My company is an online lender - we use plaid so that users may instantly link their bank account. They have an alternative of verifying with micro-deposits, but that does take 2 days and the company gets less information on the user, so there are more manual verifications the user must do (provide paystub and id etc).
Plaid Cons:
- The end user must type their bank account credentials into a third party platform that uses their banks logo. It is terrible for general population cyber security because this is the exact type of you thing you should never do in general. However I do not know of any data leaks or info sec issues from Plaid specifically. As far as I know Plaid is totally safe with this information. Im sure they will be hacked eventually though - everyone is.
- Plaid shows the permission you are granting but the user can not make it more restrictive. For example the company with the plaid integration can choose from 1 to all off these functionalities (they all increase api cost though): KYC Verification, PII from the account, one time current balance, ongoing current balance check, all transactions for previous 2-24 months. The vendor chooses what they want to get and the end user can take it or leave it, they cant pick and choose.
Plaid Pros:
- instantly verify bank account instead of waiting 1-2 days for Micro Deposits to hit account then come back to the app to verify. This is just better flow for the user, who often wants the loan asap. It is better for company too, because there is more conversion.
- balance checks, transaction history - these are useful for us to not overdraw accounts when pulling a payment, and verify income. Budgeting apps use these to auto import values of course.
- many banks have been forced to move to OAuth because of plaid. Having worked at a Top 10 US bank, I do not believe that any other than maybe Capital One would have OAuth today if it were not for Plaid pushing them
- There is really no other feasible option to get this data (other than competitors with same exact strategy so no difference). This is the customer's data that is valuable to them! They should be able to share it with trusted partners if it gives them value.
I was pleasantly surprised to see a few of the large banks having added OAuth in my recent use of a product that uses Plaid. That said, my local bank is far from it and even a large bank like Discover doesn't offer OAuth yet. I've just decided that I have to enter that data manually for those accounts because I can't give out a password to my bank accounts - it's just absurd to me.
Here's to a continued migration to OAuth by banks, but I'm not holding my breath for it.
> The end user must type their bank account credentials into a third party platform
Huh? I have seen plaid redirect to my banks login and then authentication and subsequent authorization (read access to accounts) in other flow. Then plaid uses provided token to retrieve data.
I don’t recall having to pass login credentials to plaid. Maybe that’s a limitation of _your_ bank?
Yes, for banks that have this workflow enabled. In know WF does something like that. But many banks don't, and for these there's not much alternative except getting username/password and scraping. Terrible security, but dragging the banks into 21th century will take a lot of time. Some providers are annoying enough to ban external aggregation completely, seemingly just out of spite. Normally I wouldn't even work with such bank but unfortunately sometimes (like HSA account from work) you don't have a choice.
Plaid Cons:
- The end user must type their bank account credentials into a third party platform that uses their banks logo. It is terrible for general population cyber security because this is the exact type of you thing you should never do in general. However I do not know of any data leaks or info sec issues from Plaid specifically. As far as I know Plaid is totally safe with this information. Im sure they will be hacked eventually though - everyone is.
- Plaid shows the permission you are granting but the user can not make it more restrictive. For example the company with the plaid integration can choose from 1 to all off these functionalities (they all increase api cost though): KYC Verification, PII from the account, one time current balance, ongoing current balance check, all transactions for previous 2-24 months. The vendor chooses what they want to get and the end user can take it or leave it, they cant pick and choose.
Plaid Pros:
- instantly verify bank account instead of waiting 1-2 days for Micro Deposits to hit account then come back to the app to verify. This is just better flow for the user, who often wants the loan asap. It is better for company too, because there is more conversion.
- balance checks, transaction history - these are useful for us to not overdraw accounts when pulling a payment, and verify income. Budgeting apps use these to auto import values of course.
- many banks have been forced to move to OAuth because of plaid. Having worked at a Top 10 US bank, I do not believe that any other than maybe Capital One would have OAuth today if it were not for Plaid pushing them
- There is really no other feasible option to get this data (other than competitors with same exact strategy so no difference). This is the customer's data that is valuable to them! They should be able to share it with trusted partners if it gives them value.