Going Plaid: Would you give up your bank login credentials?


  1. Ander

    Good article, but it’d be more helpful if you’d be more specific about the “somehow” you used to receive your funds WITHOUT sharing your banking info. We’re trying to get a sale payment from Reverb.com, who says we must use Plaid and give them our banking log-in info. Our own bank has advised us not to do this, and I’ve learned online that Plaid has had over 50 security breaches in the last few years.

    • Mike Pumphrey

      Hey, sorry you’re having trouble with this. I hate that this Plaid thing is spreading all over the place.

      I don’t know anything about Reverb.com, but I did look at their help pages, and while they “recommend” you use Plaid, it appears that there is still a way to do manual verification. Check this page for details: https://help.reverb.com/hc/en-us/articles/4409230824595-How-to-connect-a-bank-account-with-Reverb-Payments

      If the above method doesn’t work, it’s worth calling customer service and asking them for instructions on how to verify manually. They do it for people in other countries, so there’s no reason why they shouldn’t be able to (grudgingly) do it for you as well.

      Best of luck to you! Please let us know if you have any success.

  2. Armando

    I’m sure you’ve heard of Prosper. They use Plaid for account verification. Even after entering my credentials, they still couldn’t connect to my bank. After reading this article, I’m glad. Thanks!

  3. Dylan York

    Plaid has been around for 10 years, I really wouldn’t call it new in the slightest. I’m honestly surprised you’ve only just now had to use it, since I use it to pay rent and Venmo friends. And just because you type in your password, doesn’t mean the service on the other end knows what your password is. Your own bank doesn’t even know your password due to encryption. The same goes for Plaid. If your password is “p@ssword1”, Plaid, and your bank, never sees “p@ssword1”, they see some gibberish of random characters. Once Plaid connects with your bank, they drop those “credentials” they have for you and instead just create a bank relation. That bank relation is what is used to communicate information, no longer your credentials. The only risks with Plaid are the same risks with your Bank. Traffic sniffing, data breaches, bad characters on the inside, phishing, etc. All of those apply to Plaid and your bank as well. I totally get being skeptical about it, but you’re now here preaching this is the devil when you clearly don’t know how it works. If you’re concerned, you can use Plaid, and then immediately remove the bank relation to Plaid from your banks website. This will prevent Plaid from being able to make any more communication requests with your account. If they try, your bank will simply respond saying they aren’t authorized. Additionally, Plaid only allows you to log in to a bank that trusts Plaid and creates a relation with them. If your bank doesn’t trust Plaid, they will refuse service with them. So again, there’s about as much trust in Plaid as there is in your own bank.

    • Mike Pumphrey

      Thanks for your thoughts, I really appreciate it. I think we’ll just have to agree to disagree. Even if I grant that Plaid is an equal risk factor as my bank (a big “if”) then that means that I am doubling my attack vectors at a stroke, not something I care to do.

      I’m not saying Plaid is literally evil or anything. I just think that the solution it provides is worse than the problem it purports to solve.

      Luckily, Plaid isn’t required on anything crucial, so I can continue to not interact with it.

Comments are closed.