[xyst]

> The end user must type their bank account credentials into a third party platform

Huh? I have seen plaid redirect to my banks login and then authentication and subsequent authorization (read access to accounts) in other flow. Then plaid uses provided token to retrieve data.

I don’t recall having to pass login credentials to plaid. Maybe that’s a limitation of _your_ bank?

[smsm42]

Yes, for banks that have this workflow enabled. In know WF does something like that. But many banks don't, and for these there's not much alternative except getting username/password and scraping. Terrible security, but dragging the banks into 21th century will take a lot of time. Some providers are annoying enough to ban external aggregation completely, seemingly just out of spite. Normally I wouldn't even work with such bank but unfortunately sometimes (like HSA account from work) you don't have a choice.