Hacker News new | ask | show | jobs
by guillelopez 4056 days ago
I understand your concerns. But let me clarify that this is a secure service. All sensitive information is stored encrypted, all traffic runs entirely over encrypted SSL and all goes through Plaid Technologies, one of the most prominent service provider of banking data. If you would like some more info, you should check: https://plaid.com/security/
1 comments
fweespeech 4056 days ago
....yeah.

SSL libraries never have bugs.

Its a great idea if it could be done without giving you any of my bank credentials beyond what is on a check and basically public knowledge.

https://plaid.com/docs/#add-user

That right there is why I won't use it regardless. No offense to you or Plaid's security. Just the idea I'm going to hand over the same credentials that let me transfer money out of my institution isn't an acceptable solution.

link
zachperret 4055 days ago
Zach here from Plaid (a bit late in responding). I understand the hesitations around privacy here; however, there's a difference between sharing credentials and account/routing number. SSSaving is using a read-only data feed that is authenticated by username and password. The app has no access to your account/routing data and cannot debit your account.

Your account and routing number are all that's needed to move money in or out of your account. SSSavings does not get these, nor should any application you don't want to debit you. Unfortunately, these numbers cannot be changed without shutting down the account (whereas credentials can be changed quickly).

link
tehwebguy 4055 days ago
Account numbers are usually hidden when logging in but are almost always available by downloading a statement or looking for any recently posted check images.

Same with routing numbers, though finding the routing number of a Bank of America account opened in CA, for instance, is just one google search away.

That said, I'm stoked about checking out Plaid sometime soon especially after reading the Yodlee docs (yikes!)

link
guillelopez 4056 days ago
I understand. Banks should implement reading credentials to avoid these problems.
link
fweespeech 4056 days ago
Yeah, if only you could solve that problem instead. ;)
link
zachlatta 4056 days ago
I don't agree with this mindset at all. People should build things they want to build. I agreeā€”I wouldn't hand my bank credentials over to this service (or really any unknown third party), but I don't think we should say that the OP should have spent their time on something else.
link
fweespeech 4052 days ago
Fair enough. However, I'm tired of cleaning up after people who don't care about obvious security issues. Really, really tired.
link
zachperret 4055 days ago
Working on it :)
link
fweespeech 4052 days ago
Best of luck, let me know if you succeed :)
link