Plaid Launches in France, Spain, and Ireland
blog.plaid.comSomething I've always worried about: if I provide my bank's login credentials to a service which uses Plaid/Yodlee and due to a security breach my bank account is somehow drained, who's liable? Most banks explicitly state that losses due to sharing of credentials are not protected by their fraud guarantees. Are customers at risk by using Plaid?
My bank has explicitly told me that using Pliad/Yodlee violates their T&Cs and voids their entire online fraud protection, regardless of if one of those services is at fault.
Which bank is this, if I may ask?
Most of the popular Financial Institutions seem to be on board with Plaid.
Then Plaid needs to be upfront about this, and not bury it in their own small print.
Same question here. I wonder if Plaid has an official answer on this.
You're likely on the hook for the losses having shared your creds. May obviously vary from FI to FI.
If that's the case, why aren't FI's going after Plaid for impersonating their branding/login screens? When you go to link an account in-app, for instance, there is no indication that you're using Plaid; you're presented with a login screen that matches your FI's color scheme + branding. In fact, it's even more on-brand than the FI's own login screens, sometimes!
Not in the EU anymore due to PSD2
Is Plaid using AIS?
I've been using Plaid for a toy project for a while, and, while it works well, what surprised me the most was their support. I had an issue with my bank not sending me SMS and their support was quick and helpful, responding to my problem with actual feedback rather than canned responses.
Now that I'm saying this, I realize what a low bar our current support climate has set, but Plaid is great on that regardless.
I was impressed with the support and API service from Quovo, then was disappointed to see Plaid bought them and is sunsetting it. :/ More work on my end, for no real benefit.
Would something like this address your sms finance communications? https://www.asktrim.com/ I use it to get notifications on charges and I can check my balance.
The problem was that my bank couldn't send me the authentication SMS so I can't log in to Plaid, it wasn't about notifications. Thank you for the recommendation, though.
Would you be interested in sharing your project?
My guess is that the project he's referring to is IMGZ (found via his HN profile then his twitter)
You can read more about that here: https://imgz.org/
In addition, he has a page on his site with some really cool personal projects: https://www.stavros.io/projects/
Haha, no, it's not that. I just used Plaid to get my own balances so I can track my finances, it was nothing exciting.
Why are you so angry? I'm running a fucking image sharing service. Wouldn't you be angry?
It's really nothing much, I just get my account balance from my bank to track my finances. I basically used their quickstart example, nothing much more.
What is Plaid's long-term competitive advantage? It made sense when scraping was the only solution (albeit an extremely dangerous one) but now banks are launching their own APIs, which is allowing some competitors to come in with free bank account linking. A few simple features address most of the needs of a typical fintech, and I don't think anyone is happy with having to integrate Plaid's SDK nor pay their rates.
It might be a few simple features, but it's a few simple features for every single bank in the USA (or in the EU), which is an absolutely huge number of them.
It's a marginal amount of work to link against a few big banks that have solid APIs, but once you get to the BECUs and the SESLOCs of the world, this gets much more difficult. Imagine doing this globally, and I think it's an even taller task.
The EU has been working on PSD2, which might make this less valuable, but there's still a long run way (IMO) where Plaid can quickly become the default choice for anyone who wants to link against banking APIs.
Beyond that, the network effect means that Plaid will likely eventually get to broker individual relationships with banks and be able to move into dictating more of the market in the long run, putting them in a position of strength.
bank's APIs are extremely limited as of right now. Fragmentation is also very high. It is also true that this may change in the future, but not very soon
Fragmentation is definitely high. Although if you can seamlessly fall back to other services, a handful of bank integrations can get you ~80% of the customers.
I haven't worked with Open Banking, how is it? In the US, for bank transfers, NACHA files are fairly easy to work with, as long as you can access and verify bank account numbers (ideally get balance and identity information too). I think all the APIs support this, eg: https://developer.wellsfargo.com/apis/payments/account-valid...
It's hard to tell how quickly things will change and improve. Banks should have an incentive to work on this, since it will give them more control of their data and logins, potentially lowering liabilities and hack potential.
I've been really impressed by Plaid's service, but also the level of customer support they provide. I have been experiencing issues connecting CapitalOne accounts in the Plaid test environment. I let them know, and got a long, thought out response, and I'm not even a paying customer yet.
Congrats Plaid!
I love it when companies realize that a problem impacting a « free » customer could impact their paying customers too.
It’s like, free beta test report so you don’t piss off your real customers. Maybe not something to just trash.
Having previously used Yodlee, I'm now migrating onto Plaid in the UK.
Speaking from a documentation and API point of view, you can more or less think of Yodlee as PayPal and Plaid as Stripe.
Yodlee still covers WAY more banks than Plaid in the world, so we still need to use them for some countries.
For those who have used Plaid for personal projects, can someone confirm if you can pull basic monthly stats by account for all account types, including cash, debt (CC/mortgage), and assets (investment accounts, etc.), and then net worth and net income, all while on the free or pay as you go plans?
It appears from the docs that I'd need to pay $500/mo for very basic stats for anything not cash account balance related which is not feasible for my personal use.
My current alternative is Mint which is really lacking in the "automating my own spreadsheet with the data" department.
pocketsmith (https://www.pocketsmith.com/) is a pretty good solution for this. I was a Mint user that was concerned about the privacy and also looking for a service that provided an API. I'm not 100% sure about the privacy, but they do provide an API for your own financial data.
Can someone pls ELI5 how Plaid, Yodlee, AuthLayer are valid businesses and not hit with regulatory hurdles? They seem to be scraping bank websites behind the scenes. Whilst I have no idea abt the US/EU market, I know for a fact that most banks do charge exorbitant fees to access accounts over APIs (esp if you're a BigCo and need that kind of control). Surely, the banks can't be happy abt that? Surprising they haven't lobbied yet against this or aren't stampeding all over Plaid et al with lawsuits?
Per PSD2, the banks have to offer APIs. It’s already possible in Europe to see your balances from another bank on your primary banks app
Fairly certain they’re paying for the APIs. I used to work at Visa and a lot of fintech startups paid for our APIs (for data, not transactions), so I imagine they would pay the banks too.
The Spanish translation is awkward. Not the level of Google Translate, but still not looking native. This will make many people not trust it with their bank credentials IMHO.
"Esta aplicación usa Plaid para conectar su banco"
This is missing a connector like:
"Esta aplicación usa Plaid para conectar a su banco"
Or change the whole sentence:
"Plaid se conecta a su banco con esta aplicación"
"Plaid se quiere a vincular a su banco" (if "Plaid" and "this application" are the same)
And of course, everything still sounds way too formal and old-school. Looking at the English site, it's clear it wants to transmit a young startup vibe. But the Spanish version sounds like an old boring bank app more than a young useful one. Either it's been translated by non-natives, or translated very individual sentences without context, or by someone in Latin-America (the Spanish over South America in general is a lot more formal sounding for Spaniards).
Wow, congratulations to the team! Amazing to break through regulatory barriers and make new things possible.
Why break? They’re leveraging PSD2, not breaking it
Thanks Europe for using regulation (PSD2) to open up banking to fintech startups. Would anyone be interested in joining me in championing similar legislation in the US through congressional representatives, the Federal Reserve, and FDIC?
I don't know PSD2 fully but I know that my bank rolled out support for it and as far as I gather, applications should not have to ask for my username/password via their own UI (which after testing Plaid, they do), but rather use the authentication systems from the banks to authenticate. Maybe I used it wrong though.
Your understanding is correct. It's an OAuth2-type mandate for banking services providers.
FYI, a lot of banks open banking apis are broken most of the time.
Having said that, for plaid in the UK, they do offer both an open banking integration and a scraping integration for most banks.
Isn't this the same company that phishes its users by asking them for their banking login and 2FA information directly in third party apps? I'm not sure if this is the sort of regulatory barrier breaking worth celebrating.
I came across Plaid for the first time today and when trying to make a transfer through Transferwise. When asked for my bank username and password at a website !my_bank I was like hell nope. Ended up having to use a credit card instead which had the highest fee... :( I hope this kind of garbage disappears.
I would rather have entered my logins and then changed the password if I was that concerned about entering my bank logins rather than pay those credit card fees. Or change the password first, login, and change back to your old password.
They can pull all go your transactions in that time, changing your password after is still too late.
If you're happy to hand out your credit card details to Plaid and trust them enough to properly secure it, personally I wouldn't be concerned about them flagrantly and illegally retrieving my past transactions. There is no such thing as trust less financial services that deal with fiat currency.
A credit card number/CVV/Expiration Date allows you to make transactions, but doesn't give you transaction _history_. Online banking username/password do give you full transaction history. My point was that giving away username/password is a terrible idea from a privacy standpoint compared to entering your CC.
>My point was that giving away username/password is a terrible idea from a privacy standpoint
I'm sure you know well the reasons for this. It is not practical to move large amounts of money via credit card due to the fees involved.
As for your point on transaction history, you could always create a separate account specifically for these type of situations where you're passing your login. Even if they get your transaction history, it would be very limited.
I don't trust Plaid to handle my credit card responsibly, that's why I'm handing them a credit card number instead of a debit card number. With a credit card I can do charge backs if I'm victim of fraud. If I give out my bank login details and someone empties my account, I'm pretty sure I'm in a quite a different position...
We're going back to square one with the 'empties my account' comment. You can mitigate that but changing your password pre/post transaction so the login you use is one-time. It is inconvenient, but worth it if you do not trust the vendor and want to avoid credit card fees. If you are concerned about them getting your past transactions, you can always create a new account, or even a new bank account just for use for these type of situations. There's still some transaction history, but not nearly as much as a day to day account. I do think there's a lot of value in Plaids services but having said that, it is all a work around due to the abysmal financial infrastructure of the USA and lack of real time payments. Plaid services and requiring bank logins to do transactions does seem a bit whack, but again US payment system is even whacker.
Given that for other ACH transfers I'm able to just hand out my routing+account number and that's all that is necessary to complete the transfer. The fact that companies are training people to input their bank username/password on other websites is completely insane, even if some might know to change it afterwards. If a scammy website did this, I'm willing to bet you money they'll change that password faster than you ever could.
Developers should refuse to use Plaid. Plaid abuses its account privileges and takes much more than it gives the users. For instance, Carta should never need Plaid to pull every transaction from a bank account just to let someone exercise stock options.
Hmm. I thought this was about the electronic music duo Andy Turner and Ed Handley [1] on Warp Records [2].
[1]: https://en.wikipedia.org/wiki/Plaid_(band)
[2]: https://bleep.com/music/artist/27-plaid
https://m.soundcloud.com/bleep_bot/bleep-warp-records-plaid-...
I am kind of suspicious of Plaid stage managing their coverage on HN. I've had a Plaid employee recommend Plaid to me on a comment on a different finance related thread. If it was recommending a tool or utility it would have been fine,but recommending a paid service of your employer looks very close to commercial solicitation.
Can anyone use Plaid and then start connecting to banks? I think the product makes complete sense but it's always a little worrisome that it's seemingly easy for anyone to launch an app that connects to your bank account. From what I know in the US you're not covered by the FDIC by connecting through the API.
No, seems there is steps for validating each "stage" that the created app for connecting to banks has to go through. See this screenshot: https://i.imgur.com/1w7YUnf.png
And what is that? From the front page, "Plaid is the easiest way for users to connect their bank accounts to an app." Why would I want to do that? This smells like an attempt of bringing the concept of a credit score to Europe, is that what it is?
Nope. It provides an API so that you can make apps that can do things like read your bank statement, get the balance, and many other things.
Does anyone know if European SEPA actually overlap with Plaid here ? Was SEPA supposed to "commoditize" the whole "grant access to my bank account to 3rdparty" ?
No (AFAIK), SEPA is meant for facilitate bank transfers (cashless payments) across the members of SEPA. Basically taking the fragmented system across Europe and try to unify it under something to make things easier across the region.
SEPA mainly covers operations, such as inter-bank transfers, I don’t think it is linked to PSD2
Does anyone have the list of banks supported? On their website they only link to their WS to fetch them instead of a simple list
I read that as "Paid lunches"
Plaid should be sued by asking people to disable their 2FA! For example, Bank of America and Wells Fargo provide APIs, but Plaid is not using them - instead, they advise me to turn off my 2FA just so that they can steal my banking data. They should be out of business. It's not 2000, it's 2019! Not to mention, their service is SOOO expensive!