be encouraged.
Also, I question the general usefulness of startups created to pursue an exit in the first place. Besides there being often no point in entangling yourself with a service that's meant to be transient, the goals will be different too - the company will try to force hypergrowth by underhanded, and ultimately user-hostile means, vs. letting a thing grow on the strength of its usefulness. Myself, I strongly avoid dealing with any startup that I can smell was built for an exit.
In only one of those cases, did I join the company expecting an imminent-ish liquidity event. One hit me out of nowhere. Regardless of what you're planning on, and even if the dollar amount isn't that great, it's a huge rush, a lot of thinking about the possibilities. It would suck, at the very least, on an emotional level, to have that fall apart.
Incidentally, that company was also taken private during the dot-com crash, and I did make money from that, because the ESPP I was buying for <$1 got converted to cash at something like 3.5x the valuation. It wasn't much, but, again, I was young, so it seemed like a lot.
Is YouTube a failure? Is Instagram a failure? How about Github or Linkedin? There are reasons to remain an independent company, but there are also reasons that it might be better to be acquired. Besides the premium that the acquirer will pay, large companies can actually accelerate your growth while also insulating you from a lot of the pesky overhead of being a public company.
At least rappers have the honesty to say it's about that cash.
If you listen to VCs talk it is 100% about exit price.
That sounds like the goal of a non-profit, not a startup. What a founder says at a TED talk (which I admit can often sound like the former) shouldn't be conflated with the nuts and bolt conversations they have with their closest lieutenants and investors. Assuming we mean venture funded by "startup" the definition has always been growth oriented, highly risky and innovative through disruption.
> It's also kind of indicative of how small startup ambitions have become. Acquisition has become a measure of success, not failure.
Really? I'm surprised you think that acquisition is either a measure of success or failure in a vacuum. Wouldn't the terms and the specific deal be important than how a company exits? After all, there's a world of difference between an acquihire and a strategic merger.
If your aim is that everyone should have access to these tools then getting Visa to integrate them is a pretty good way to accomplish that - Visa is big enough that if they adopt something then pretty much every credit card will have to match it.
Also, I'm getting paid.
It's absolutely perfect to be passionate about customers/product/whatever. However, if one is constantly distracted trying to making ends meet the cognitive bandwidth is going to be spent on it rather than chasing the passion.
I care so little about "changing the world" or "making a difference". Those things don't pay the rent.
Plaid is probably worth much more now than it was when it was acquired. The entire market has become much more frothy.
I would not be surprised if it could command a $10B+ valuation as a standalone company.
with SPAC-mania they could merge with a SPAC or go public. my point is the path to going public is much easier now than a year ago.
Please don't call it a windfall. Anyone in that company that would have seen life changing amounts of money has likely put incredible effort and hard work into making this happen.
But it is most definitely a windfall to the rest of the world (even the rest of the country), who work equally hard, under worse conditions, for their entire lives and cannot even hope to earn say 1/5 the wealth that a tech worker can accumulate after his/her first job.
To have a payday of millions of $ fall out of the sky, for toiling the same as others trying to make a living, yet also being lucky to be in the right place and the right time to have it rewarded.
"Being in the right place at the right time" sure it's partly that but if you think you're getting there without some really hard work you'd be sorely mistaken.
Also startups everywhere need good folks to work for them it's not like this is some secret club to get into, many people just have no risk tolerance for one reason or another.
You're line of thinking really get's at me because the reality is a lot more than luck goes into things even if the current popular line of thinking is to suggest otherwise.
Especially on a community that was established initially to talk about startups.
But to imagine that suddenly having the fruits of your labor yield 10-100x the wealth that others in life can ever hope to produce, and think that it's just your hard work and not a function of having been blessed both with good talents and an environment in which your value can be exploited -- is sheer arrogance not to acknowledge that. Or be offended that someone points it out. What does being on HN have to do with keeping a sense of reality? We need to create a protective bubble of thought that doesn't offend millionaires?
As Warren Buffett has said, "I was born with a talent for capital allocation. If I had been born in rural Africa, my talents might never have given me the wealth I have today. I would not be so different from my secretary. Our positions might even be reversed. I thank America for that difference."
Maybe the word windfall triggers you in a way that suggests it should be taken away and you didn't "deserve it". No one said that. Yet also, everyone in such a fortunate position tends to grow to think they deserve it fully as a result of their talents and work. When in fact an objective person should see how much the factors have aligned to give you this gift.
Just because you read HN doesn't mean you are exempted from realizing how lucky you are. We're not that much of a bubble I hope.
Most people in startups are not lucky (relatively to others in the US economy of similar job positions) they actually generally make less than people in established companies and if they don't have a favorable exit are almost always numerically worse off than those who chose the stable path.
The reason I see people typically working in startups is more impact, freedom, the ability to quickly level up etc, but unless your company exits and you get paid from that exit no dice.
I've had friends who's shares were worth less than they paid for them when their company had an exit.
I continue to work in startups because I really find satisfaction in it, (right now trying to get my own off the ground) but I would triple my total compensation as an employee in most cases if I went to go work for one of the big players and that compensation is a real tangible thing not anywhere close of a gamble. It's actually somewhat of a problem right now in how do founders attract good talent for that reason.
I think you simply have an inaccurate picture of the majority of startups and the types of money in them.
I take the original comment at its word -- having to do with those workers for whom a "windfall" however you define it, is life-changing.
Larger companies will typically switch to RSUs, which get taxed like income, and isn't great for a non-liquid asset. Thats what double-trigger RSUs solve, by not having the employee own the shares until a liquidity event, they won't need to pay taxes on them until it happens. The catch is that now the employee needs to hold onto the shares for a year to get a more favorable tax treatment.
Taxes will really only take close to half if employees insist on selling their shares in less than a year.
Or if Visa is having some buyer's remorse over the $5 billion price tag and saw this as an easy out?
This was clearly going to be anti competitive and bad for consumers.
Plaid has a great product and will either spac / ipo or be a great acquisition target for someone else.
The joke on the campus was that VISA stood for "Very Inconspicuous Spy Agency".
You'd think that there wouldn't be this kind of miscommunication in the chain of command.
All jokes aside, I'm very curious to check out Plaid now because I didn't pay attention when it was independent and Visa is a *very* smart organization, so Plaid must be something special.
It's not so much that Plaid is "something special" but that US banks are stuck in the 1950's technologically.
Plaid shouldn't exist. It only exists because banks refuse to create open APIs for others to integrate with.
With that said, Plaid has done a fantastic job.
Bottom line: Fednow may be too little too late
Plaid works by asking the user to give their banking username and password to Plaid, and then their two factor authentication token too. Plaid logs into their account behind the scenes to verify ownership.
Plaid claims to not store this info, and I assume that they don't, but it still seems like one of the biggest security anti-patterns ever. If nothing else, it's training users to ignore the "don't share your password" warnings. Do we really want users trained to be more susceptible to phishing?
Think of it as Plaid storing OAuth2 access tokens, sort of; and the tokens do expire (over pretty long periods), though, some bank integrations do allow them to generate their equivalent of refresh tokens.
Plaid didn't go into this blind; they know the tightrope they're walking. As someone who's worked with Plaid to build an integration into our product, I'd say they're definitely in a very gray area, but that's pretty much all of the Fintech space right now.
Although, I'd also say they're not malicious; even if it is just motivated by the fear of the bad press resulting in a customer exodus.
Mostly true, but both Capital One and Citibank have OAuth APIs. It's lovely.
Pretty wild it even exists
Europe mandated this functionality (PSD2) . With instant payments and if regulations required banks to offer this functionality, Plaid's value would evaporate.
VISA/MC are aware of this. They expect "Interchange compression" i.e. reduction in revenue from Credit Card fees as users switch to other systems. However it isn't a show stopper because in parallel they have discovered (and are using ) new ways to increase interchange revenue e.g. Virtual Cards, Prepaid Cards etc.
Agree on interchange compression (it's fairly obvious credit card networks are overpaid for what they offer, so of course innovation is going to bring revenue destruction), but there's no way virtual and prepaid cards are going to make up the shortfall (especially with Congress starting to lean left and progressive banking policies on the table, such as central bank pass through accounts, negating the need for prepaid cards when deposit accounts become accessible to everyone).
Long story short, finance still consumes too much of a percentage of GDP, and it's a good thing when tech comes along that pushes that drag down.
It would appear that FedNow solves for "How do I get money into my Schwab brokerage account?" but not "How can I let Schwab do risk analysis across all my investment accounts?"
But yes, and this is a taste of what's to come. FB, GOOG, AMZN... watch out.