|
|
|
|
|
|
by nemothekid
1766 days ago
|
|
|
>then any data being captured and stored by Plaid does sound extremely fishy I've integrated with Plaid's API (a long time ago), and this doesn't sound fishy. Plaid's API is pretty comprehensive and it would have PayPal's job to unlink the connection after the verification took place. Plaid gives you a "token" representing the user that can be used to further look up information in their account - such as new transactions. If PayPal had naively enabled the usage of those APIs, then it's not surprising Plaid stored that data. For example, if you (the API client) didn't want to store any information except for a user token (similar how you might store tokens with Stripe's API), then every time you needed to lookup the client's account number you would call Plaid's API to retrieve that data (which, by definition, they would be storing). |
|
|
If I'm linking my bank to paypal to send money back and forth, I don't want: (a) paypal getting transaction history, (b) a third party company hanging on to those credentials, (c) that third party company getting any view of transactions either. I just want Paypal to send/retrieve money.
I thought Plaid just translated "different bank acount APIs" to a dev-friendly one. If they're using that to collect a lot of data THEMSELVES from customers who just wanted bank interop... that's bad. Nobody "using" Plaid is intended to give this intermediary company all that info.
I'm linking my account to Paypal because I (thought that) I trusted Paypal. I never knew I was actually giving all this shit to this other company too.
(In my case, I've used routing number/checking number because they seemed to require handing over less privileges than my full password, and this certainly seems to reinforce my skepticism about using the "sign in to your bank" password auth for linkage.)