Pagoda Blog

When you conduct financial transactions (electronic fund transfers, trading, investing, etc) using online tools there is more often than not a third-party involved. This third-party is responsible for seamlessly connecting your financial institution with the selected fintech app. And, as it turns out, there is one third-party application that has a near monopoly on the world of online finance: Plaid. 

 

Whenever a third-party asks to gain access to your banking credentials it warrants asking a few questions of your own: 

 

- What data is the third-party collecting?

- How does the third-party use your data?

- What security practices are in place to protect your data?  

 

Let’s start with one additional basic question before we dive into the others. What exactly is Plaid and why is it so ubiquitous in the online banking landscape?   

 

What is Plaid?  

Plaid is a fintech application that connects your financial institutions with other fintech apps that provide online payment, banking, and investment services. Some examples of these tools include Venmo, Zelle, Chime, Acorns, Robinhood, Betterment, and SoFi. 

 

Plaid is what allows you to transfer money directly — without fees — from your checking or savings account into a friend’s Venmo account or vice versa. It is connected with over 10,000 financial institutions. If your bank supports a third-party connection, then it’s a safe bet that it’s using Plaid.  

 

Plaid’s website explains the need for their service like this: 

 

"There are more than 11,000 financial institutions in the U.S., but they structure and manage their data in many different ways. For an app that wants to enable users to connect their financial accounts, building a digital connection to a single financial institution can take a lot of engineering time and expertise. Now imagine doing that thousands of times. For many companies, it’s not feasible."

 

Plaid makes this feat feasible by acting as the intermediary and ensuring platforms like Venmo never have access to your banking credentials while linking the accounts to allow for transactions to take place.  

 

How does Plaid work? 

Plaid is integrated into participating apps so users are not required to pay for or create a Plaid account to use the service. Platforms use Plaid to securely share necessary information between your financial institution and the platform in order to conduct transactions and other financial services. With Plaid, your banking credentials are never shared with the platform. Instead, that data is stored on Plaid’s platform using some of the highest encryption protocols available. 

 

After you share the required personal information, you’re taken through a series of steps to complete the connection. 

 

Below are the steps Venmo takes you through to connect a bank account to the app: 

 

1. Venmo notifies you that it uses Plaid 

2. Venmo verifies your identity by sending a single-use code via text or email

3. Once verified, you’ll be asked to select your financial institution 

4. Enter your username and password to grant access to that institution

5. Your bank will verify your identity with MFA: Typically a single use code sent via SMS or email 

6. Select the financial accounts you’d like to connect (Plaid will only share data from the selected account(s)) 

7. If successful, Venmo will notify you of a successful connection and your selected bank account should appear as a payment option 

 

What data is shared with Plaid? 

The data shared with Plaid depends on the service using it, but in general you can expect the following data to be collected and stored on Plaid’s network: 

 

Personal information: Full name, address, phone number and email address

 

Account information: Account name or type, account number, routing number, balances, transaction dates, types of transactions, and transaction descriptions

How secure is Plaid? 

Thousands of financial institutions and brands use Plaid to allow for seamless online financial experiences. Plaid touts itself as “the most trusted digital finance platform” and has the security practices to back that claim. 

 

Multi Factor authentication 

Plaid uses MFA to add an additional layer of security to each connection, if your bank doesn’t offer it. 

 

Advanced encryption protocols

Advanced Encryption Standard (AES) protects stored data and Transport Layer Security (TLS) is used to protect data in transit between applications. (TLS is the standard security protocol used to encrypt websites using HTTPS.) 

 

Independent security testing 

Uses an independent party to conduct security testing and has a bug bounty to catch vulnerabilities in the platform as quickly as possible. 

 

Ongoing monitoring 

Plaid boasts around-the-clock monitoring to ensure they are always available to react to security threats.

 

Compliant with global security standards

Plaid complies with global security standards such as ISO 27001 and ISO 27701. The platform also participates in annual SOC 2 Type II compliance audits. This level of compliance demonstrates a strong commitment to protecting customer data. 

 

User control and transparency  

You can keep track of which of your accounts are connected to Plaid by creating an account on my.plaid.com. With a Plaid account, you can see what data has been shared with the app and which financial institutions are connected to Plaid. You can also easily discontinue sharing info with these financial institutions and delete any data stored on Plaid’s platform/network. 

 

2021 Lawsuit against Plaid

It is important to address that in 2021, Plaid paid $58 million to settle a class-action lawsuit filed in California in relation to its data privacy practices. The primary claim was that Plaid accessed users’ bank account data without their knowledge. This is why you now receive a notification in apps like Venmo (see screenshot below) clearly stating that the app uses the fintech app to connect financial accounts. Plaid also denied claims made that they sold consumer data to third-parties as this directly goes against their own privacy policy.

 

 

Should you give Plaid your banking credentials? 

Plaid has proven itself to be a secure platform that you can trust with your banking credentials. (Identitytheft.org even gives it its stamp of approval.) This is fortunate because it is now difficult to use most fintech apps without allowing for the integration of Plaid. Their track-record as well as high-level of encryption, security monitoring, and commitment to protecting user data indicates that Plaid walks the talk when it comes to security and data privacy. You can trust this platform both as a consumer and as a business. 

 

With that said, it’s always important to follow all required and recommended security protocols for your financial institutions, such as MFA, secure passwords, and storing your login credentials in a trusted password management service.    

 

Feature Photo by Tech Daily on Unsplash

 

 

Want to get more posts like these in your inbox? Sign up for the Pagoda newsletter and we’ll send you the occasional email with content that will sharpen your technical skills, from cybersecurity to digital marketing. 

 

Did you know we also have a weekly LinkedIn newsletter? Make sure to subscribe for weekly actionable IT advice and tech tips to set your business up for success.

 

-------------------

 

About Pagoda Technologies IT services

Based in Santa Cruz, California, Pagoda Technologies provides trusted IT support to businesses and IT departments throughout Silicon Valley, the San Francisco Bay Area and across the globe. To learn how Pagoda Technologies can help your business, email us at support@pagoda-tech.com to schedule a complimentary IT consultation.