I’ve some friends that works there, so I’m hesitant to say this, because I’m sorry for them, but Plaid is a terrible company. Their main product scrapes financial data from unsuspecting users that simply think they’re making a bank transfer and not signing away the privacy and security of their banking, 401k and trading information.
They are getting sued by TD Bank for this very reason:
> The bank said in the court filings that the interface "dupes" consumers into believing they are entering personal information into TD Bank's trusted platform.
> "In reality, however, consumers are unwittingly giving their login credentials to the defendant, who takes the information, stores it on its servers, and uses it to mine consumers' bank records for valuable data (e.g., transaction histories, loans, etc.), which the defendant monetizes by selling to third parties," TD claimed in the court records.
Also, giving your credentials to any third party, including Plaid, voids the warranty at many financial institutions. If your account gets hacked and your money stolen, you may find out that the zero liability policy no longer applies to you.
As someone who's worked in fintech for 10 years, I think this is a bad take. Out of all aggregators (what this is called), Plaid is by far the most open and privacy-forward.
First, they're transparent about being a 3rd party that's part of the flow (see https://plaid.com/blog/the-all-new-plaid-link/). It's clear it's Plaid, they use neutral colors and not the bank's, etc. They have a portal where you can manage your data (https://my.plaid.com/).
Second, they are very open about not selling data (unlike most of the their competitors). It's in their terms and their website (see https://plaid.com/how-we-handle-data/). I guess that could change, but from working with them I know it's part of their positioning so I'd be surprised if that changed.
Third, they've announced bank integrations and afaik they're moving to OAuth where the banks support it (I've seen this in the wild, but can't replicate right now). The key here is where banks support it. I think you have to look at the historical context: the banks do not want you to own your data as a consumer. They don't want fintech apps to exist. Having talked to banks about integrating directly with them, it's onerous and only the big players can do it. Plaid's fighting the good fight for fintech startups.
But yeah it's a less-than-ideal solution and it sucks that it doesn't work without creds flowing through and it's not clear regulators or banks will work to make it better. That sucks. I just think bashing on Plaid here is one-sided.
I once went to use plaid to apply for a mortgage on one of the new fancy broker platforms. It asked me to type my login credentials.. sketchy , but alright banks and mortgage companies seem to trust them? Then they asked me to disable 2FA on my account and at that point it was indistinguishable from a phishing attack to me. I noped out and changed my bank password immediately.
I tried to use their API for a personal project and found starting one month a bunch of transactions were missing from my bank account. It turned out Chase included a promotion on the pdf statement that month which threw off their scraping algo. Really woke me up to their "tech", I changed passwords and avoid them now.
I can confirm this as I currently use Plaid in a few projects. People have no idea what they are signing up for when they authorize this. It's possible to get near real time transaction data from somoene's bank account as well as monitor their account balances for any linked account essentially in perpetuity. With this data it's possible to back in to a lot of behaviors about someone's life. All of that is handed to any firm you authorize to link your bank account.
Now I know why I can never think of good ideas for a business, I'm thinking about what I can build to help my customers, but in today's SV I need to be thinking how can I more easily steal user data at a lower cost than my competitors.
FWIW their competitor Teller uses the bank's own native APIs.
The idea is the bank can't shut off Teller clients without shutting off their own customers. This involves a lot of iOS reverse engineering.
So things like Plaid's Capital One integration breaking for months have never happened with Teller - who've been running for something like 5 years now.
They really do need an OAuth rather than save-and-forward-credentials approach to account access. Hopefully the new FedInstant platform will have improvements in this area.
That said, I personally wasn't surprised to see they have this access. It makes sense that if you give them your bank password, they will have full access to your account unless they clearly convince me otherwise.
Yes, awhile back my bank account was decoupled from Venmo for reasons unknown. I unwittingly used Plaid to sign into my bank account instead of the usual wait a couple days procedure. No indication whatsoever - only found out because I saw an article, probably on here, about this company and their basically fraudulent practices.
IIRC, they have basically an instance of a scraper for every different bank web site, which to me doesn't seem very scalable. I'm not sure if this is still the case, but when I interviewed a few years ago, it definitely seemed that way.
I am sorry to say this but your friends should really give a thought to why they are still working there. I understand that people have families to feed and mortgage, but they should at least consider changing jobs if they are software engineers.
Pretty much how 99% of this data robbery happens by all surveillance companies.
This is why Facebook is so pissed off at Apple that it dares to ASK users first.
"Most users aren't aware what data is gathered about them" is about 10x more accurate than "users don't care about privacy", even though it's the latter that gets repeated all the time (with some help from the surveillance companies themselves spreading this propaganda).
It would have gone through had Visa's CEO not been so honest at the time of the merger announcement saying that they intended to use Plaid's data to get a leg up on their competitors.
> The DOJ cited Visa CEO Al Kelly’s description of the deal as an “insurance policy” to neutralize a “threat to our important US debit business.”
I don't even think it's a data issue. He literally says they bought Plaid because they're a threat. That's textbook anti-competitive behavior and a big smoking gun when it comes to anti-trust cases.
Maybe they weren’t as astutely aware of the antitrust political wave we seem to be in. It feels like 5 or 10 years ago this merger would have happened regardless of comments like this. I think after the 08 recession there was little appetite for anything that could make business less effective, and big business loves mergers.
OK. But will DoJ disallow the acquisition of finicity by Mastercard ? VISA and Mastercard follow each other. I'm waiting to hear the verdict on finicity acquisition by MC
Whatever you think about Visa or this merger, this would be a major disappoint to Plaid's team members who thought they were in for a huge financial windfall.
If that applies to anyone here, my sympathies and best of luck figuring out what's next for Plaid. Hopefully the morale hit isn't too big on the team.
This comment strikes a nerve with me - perhaps because it's "saying the quiet part loud". I thought the typical goal of hackers and startups was to "change the world" and "make a difference". How does selling to Visa accomplish those things? Isn't expressing sympathy with Plaid's staff for not getting a payout effectively saying "sorry that you might actually have to deliver on the lofty promises this time"?
It's also kind of indicative of how small startup ambitions have become. Acquisition has become a measure of success, not failure.
Can attest that some employees and ex-employees took a decent tax hit by exercising NSOs after the acquisition was announced at the $5.3 valuation price.
They'll get some $$$ out of it, and I have no doubt that they have a solid future as an independent company. The fintech sector is red hot right now. Heck they might even be able to catch the next IPO wave.
That Visa isn't fighting this should validate that the government's antitrust enforcement has been lax. For a merger valued in billions of dollars, hiring even the best lawyers for a long fight would have been a rounding error. The only way this happens is for Visa's lawyers to think that the government would likely win.
I'm surprised by this. I used to work in Foster City.
The joke on the campus was that VISA stood for "Very Inconspicuous Spy Agency".
You'd think that there wouldn't be this kind of miscommunication in the chain of command.
All jokes aside, I'm very curious to check out Plaid now because I didn't pay attention when it was independent and Visa is a *very* smart organization, so Plaid must be something special.
My guess is that that Plaid will go public via a SPAC deal now. I think it's highly likely GSAH (Goldman Sachs Acquisition Holdings) is that SPAC that does a deal. They have $750M to play with and given Visa was going to buy Plaid for $5.3B, the numbers kind of make sense.
There's a decent bit of M&A activity going on in finanacial services lately- SoFi recently announced going public, Simple being dissolved after BBVA merging with PNC, Lending Club merging with Radius Bank, and now Plaid's merger termination with Visa. Lots more demand exists for building fintech tools, since significantly more transactions that would normally take place in-person have moved towards being online due to the pandemic. It makes a lot more sense for the whole ecosystem to move towards being data-driven and API-friendly both for consumers to to have less friction between services, and for businesses to deliver a better customer experience. Having the merger fall through is probably better on all sides such that one corporation doesn't retain too much power and act as monopolistic gatekeeper driving up fee prices.
Also, wanted to say thanks to Zach for doing a Fireside Chat with Lambda School students last month! It's great to hear from your perspective about industry knowledge & experience in order to prepare for a career in tech.
I gave them access to my bank via coinbase. If I change my bank password would they lose access to my account? If not, what do I need to do to make Plaid lose my banking access?
[+] [-] seanieb|5 years ago|reply
https://twitter.com/seanieb/status/1298871471645761537?s=20
[+] [-] smnrchrds|5 years ago|reply
> The bank said in the court filings that the interface "dupes" consumers into believing they are entering personal information into TD Bank's trusted platform.
> "In reality, however, consumers are unwittingly giving their login credentials to the defendant, who takes the information, stores it on its servers, and uses it to mine consumers' bank records for valuable data (e.g., transaction histories, loans, etc.), which the defendant monetizes by selling to third parties," TD claimed in the court records.
https://www.ctvnews.ca/business/td-bank-files-lawsuit-agains...
Also, giving your credentials to any third party, including Plaid, voids the warranty at many financial institutions. If your account gets hacked and your money stolen, you may find out that the zero liability policy no longer applies to you.
[+] [-] fintechthrow456|5 years ago|reply
First, they're transparent about being a 3rd party that's part of the flow (see https://plaid.com/blog/the-all-new-plaid-link/). It's clear it's Plaid, they use neutral colors and not the bank's, etc. They have a portal where you can manage your data (https://my.plaid.com/).
Second, they are very open about not selling data (unlike most of the their competitors). It's in their terms and their website (see https://plaid.com/how-we-handle-data/). I guess that could change, but from working with them I know it's part of their positioning so I'd be surprised if that changed.
Third, they've announced bank integrations and afaik they're moving to OAuth where the banks support it (I've seen this in the wild, but can't replicate right now). The key here is where banks support it. I think you have to look at the historical context: the banks do not want you to own your data as a consumer. They don't want fintech apps to exist. Having talked to banks about integrating directly with them, it's onerous and only the big players can do it. Plaid's fighting the good fight for fintech startups.
But yeah it's a less-than-ideal solution and it sucks that it doesn't work without creds flowing through and it's not clear regulators or banks will work to make it better. That sucks. I just think bashing on Plaid here is one-sided.
(throwaway account because I work in fintech)
[+] [-] mattnewton|5 years ago|reply
[+] [-] teagee|5 years ago|reply
[+] [-] Kharvok|5 years ago|reply
[+] [-] lambda_obrien|5 years ago|reply
[+] [-] nailer|5 years ago|reply
The idea is the bank can't shut off Teller clients without shutting off their own customers. This involves a lot of iOS reverse engineering.
So things like Plaid's Capital One integration breaking for months have never happened with Teller - who've been running for something like 5 years now.
https://teller.io/
[+] [-] morpheuskafka|5 years ago|reply
That said, I personally wasn't surprised to see they have this access. It makes sense that if you give them your bank password, they will have full access to your account unless they clearly convince me otherwise.
[+] [-] lamp_book|5 years ago|reply
[+] [-] unknown|5 years ago|reply
[deleted]
[+] [-] ultimoo|5 years ago|reply
[+] [-] jennyyang|5 years ago|reply
[+] [-] unknown|5 years ago|reply
[deleted]
[+] [-] krisboyz781|5 years ago|reply
[+] [-] Ericson2314|5 years ago|reply
[+] [-] kinkrtyavimoodh|5 years ago|reply
[+] [-] mtgx|5 years ago|reply
This is why Facebook is so pissed off at Apple that it dares to ASK users first.
"Most users aren't aware what data is gathered about them" is about 10x more accurate than "users don't care about privacy", even though it's the latter that gets repeated all the time (with some help from the surveillance companies themselves spreading this propaganda).
[+] [-] esotericimpl|5 years ago|reply
[deleted]
[+] [-] Dirlewanger|5 years ago|reply
[+] [-] gravyboat|5 years ago|reply
[+] [-] xvector|5 years ago|reply
[+] [-] paxys|5 years ago|reply
> The DOJ cited Visa CEO Al Kelly’s description of the deal as an “insurance policy” to neutralize a “threat to our important US debit business.”
[+] [-] chaorace|5 years ago|reply
[+] [-] CamelCaseName|5 years ago|reply
[+] [-] etaioinshrdlu|5 years ago|reply
[+] [-] pjg|5 years ago|reply
[+] [-] jamestimmins|5 years ago|reply
If that applies to anyone here, my sympathies and best of luck figuring out what's next for Plaid. Hopefully the morale hit isn't too big on the team.
[+] [-] AlexandrB|5 years ago|reply
It's also kind of indicative of how small startup ambitions have become. Acquisition has become a measure of success, not failure.
[+] [-] throwawayacct8|5 years ago|reply
[+] [-] tempsy|5 years ago|reply
Plaid is probably worth much more now than it was when it was acquired. The entire market has become much more frothy.
I would not be surprised if it could command a $10B+ valuation as a standalone company.
[+] [-] paxys|5 years ago|reply
[+] [-] andjd|5 years ago|reply
[+] [-] PragmaticPulp|5 years ago|reply
Or if Visa is having some buyer's remorse over the $5 billion price tag and saw this as an easy out?
[+] [-] wh-uws|5 years ago|reply
This was clearly going to be anti competitive and bad for consumers.
Plaid has a great product and will either spac / ipo or be a great acquisition target for someone else.
[+] [-] ashraymalhotra|5 years ago|reply
Source: https://www.bizjournals.com/sanfrancisco/news/2021/01/12/vis...
[+] [-] breck|5 years ago|reply
The joke on the campus was that VISA stood for "Very Inconspicuous Spy Agency".
You'd think that there wouldn't be this kind of miscommunication in the chain of command.
All jokes aside, I'm very curious to check out Plaid now because I didn't pay attention when it was independent and Visa is a *very* smart organization, so Plaid must be something special.
[+] [-] sshah1983|5 years ago|reply
[+] [-] theonlybutlet|5 years ago|reply
[+] [-] kregasaurusrex|5 years ago|reply
Also, wanted to say thanks to Zach for doing a Fireside Chat with Lambda School students last month! It's great to hear from your perspective about industry knowledge & experience in order to prepare for a career in tech.
[+] [-] ChrisArchitect|5 years ago|reply
Plaid blog post 'The Year Ahead' https://plaid.com/blog/the-year-ahead/ (https://news.ycombinator.com/item?id=25754256)
[+] [-] runako|5 years ago|reply
[+] [-] purple_ferret|5 years ago|reply
[+] [-] vinhboy|5 years ago|reply
[+] [-] 74639497|5 years ago|reply
[+] [-] thiscatis|5 years ago|reply
[+] [-] nawgz|5 years ago|reply
[+] [-] nceqs3|5 years ago|reply
https://www.businessinsider.com/plaid-acquires-quovo-2019-1
[+] [-] kevas|5 years ago|reply
[+] [-] alexfromapex|5 years ago|reply