|
Plaid CTO here. First, today a majority of all bank connections are on APIs or OAuth. This is mostly for the biggest banks in the U.S., but we also support some of the biggest platforms on top of which smaller banks & credit unions operate. We don’t want to be in the business of handling credentials in the long-term, for many of the reasons the author of the post pointed out. However, it will take years for this transition to happen with more than 11k banks in the United States. This is something we’ve been pushing for and we’ve worked closely with a lot of financial institutions to support OAuth and even App2App (which is a win not just for security, but also for convenience). Second, the author focuses on what we call payment authentication (verifying account and routing information), but Plaid is used to power a lot of other use cases across fintech: lending, financial management, identity verification, brokerage, neo banking, etc. So although micro-deposits support verifying payment authentication, they do not support any of these other use cases. Every day there are tens of millions of people who were not served by the traditional financial system who get access to better financial services because of Plaid. And that would not be possible without what we do. Third, there are a few insinuations in this thread that we sell user data. We do not: the data goes from you to the app you authorize, through Plaid. We do provide some enhancements to the data for that app – e.g., fraud protection, transaction categorization, normalization of data (which is different for each financial institution). (I can’t speak much to the lawsuit settlement for obvious legal reasons.) Fourth, I do appreciate keeping companies honest about security practices. We invest a lot in security and privacy, and look forward to the day a post like this cannot be written because every bank is on OAuth. In the meantime, though, we’re actually the ones pushing for this – OAuth would not be happening at any banks if it weren’t for Plaid (there were companies that did what Plaid did for nearly a decade before we started and made zero progress in improving the technological foundation on top of which financial services are built). You may not believe in the current experience, but we view it as a key and necessary part to transitioning to better financial services and infrastructure for everyone. |
But no.
https://considertheconsumer.com/wp-content/uploads/2021/08/I...
CTO or not, that which is described here is nothing but predatory, and if you think there is anything ethical about it, or that the ends justified the means, you're not looking far enough down the road.
You have violated so many long standing regulations, that I am struck dead at my own ability to put myself in shoes that would be able to converge on justifying and managing that business unit knowing what I was doing.
You do not embrace deceptive practices. You do not usurp and defraud users by accessing their data in excess of what you immediately need to do just what you told them you'd be doing. You do not commit crimes and hide them long enough, counting on getting "too big to be held to account for it".
You traded your integrity the moment you signed on and okayed that without resistance. You betrayed an implicit mandate to do fair and non-deceptive business in every jurisdiction in the United States. Maybe you're surrounded by people who aren't grounded enough to call a spade a spade, but consider yourself notified by someone who is.
Ya done goofed. Willfully or not I don't have the evidence to support, but ya did. It is my personal hope that Plaid's settlement is rejected, because people deserve to have the character of this group brought into the light of day. Whether Plaid comes out squeaky clean, or the rest of the industry gets indicted for their refusal to integrate, necessitating the measure, I don't care. People need to know though.
What is detailed in the impending settlement is not at all acceptable.