undefined | Better HN

0 pointswmf3y ago0 comments

What you hate is not really Plaid but banks for not providing APIs. Banking data is too juicy to ignore, so when banks don't provide APIs of course companies will resort to MITMing.

0 comments

neither_color3y ago

I hate fintech apps for demanding information that's none of their business. I can't make an ACH payment on Paypal without giving them my bank login. It was an arbitrary requirement that Paypal started imposing after using the same account for years, now I simply don't use Paypal. On Cashapp, I can't withdraw via ACH unless I share my bank login(so I have to pay for "instant transfer to debit" instead. Apple Pay is my p2p of choice now because they don't engage in this nonsense, and I only deal with others on the rare occasion that someone can only pay me with one of the aforementioned abusive services.

I would be OK with Plaid if they let you manage what you share with apps via permission management.

For example: If fintech app wants to make sure I have $500 to send to my friend, I should be able to tell Plaid NOT to share my entire transaction history and it should simply give said app a binary "sufficient/insufficient" balance. No institution should get to look through my transaction history without having a damn good reason. No, I won't give companies the benefit of the doubt in our "ask for forgiveness not permission" tech culture. Assume that any information gathered about you will be monetized or used against you.

LegitShady3y ago

No, he dislikes the idea of handing login data over, and if your business requires someone else create an API that doesn't exist and they don't want to make, you don't have a business.

The reason they need login info is because thats the only way to get data, and a huge security risk for everyone (users, bank, and the service). Nobody is required to build an API for your financial business so it can work, and building such an api is not a small challenge in highly secure areas of business.

Personally I won't use any service like this that asks me to break my bank's TOS and hand over login information. That's honestly crazy. I'd rather build my own spreadsheets and dashboards.

ziddoap3y ago

Not the original commenter, but no... Banks not providing APIs may be a problem, I guess, but the problem that I really care about is a company actively and purposefully regressing the greater security landscape.

cobbal3y ago

Sure, banks are also to blame for it. But I also don't think that excuses Plaid at all.

j / k navigate · click thread line to collapse