[HN Gopher] Visa and Plaid Abandon Merger After Antitrust Divisi...
___________________________________________________________________
Visa and Plaid Abandon Merger After Antitrust Division's Suit to
Block
Author : theBashShell
Score : 591 points
Date : 2021-01-12 21:24 UTC (1 days ago)
(HTM) web link (www.justice.gov)
(TXT) w3m dump (www.justice.gov)
| runako wrote:
| Would be Stripe's largest acquisition to date, but their private
| market valuation would make it affordable if paid for mostly with
| stock.
| bnchrch wrote:
| Finicity is already a great alternative to Plaid.
|
| I imagine bottles of champagne are popping at Mastercard HQ right
| now.
| exinuit wrote:
| Which is crazy because Fincity bought Intuit's Aggregation
| engine (Customer Account Data - that intuit launched back @
| Finovate 2012-ish) - so the block wasn't because of account
| aggregation and more for Plaid's comments towards making a
| alternative payment platform that would compete with VISA.
|
| Either way all aggregators use screen-scraping when they can't
| get a direct connection, because banks are slow and protective
| of "their" data (which is really YOUR data) it's a constant tug
| of war.
| nawgz wrote:
| I think this was well played by the gov't, the idea of Visa and
| Plaid merging is really clearly going to reduce competition in
| the payments space
| whatsmyusername wrote:
| I'm not exactly surprised. Plaid is the worst of both worlds, a
| janky ass tech that's just waiting for the first major security
| breach to cause a huge problem for their users combined with the
| fact that they're the only real choice in the space.
|
| I do 90% of my transactions through CC partially because
| Visa/Mastercards tech is at least within the last decade (ex:
| Visa rails) as opposed to the debit networks. That combined with
| the added consumer protections you get from using CC over debit
| makes it a no brainer.
| purple_ferret wrote:
| Yet Intuit was able to shut down Credit Karma's potential as a
| competitor with ease. Something fishy in the district of
| Washington.
| dexterous wrote:
| Well, Intuit showed a little restraint and didn't offer to pay
| an obscene price for Credit Karma. :)
| kevas wrote:
| Their link to delete data for CA residents:
| https://plaid.com/legal/data-protection-request-form/
| theonlybutlet wrote:
| Glad to see they're starting to flex that antitrust muscle a
| little bit, it's been atrifying over the past few decades.
| anonu wrote:
| * atrophying
|
| But yes, and this is a taste of what's to come. FB, GOOG,
| AMZN... watch out.
| paxys wrote:
| It would have gone through had Visa's CEO not been so honest at
| the time of the merger announcement saying that they intended to
| use Plaid's data to get a leg up on their competitors.
|
| > The DOJ cited Visa CEO Al Kelly's description of the deal as an
| "insurance policy" to neutralize a "threat to our important US
| debit business."
| chaorace wrote:
| I don't even think it's a data issue. He literally says they
| bought Plaid because they're a threat. That's textbook anti-
| competitive behavior and a big smoking gun when it comes to
| anti-trust cases.
| paxys wrote:
| They said both I believe. Them having access to all their
| competitors' data through Plaid was a big concern when the
| acquisition was announced.
| valtism wrote:
| I'm not informed when it comes to anti-competitive
| legislation, but don't companies like Google do this sort of
| thing all the time?
| paxys wrote:
| They do, which is why it is so surprising that the DoJ is
| being so aggressive with this one.
| chaorace wrote:
| I'm a layman, so take this with a grain of salt, but here's
| the basic legal theory...
|
| In antitrust law, intent matters. If your primary
| motivating _intent_ is to make the market less competitive,
| that 's what gets the book thrown at you. That's why it can
| be so hard to prosecute antitrust, because it's pretty easy
| to lie your way out as long as there's no direct proof of
| intent.
|
| Let's take Facebook's acquisition of Instagram. Did they
| buy Instagram because they saw Instagram as a threat, or
| did they buy Instagram because they wanted to acquire their
| talent and improve their product? For a long time, you
| could argue it was the latter case, which warded off
| antitrust suits. Recently, some emails came to light where
| they explicitly talked about taking out Instagram because
| they were beginning to pose a threat. _Now_ there 's a
| smoking gun and a strong case to be made, which may well be
| prosecuted in the near future.
| totalZero wrote:
| Yes, and they didn't invent the practice. Standard Oil
| brought competitors into its fold in order to maintain its
| pricing power and dominate the petroleum market.
|
| As with most questionable business practices, they're not
| wise to be transparent about their true reasons for doing
| it, and inevitably they admit to their true reasons anyway.
| etaioinshrdlu wrote:
| Maybe they weren't as astutely aware of the antitrust political
| wave we seem to be in. It feels like 5 or 10 years ago this
| merger would have happened regardless of comments like this. I
| think after the 08 recession there was little appetite for
| anything that could make business less effective, and big
| business loves mergers.
| CamelCaseName wrote:
| Such a poor comment from Kelly that I almost wonder if it was
| intentional.
| odiroot wrote:
| But is it securities fraud?
| matt_kantor wrote:
| Everything is securities fraud.
|
| https://www.bloomberg.com/opinion/articles/2019-06-26/every
| t...
| renewiltord wrote:
| Could be attempting a balance of convincing shareholders and
| not come out as just eating the upstart.
| Dwolb wrote:
| Maybe he wanted to tank the deal once they figured out Plaid
| scrapes financial portals instead of integrates with them.
| chishaku wrote:
| because you sign a 5b deal and then do due diligence
| Dwolb wrote:
| Yes?
|
| There are several iterations to deals that size with
| increasing levels of scrutiny.
| hntrader wrote:
| not exactly the same situation but it happened with NKLA
| and GM, insufficient due diligence on what was vaporware.
| mistakes like that can happen.
| skinnymuch wrote:
| That's not the same at all. GM wasn't losing anything in
| their original NKLA deal. While Visa would have spent
| billions.
| dexterous wrote:
| Hubris enables people, especially "smart" people, to do
| things that look really stupid in hindsight.
| ska wrote:
| It would seem a CEO would have other, less public, tools to
| torpedo a deal if they wanted to, no?
| vlovich123 wrote:
| Maybe not if the board was forcing him?
| mjevans wrote:
| This angle makes sense if they wanted regulators to more
| closely examine the acquisition target.
| alexfromapex wrote:
| Could even break those companies up further, at least Visa since
| financial censorship is becoming prominent with their monopoly
| share of the market
| kregasaurusrex wrote:
| There's a decent bit of M&A activity going on in finanacial
| services lately- SoFi recently announced going public, Simple
| being dissolved after BBVA merging with PNC, Lending Club merging
| with Radius Bank, and now Plaid's merger termination with Visa.
| Lots more demand exists for building fintech tools, since
| significantly more transactions that would normally take place
| in-person have moved towards being online due to the pandemic. It
| makes a lot more sense for the whole ecosystem to move towards
| being data-driven and API-friendly both for consumers to to have
| less friction between services, and for businesses to deliver a
| better customer experience. Having the merger fall through is
| probably better on all sides such that one corporation doesn't
| retain too much power and act as monopolistic gatekeeper driving
| up fee prices.
|
| Also, wanted to say thanks to Zach for doing a Fireside Chat with
| Lambda School students last month! It's great to hear from your
| perspective about industry knowledge & experience in order to
| prepare for a career in tech.
| 74639497 wrote:
| I gave them access to my bank via coinbase. If I change my bank
| password would they lose access to my account? If not, what do I
| need to do to make Plaid lose my banking access?
| doikor wrote:
| Wait you actually login to a bank using a password? It's all
| single use codes from a booklet or two factor application here
| in Finland (and has been for decades now)
|
| (And the two factor is the kind where you input a pin code
| every time)
| esotericimpl wrote:
| Yes, they will lose access.
| breck wrote:
| I'm surprised by this. I used to work in Foster City.
|
| The joke on the campus was that VISA stood for "Very
| Inconspicuous Spy Agency".
|
| You'd think that there wouldn't be this kind of miscommunication
| in the chain of command.
|
| All jokes aside, I'm very curious to check out Plaid now because
| I didn't pay attention when it was independent and Visa is a
| *very* smart organization, so Plaid must be something special.
| whatsmyusername wrote:
| Special in that their technical approach is horrible, but
| viable because who they let you talk to are worse.
|
| They're going to have a breach at some point and it'll be
| legendary.
| ryanwhitney wrote:
| It's like oauth except you type your password for site A into a
| box on site B's domain
|
| Pretty wild it even exists
| toomuchtodo wrote:
| It is a hack around regulatory failure to mandate this
| functionality at finance firms (both Congress and the Fed
| have failed in this regard). The Fed's instant payments
| product (FedNow [1]) goes live in 2023, which is going to put
| downward pressure on Visa's debit business. The Fed only
| began to move on instant payments when pressured by Congress
| [2] (who didn't want smaller banks held hostage by Early
| Warning System's "Zelle" product, which is operated by a
| consortium of the nation's largest banks).
|
| Europe mandated this functionality (PSD2) [3]. With instant
| payments and if regulations required banks to offer this
| functionality, Plaid's value would evaporate.
|
| [1] https://www.frbservices.org/financial-
| services/fednow/index....
|
| [2] https://www.paymentsjournal.com/timeline-the-feds-real-
| time-...
|
| [3] https://en.wikipedia.org/wiki/Payment_Services_Directive
| runako wrote:
| Does FedNow solve all of the problems Plaid solves? I'm
| thinking specifically about Plaid functionality that lets
| consumers expose transaction history, investments, etc.
|
| It would appear that FedNow solves for "How do I get money
| into my Schwab brokerage account?" but not "How can I let
| Schwab do risk analysis across all my investment accounts?"
| toomuchtodo wrote:
| It does not, which is why I mention Europe's PSD2, which
| would. You don't build a startup to do this, you mandate
| your financial institutions to provide this functionality
| to users.
|
| Baby steps!
| schnable wrote:
| You'd think even without a mandate, banks would be
| motivated to implement secure auth instead of this
| insanity?
| madamelic wrote:
| >Plaid must be something special.
|
| It's not so much that Plaid is "something special" but that US
| banks are stuck in the 1950's technologically.
|
| Plaid shouldn't exist. It only exists because banks refuse to
| create open APIs for others to integrate with.
|
| With that said, Plaid has done a fantastic job.
| ceejayoz wrote:
| > It only exists because banks refuse to create open APIs for
| others to integrate with.
|
| Mostly true, but both Capital One and Citibank have OAuth
| APIs. It's lovely.
| rizpanjwani wrote:
| Never used Plaid but didn't they require your banking
| credentials and also didn't have a very secure mechanism for
| storing them?
| jerry80 wrote:
| Yes. Plaid can be used to verify banking details (many
| stock brokers use it for this, for example).
|
| Plaid works by asking the user to give their banking
| username and password to Plaid, and then their two factor
| authentication token too. Plaid logs into their account
| behind the scenes to verify ownership.
|
| Plaid claims to not store this info, and I assume that they
| don't, but it still seems like one of the biggest security
| anti-patterns ever. If nothing else, it's training users to
| ignore the "don't share your password" warnings. Do we
| really want users trained to be more susceptible to
| phishing?
| rizpanjwani wrote:
| Yeah in the last decade, I have many times considered
| building a service that would have a better interface and
| access to information by fetching it from all my
| financial institutions, but what's held me back is the
| lack of APIs and I never even considered collecting user
| credentials as a viable option because of the potential
| security nightmare and possible libabilities. I guess it
| pays to be ignorant of all that and just plow ahead. Once
| you get billions in VC funding, you can fend off any
| consequences.
| dexterous wrote:
| > Plaid claims to not store this info, and I assume that
| they don't
|
| Think of it as Plaid storing OAuth2 access tokens, sort
| of; and the tokens do expire (over pretty long periods),
| though, some bank integrations do allow them to generate
| their equivalent of refresh tokens.
|
| Plaid didn't go into this blind; they know the tightrope
| they're walking. As someone who's worked with Plaid to
| build an integration into our product, I'd say they're
| definitely in a very gray area, but that's pretty much
| all of the Fintech space right now.
|
| Although, I'd also say they're not malicious; even if it
| is just motivated by the fear of the bad press resulting
| in a customer exodus.
| pg_bot wrote:
| This seems to be changing. Nacha (the organization that
| governs ACH) has been developing open APIs so that more
| organizations can get access to the ACH network without any
| dirty hacks. I would expect to see a rise in the number of
| personal finance applications over the next few years due to
| this fact.
|
| https://www.nacha.org/content/available-apis
| https://www.nacha.org/content/phixius
| tadfisher wrote:
| The problem is that Nacha is building these APIs on top of
| ACH. There needs to be a universal realtime payment and
| account-validation network, not a file FTP'd to the Fed
| that's sent out three times a day.
| pg_bot wrote:
| Take a look at FedNow which is aiming to offer a 24/7/365
| instant payment service for all US banks by 2023-24. (I
| would realistically expect 2028-30 for it to go online)
| This is being worked on, but everything moves at a
| glacial pace.
| vageli wrote:
| Mercury bank seems to be a standout in this regard, promoting
| themselves as a "full stack" bank.
| jamestimmins wrote:
| Whatever you think about Visa or this merger, this would be a
| major disappoint to Plaid's team members who thought they were in
| for a huge financial windfall.
|
| If that applies to anyone here, my sympathies and best of luck
| figuring out what's next for Plaid. Hopefully the morale hit
| isn't too big on the team.
| save_ferris wrote:
| The vast majority of tech workers that receive equity stakes in
| pre-IPO/acquisition companies don't ever see any financial
| windfall from their stakes. These guys will be just fine.
| [deleted]
| xyst wrote:
| I hope they fail. Some users report they deceptively
| impersonate the users bank in order to extract as many data
| points from them (loans, lines of credit, ...)
| garyrichardson wrote:
| Agreed, except for one point.
|
| Please don't call it a windfall. Anyone in that company that
| would have seen life changing amounts of money has likely put
| incredible effort and hard work into making this happen.
| jamestimmins wrote:
| Interesting, I just thought a windfall meant "a lot of money
| at once", but it looks like you're right that it implies
| luck. So agreed, a different word would be more accurate
| here.
| Talanes wrote:
| But obviously some element of luck is present here. Unless
| we're willing to say that the success or failure of the
| merger is entirely on how hard each employee worked.
| roflc0ptic wrote:
| I mean, nobody reasonably joins a startup and expects to make
| buku bucks. It's "unexpected good fortune" from my
| perspective, and certainly seems to qualify as a windfall.
| delecti wrote:
| "Buku"? Beaucoup?
| wrsh07 wrote:
| Yes, it's an intentional misspelling
| supernova87a wrote:
| Well, maybe it isn't a "windfall" to someone who lives in the
| tech world and comes to expect such good fortune and thinks
| their effort should be rewarded in an outsized way. I'm sure
| we think it's deserved in a relative sense.
|
| But it is most definitely a windfall to the rest of the world
| (even the rest of the country), who work equally hard, under
| worse conditions, for their entire lives and cannot even hope
| to earn say 1/5 the wealth that a tech worker can accumulate
| after his/her first job.
|
| To have a payday of millions of $ fall out of the sky, for
| toiling the same as others trying to make a living, yet also
| being lucky to be in the right place and the right time to
| have it rewarded.
| Grimm1 wrote:
| It's almost like startups have non technical workers that
| also have an equity stake in the companies they work for.
| This comment strikes me as almost entirely out of touch. No
| one expects these results, most people never see a startup
| they work for successfully exit let alone to the tune of
| billions.
|
| "Being in the right place at the right time" sure it's
| partly that but if you think you're getting there without
| some really hard work you'd be sorely mistaken.
|
| Also startups everywhere need good folks to work for them
| it's not like this is some secret club to get into, many
| people just have no risk tolerance for one reason or
| another.
|
| You're line of thinking really get's at me because the
| reality is a lot more than luck goes into things even if
| the current popular line of thinking is to suggest
| otherwise.
|
| Especially on a community that was established initially to
| talk about startups.
| supernova87a wrote:
| Everyone works hard, and yes some work harder than
| others. And no one is saying that tech workers randomly
| won the lottery and should shut up and just be grateful.
|
| But to imagine that suddenly having the fruits of your
| labor yield 10-100x the wealth that others in life can
| ever hope to produce, and think that it's just your hard
| work and not a function of having been blessed both with
| good talents and an environment in which your value can
| be exploited -- is sheer arrogance not to acknowledge
| that. Or be offended that someone points it out. What
| does being on HN have to do with keeping a sense of
| reality? We need to create a protective bubble of thought
| that doesn't offend millionaires?
|
| As Warren Buffett has said, _" I was born with a talent
| for capital allocation. If I had been born in rural
| Africa, my talents might never have given me the wealth I
| have today. I would not be so different from my
| secretary. Our positions might even be reversed. I thank
| America for that difference."_
|
| Maybe the word windfall triggers you in a way that
| suggests it should be taken away and you didn't "deserve
| it". No one said that. Yet also, everyone in such a
| fortunate position tends to grow to think they deserve it
| fully as a result of their talents and work. When in fact
| an objective person should see how much the factors have
| aligned to give you this gift.
|
| Just because you read HN doesn't mean you are exempted
| from realizing how lucky you are. We're not _that_ much
| of a bubble I hope.
| Grimm1 wrote:
| I think we may be passing each other on the word tech
| workers -- do you mean everyone who works in a tech
| company, including customer support, sales, marketing,
| operations etc or are you defining tech workers as just
| the people who work with tech, ie engineers, analysts
| etc. and possibly on the accessibility and rarity because
| pretty much anyone can get hired at a startup and most
| startups fail.
|
| Most people in startups are not lucky (relatively to
| others in the US economy of similar job positions) they
| actually generally make less than people in established
| companies and if they don't have a favorable exit are
| almost always numerically worse off than those who chose
| the stable path.
|
| The reason I see people typically working in startups is
| more impact, freedom, the ability to quickly level up
| etc, but unless your company exits and you get paid from
| that exit no dice.
|
| I've had friends who's shares were worth less than they
| paid for them when their company had an exit.
|
| I continue to work in startups because I really find
| satisfaction in it, (right now trying to get my own off
| the ground) but I would triple my total compensation as
| an employee in most cases if I went to go work for one of
| the big players and that compensation is a real tangible
| thing not anywhere close of a gamble. It's actually
| somewhat of a problem right now in how do founders
| attract good talent for that reason.
|
| I think you simply have an inaccurate picture of the
| majority of startups and the types of money in them.
| supernova87a wrote:
| I don't know, yes maybe we're just misinterpreting each
| other.
|
| I take the original comment at its word -- having to do
| with those workers for whom a "windfall" however you
| define it, is life-changing.
| jdavis703 wrote:
| The windfall typically isn't anywhere close to millions of
| dollars for regular employers. We're talking about payouts
| on the level of buying a new car or placing a down payment
| on a home.
| babesh wrote:
| I think you meant regular employees? From my limited
| experience, the windfall is actually much more than a new
| car or down payment and can reach into the millions of
| dollars if the stock rises a couple hundred percent. Most
| of the unicorn startups that have gone IPO were offering
| stock options close to or above the million dollar range
| for senior engineers. Don't forget the refreshes. The big
| limiter is actually taxes which take close to half.
| ProfessorLayton wrote:
| For options, taxes only become a big limiter if one
| waited for the value to rise substantially from the
| strike price, thus creating a large spread that will be
| taxed as income. If shares are purchased as they vest and
| held for over a year, the gains will be subject to much
| more favorable long term tax treatment when sold.
|
| Larger companies will typically switch to RSUs, which get
| taxed like income, and isn't great for a non-liquid
| asset. Thats what double-trigger RSUs solve, by not
| having the employee own the shares until a liquidity
| event, they won't need to pay taxes on them until it
| happens. The catch is that now the employee needs to hold
| onto the shares for a year to get a more favorable tax
| treatment.
|
| Taxes will really only take close to half if employees
| insist on selling their shares in less than a year.
| MaxHoppersGhost wrote:
| I'm sure those wannabe monopolists will be fine and something
| else will come along. The rich always get richer.
| tempsy wrote:
| Uh no.
|
| Plaid is probably worth much more now than it was when it was
| acquired. The entire market has become much more frothy.
|
| I would not be surprised if it could command a $10B+ valuation
| as a standalone company.
| cs-szazz wrote:
| That doesn't mean much unless the employees have liquidity
| right? Presumably after the acquisition the employees
| would've been able to convert their options to cold hard
| cash.
| tempsy wrote:
| acquisitions aren't necessarily great for employees because
| liquidation preferences apply.
|
| with SPAC-mania they could merge with a SPAC or go public.
| my point is the path to going public is much easier now
| than a year ago.
| AlexandrB wrote:
| This comment strikes a nerve with me - perhaps because it's
| "saying the quiet part loud". I thought the typical goal of
| hackers and startups was to "change the world" and "make a
| difference". How does selling to Visa accomplish those things?
| Isn't expressing sympathy with Plaid's staff for not getting a
| payout effectively saying "sorry that you might actually have
| to deliver on the lofty promises this time"?
|
| It's also kind of indicative of how small startup ambitions
| have become. Acquisition has become a measure of success, not
| failure.
| lmm wrote:
| > I thought the typical goal of hackers and startups was to
| "change the world" and "make a difference". How does selling
| to Visa accomplish those things?
|
| If your aim is that everyone should have access to these
| tools then getting Visa to integrate them is a pretty good
| way to accomplish that - Visa is big enough that if they
| adopt something then pretty much every credit card will have
| to match it.
| paxys wrote:
| There is no "typical goal" in tech or anything else.
| Different people want different things in life.
| jamestimmins wrote:
| This makes it sound like something dirty.
|
| Tech workers want to buy homes and go on vacations just like
| everyone else. That's a good thing. They had an opportunity
| to make a lot of money making banking services easier for
| everyone; that's awesome and should be encouraged.
| TeMPOraL wrote:
| It's dirty when you couple it with the usual startup BS
| about changing the world, where the startup was created
| from day one with an exit in sight.
| themacguffinman wrote:
| A startup exit doesn't simply erase all its impact. Plaid
| made many banking services a lot easier & popular, and it
| demonstrated how valuable that can be. All that doesn't
| just disappear. An acquisition/merger can also strengthen
| a startup's founding ambitions with more resources at its
| disposal.
| TeMPOraL wrote:
| Can, but often enough, it doesn't. We end up with a
| cancelled product/service, or one maligned beyond
| recognition by the acquirer, with users having to
| untangle the service from their lives at last minute,
| while acquirer holds all the IP.
|
| Also, I question the general usefulness of startups
| created to pursue an exit in the first place. Besides
| there being often no point in entangling yourself with a
| service that's meant to be transient, the goals will be
| different too - the company will try to force hypergrowth
| by underhanded, and ultimately user-hostile means, vs.
| letting a thing grow on the strength of its usefulness.
| Myself, I strongly avoid dealing with any startup that I
| can smell was built for an exit.
| alecbz wrote:
| Honestly I sort of agree with your sentiment, but I have some
| sympathy because many people who join early startups do it at
| comp deficits, and believing you're actually going to make a
| significant return on your investment only to suddenly
| realize you're not is pretty shitty-feeling no matter what.
| cblconfederate wrote:
| Looks like tech is the new finance
| yowlingcat wrote:
| > I thought the typical goal of hackers and startups was to
| "change the world" and "make a difference".
|
| That sounds like the goal of a non-profit, not a startup.
| What a founder says at a TED talk (which I admit can often
| sound like the former) shouldn't be conflated with the nuts
| and bolt conversations they have with their closest
| lieutenants and investors. Assuming we mean venture funded by
| "startup" the definition has always been growth oriented,
| highly risky and innovative through disruption.
|
| > It's also kind of indicative of how small startup ambitions
| have become. Acquisition has become a measure of success, not
| failure.
|
| Really? I'm surprised you think that acquisition is either a
| measure of success or failure in a vacuum. Wouldn't the terms
| and the specific deal be important than how a company exits?
| After all, there's a world of difference between an acquihire
| and a strategic merger.
| redis_mlc wrote:
| > I thought the typical goal of hackers and startups was to
| "change the world" and "make a difference".
|
| I live in SV, and that's almost never the goal.
|
| The goal of most hackers is to make their own lives easier
| ("scratch an itch.")
|
| Startups often have a mission statement that is big enough to
| justify the effort of doing a startup and to generate
| external interest, but building a sustainable business or
| even a profitable one is first, and social good is ancillary.
|
| What you're talking about are charities, and without
| auditing, even those don't "make a difference" except to the
| directors.
| madeofpalk wrote:
| > I thought the typical goal of hackers and startups was to
| "change the world" and "make a difference"
|
| I care so little about "changing the world" or "making a
| difference". Those things don't pay the rent.
| rconti wrote:
| I've been through 1.5 IPOs and 1 acquisition.
|
| In only one of those cases, did I join the company expecting
| an imminent-ish liquidity event. One hit me out of nowhere.
| Regardless of what you're planning on, and even if the dollar
| amount isn't that great, it's a huge rush, a lot of thinking
| about the possibilities. It would suck, at the very least, on
| an emotional level, to have that fall apart.
| granzymes wrote:
| Out of curiosity, what was the .5 IPO?
| rconti wrote:
| I joined a company (my first full-time salaried job) a
| few days before their IPO. I got stock options (like,
| 500. I was 18. heh.) but they were awarded/priced/etc
| post-IPO and were never actually in the money after
| vesting, as I recall. So I remember some of the IPO
| excitement but I'm not sure it really qualifies as "going
| through an IPO" for the purposes of the "full thrill ride
| package".
|
| Incidentally, that company was also taken private during
| the dot-com crash, and I _did_ make money from that,
| because the ESPP I was buying for <$1 got converted to
| cash at something like 3.5x the valuation. It wasn't
| much, but, again, I was young, so it seemed like a lot.
| staysaasy wrote:
| She/he is probably on the way to one right now, at their
| current company.
| Operyl wrote:
| To be fair, Visa would've had the partnerships with banks to
| really push for standard API access to various banks. Plaid
| works by giving them your username and password in most flows
| (although some banks like Chase finally have an authorization
| flow without MITM).
| [deleted]
| PopeDotNinja wrote:
| It's OK to say "I'm sorry you didn't get your payday" and
| "your company's exploitation of my data sucks big time" to
| the same person.
| justusthane wrote:
| Is it really? Getting a big payday seems to validate the
| exploitation of the data. Those two sentiments seem
| mutually exclusive to me.
| JMTQp8lwXL wrote:
| The rank-and-file employees that work for companies like this
| have other goals, like buying houses and saving for
| retirement, it's not a single dimension. Yes, they want to
| help the world but not at the expense of themselves and their
| own financial future.
| [deleted]
| jkaplowitz wrote:
| That's often true for startup founders too. However
| mission-driven some of us are, we still live in a
| capitalist world with bills to pay.
| cheriot wrote:
| Plaid has ~500 employees with normal lives and financial
| goals. There are start-ups out there with a real chance to
| change the world, but I think it gets over played as a form
| of recruiting and media strategy.
| marcinzm wrote:
| >I thought the typical goal of hackers and startups
|
| Hackers and startups are two very different groups with very
| different ideologies and goals and incentives. No idea why
| you group them together. Some startups have no technical
| founders even.
|
| >"change the world" and "make a difference"
|
| Startups are businesses and like all businesses in the end
| they wish to make money. VCs, for example, are very clearly
| investors and not philanthropists. They are high risk, high
| reward businesses which means they need to change things to
| get those returns but in the end they are a business.
|
| >How does selling to Visa accomplish those things?
|
| It gives Plaid financial stability and long term platform for
| its technology. If its technology makes the world a better
| place then its continual existence does make a difference.
| ska wrote:
| > Some startups have no technical founders even.
|
| And most technical founders aren't hackers, though some
| definitely are.
| ZephyrBlu wrote:
| How would you describe a hacker vs your average dev?
| ska wrote:
| Lots of people have tried to capture this distinction,
| I'm sure I'll do a worse job here briefly than you can
| find around, but for me the tell is how people spend
| their time, and an attitude.
|
| Hackers in the sense that I mean it have an innate need
| to understand things deeply, and a tendency to value
| achieving this directly (e.g. do something, don't just
| read up about it). As a result most hackers with any real
| talent will have achieved an unusually high level of
| expertise/mastery in at least one, often a few, technical
| areas. This is a result of having really spent a lot of
| time with it, in ways that may look "obsessive" to
| others.
|
| This is by no means restricted to software. Another
| common characteristic is a tendency to take things apart
| (physically or virtually) to see how they tick.
| skedaddle wrote:
| You're on Hacker News at ycombinator.com and you have no
| idea why folks here associate hackers and startups?
| marcinzm wrote:
| I associate hackers as a group that startups wants to
| hire not as having similar philosophies. To me this site
| is a very successful marketing/recruitment tool and not
| some indication that YC follows the hacker ethos.
| zorpner wrote:
| The point is that this represents a cooption of the term
| hacker by the venture capitalist community -- it's always
| easier to convince someone to accept less value as
| recompense for what they produce by convincing them that
| they are engaged in a noble or even a personally virtuous
| (see e.g. "guru", "rockstar") pursuit.
| boardwaalk wrote:
| I don't mean to be glib, but it's just a job. Pretending you
| have some sort of higher aspirations when you sign up to work
| at a generic fintech or, heck, a vast majority of startups?
| Mrpmhph.
|
| At least rappers have the honesty to say it's about that
| cash.
| psanford wrote:
| Visa was going to pay $5.3b dollars for Plaid. I don't really
| think you can say that that is "small startup ambitions."
|
| Is YouTube a failure? Is Instagram a failure? How about
| Github or Linkedin? There are reasons to remain an
| independent company, but there are also reasons that it might
| be better to be acquired. Besides the premium that the
| acquirer will pay, large companies can actually accelerate
| your growth while also insulating you from a lot of the pesky
| overhead of being a public company.
| Rapzid wrote:
| I'm doing it to get paid. Yeah, I also want to make a great
| product and all that but..
|
| Also, I'm getting paid.
| vishnugupta wrote:
| It reminds me of something my friend would often say. "I'm
| very passionate about your product and mission. Just that
| it comes at a price". Also, as the joker said it, if you
| are good at something don't do it for free.
|
| It's absolutely perfect to be passionate about
| customers/product/whatever. However, if one is constantly
| distracted trying to making ends meet the cognitive
| bandwidth is going to be spent on it rather than chasing
| the passion.
| bob33212 wrote:
| It is probably 99% true. You can occasionally find a company
| that is proud that they made their users happy. Notch with
| Minecraft might be an example of that.
|
| If you listen to VCs talk it is 100% about exit price.
| throwawayacct8 wrote:
| Can attest that some employees and ex-employees took a decent
| tax hit by exercising NSOs after the acquisition was announced
| at the $5.3 valuation price.
| [deleted]
| [deleted]
| hnxs wrote:
| I wonder if employees with equity will see any portions of the
| breakup fees as some sort of bonus.
| perpetualpatzer wrote:
| Was there a breakup fee on this one? I'd expect it's pretty
| standard to waive that when it's due to unforeseen regulatory
| obstacles.
| [deleted]
| paxys wrote:
| They'll get some $$$ out of it, and I have no doubt that they
| have a solid future as an independent company. The fintech
| sector is red hot right now. Heck they might even be able to
| catch the next IPO wave.
| RobRivera wrote:
| SPAC SPAC SPAC SPAC SPAC
| monkeydust wrote:
| Not sure why that was downvoted, there is a glut of funded
| SPACs and more on horizon who would love to take Plaid
| public.
| RobRivera wrote:
| each one with like, 200M in raised capital. maybe SPACs
| are a trend competing with vc money? which doesnt make
| sense...bc vc investors could also be bought out for a
| premium on acquisition as well...
| z3t4 wrote:
| If we ignore the lucky ones who where first employee at unicorn
| with very generously owner,,, do you really get any money as an
| employee when there is an acquisition !? How common is it
| outside Silicon Valley ?
| ChrisArchitect wrote:
| Guess this is related:
|
| Plaid blog post 'The Year Ahead' https://plaid.com/blog/the-year-
| ahead/ (https://news.ycombinator.com/item?id=25754256)
| desireco42 wrote:
| I am surprised Plaid is a business. It is a bunch of scripts of
| dubious security. How businesses are coming on board with that is
| worrisome.
|
| On the other hand, if we could have standard API and let people
| integrate services, totally welcome that. But let's not pretend
| this is anything like that.
|
| If you know something more, please educate me.
| themacguffinman wrote:
| Consider it market proof of how much demand there was for API
| integration that this suboptimal hack was viable. "Proper" APIs
| will follow; For example, Fidelity built a proper system
| (Fidelity Access) in response to all the screen scraping. The
| Fed is now also standardizing some kind of API I think.
| desireco42 wrote:
| That is what I mean. They have investors, if business model
| is such that can disappear in few year, what is the point of
| investing in them.
| borski wrote:
| That breakup fee is good $$$ though
| andjd wrote:
| That Visa isn't fighting this should validate that the
| government's antitrust enforcement has been lax. For a merger
| valued in billions of dollars, hiring even the best lawyers for a
| long fight would have been a rounding error. The only way this
| happens is for Visa's lawyers to think that the government would
| likely win.
| PragmaticPulp wrote:
| It is strange that they're not fighting it harder. I wonder if
| Plaid identified a better exit strategy?
|
| Or if Visa is having some buyer's remorse over the $5 billion
| price tag and saw this as an easy out?
| carlineng wrote:
| With public market valuations of B2B companies today, I could
| see Plaid being worth considerably more than the $5 billion
| that Visa agreed to. I think it's less likely buyer's remorse
| than just overwhelming evidence of anticompetitive behavior.
| The original DOJ complaint [1] has a lot of direct quotes
| from top level Visa execs. See paragraphs 9 and 10.
|
| [1] https://www.justice.gov/opa/press-
| release/file/1334726/downl...
| dexterous wrote:
| No, they always knew the 500x valuation was BS. It's pretty
| much like they said, it was a defensive acquisition to
| prevent the data from going to any of their closest
| competitors. Visa had no idea what it was going to do with
| the data, but just wanted to keep it out of everyone else's
| reach.
| sshah1983 wrote:
| My guess is that that Plaid will go public via a SPAC deal now. I
| think it's highly likely GSAH (Goldman Sachs Acquisition
| Holdings) is that SPAC that does a deal. They have $750M to play
| with and given Visa was going to buy Plaid for $5.3B, the numbers
| kind of make sense.
| phpsuks wrote:
| Or may be PSTH.
| ashraymalhotra wrote:
| Important to note that there is no break-up fee that Visa (or
| Plaid) will pay.
|
| Source:
| https://www.bizjournals.com/sanfrancisco/news/2021/01/12/vis...
| anonu wrote:
| Nice pt. This is common as merger deals typically have MACs
| that carve out specific events like failure to get antitrust
| approval...
| vinhboy wrote:
| It is still called a "merger" if one company is buying out
| another company. Don't we normally call that an acquisition?
| [deleted]
| nceqs3 wrote:
| There is no legal process of an "acquisition". When somebody
| says acquisition they really mean reverse triangular merger.
|
| See https://witnesseth.typepad.com/blog/reverse-triangular-
| merge...
| kemitchell wrote:
| Not all acquisitions get structured as reverse triangular
| mergers. Not all acquisitions involve purchase of capital
| stock.
|
| Lawyers refer to the field as "mergers and acquisitions" or
| "M&A" for short. A good bit of what good M&A lawyers do is
| navigate the various operational, strategic, tax, and other
| factors to find an optimal structure. Often, buyer and seller
| won't agree, as because stock and asset purchase carry
| different tax implications, and have to negotiate structure
| as part of a broader deal with potentially offsetting
| concessions.
|
| Usage of "acquisition" and "merger" varies between lawyers,
| managers, and finance people. But it also varies among
| lawyers, and between states' laws. I'd recommend you just say
| "M&A". And try to stay out of the Delaware Court of Chancery.
| itsnot2020 wrote:
| Well as both a Visa card user and Plaid customer I suppose I'm
| happy about this!
| seanieb wrote:
| I've some friends that works there, so I'm hesitant to say this,
| because I'm sorry for them, but Plaid is a terrible company.
| Their main product scrapes financial data from unsuspecting users
| that simply think they're making a bank transfer and not signing
| away the privacy and security of their banking, 401k and trading
| information.
|
| https://twitter.com/seanieb/status/1298871471645761537?s=20
| jennyyang wrote:
| IIRC, they have basically an instance of a scraper for every
| different bank web site, which to me doesn't seem very
| scalable. I'm not sure if this is still the case, but when I
| interviewed a few years ago, it definitely seemed that way.
| xvector wrote:
| I can't wait until we have smart contracts on a privacy coin
| that let me invest and grow my wealth anonymously.
| hahaxdxd123 wrote:
| Anonymously is unlikely - how would the government get their
| taxes?
| xvector wrote:
| Even if the government bans XMR from exchanges, BTC to XMR
| atomic swaps are coming.
|
| You can then
|
| 1. Use XMR as an anonymizing bridge to pseudonymous ETH or
| ADA wallets
|
| 2. Grow wealth with ETH or ADA smart
| contracts/decentralized finance
|
| 3. When you want to spend, transfer funds from your ETH/ADA
| wallets over the XMR bridge to newly generated spend
| wallets. (There's potential for a chain-analysis
| correlation attack at this point if you aren't careful with
| how you are withdrawing.)
|
| ---
|
| Really, it's all a nightmare and very difficult to do it
| now, but I'll be damned if someone doesn't develop an app
| or program that does this all seamlessly in a few years.
| cblconfederate wrote:
| what if tax is part of the smart contract?
| tyre wrote:
| then it would have to know who it is taxing? The same
| applies.
|
| No, you cannot anonymously tax every transaction at some
| rate. Tax rates don't work that way, in a vacuum.
| cblconfederate wrote:
| why not. it's how sales tax works
| smnrchrds wrote:
| They are getting sued by TD Bank for this very reason:
|
| > _The bank said in the court filings that the interface
| "dupes" consumers into believing they are entering personal
| information into TD Bank's trusted platform._
|
| > _" In reality, however, consumers are unwittingly giving
| their login credentials to the defendant, who takes the
| information, stores it on its servers, and uses it to mine
| consumers' bank records for valuable data (e.g., transaction
| histories, loans, etc.), which the defendant monetizes by
| selling to third parties," TD claimed in the court records._
|
| https://www.ctvnews.ca/business/td-bank-files-lawsuit-agains...
|
| Also, giving your credentials to any third party, including
| Plaid, _voids the warranty_ at many financial institutions. If
| your account gets hacked and your money stolen, you may find
| out that the zero liability policy no longer applies to you.
| cosmie wrote:
| > Also, giving your credentials to any third party, including
| Plaid, voids the warranty at many financial institutions.
|
| Funny enough, I've seen that be the case at some banks that
| simultaneously integrate Plaid into their online account
| application flow for the initial/funding deposit but. Pretty
| ironic that users are implicitly coerced into voiding their
| liability protection at their existing bank during the course
| of opening an account at a new one. Who wouldn't hesitate to
| turn around and also invalidate your liability protections
| themselves if you used your new bank's credentials with Plaid
| elsewhere.
| xtracto wrote:
| That's interesting, and it is an important "stick". On the
| other side, I know some banks are giving a "carrot" to these
| types of companies by providing a "portal access" that allows
| these companies to connect their customers with their bank
| accounts so that the customer can select what to share with
| these sites.
|
| Of course, once those portals are enabled we enter the
| Facebook game: Where a lot of customers will blindly give all
| access to Plaid like companies, and then consumer group
| advocates will criticize for the amount of information that
| they are (still) mining from ignoring customers.
| tadfisher wrote:
| This is essentially the core thesis of MX [1], which
| creates an API exchange that FIs need to join in order to
| use.
|
| I'm not sure how well it is catching on. Seems like they're
| diversifying more into other whitelabel products for
| fintech companies.
|
| [1]: https://www.mx.com/
| morpheuskafka wrote:
| I think BofA does this, which I like. When I linked my
| account to Robinhood through Plaid, it asked for 2FA (text
| or phone call, BofA doesn't support TOTP codes) and
| verified in, then asked me to select which accounts to
| grant access to. Since it doesn't need the 2FA
| subsequently, it must be doing some kind of OAuth style
| authentication when it passes that token to the bank and
| then gets a long-term access token for that specific
| account.
|
| From an HTTPS perspective this is still pretty concerning
| though. AFAIK browsers would block the Plaid widget if
| someone tried to load it insecurely and the page was HTTPS
| (what users have been trained to look for). But without
| going into devtools there is no easy way to verify that the
| widget is actually a real Plaid widget, thus POSTing your
| password directly to their server and not the merchant's,
| and no way at all to verify that they have such a
| partnership with your bank sanctioning them to collect your
| password.
| throwaway9980 wrote:
| I am sure I will be called naive, but this is shocking to me.
| I _assumed_ that Plaid was integrating with the banks and not
| doing this sort of thing because of the people associated
| with Plaid. Their seed round included Spark Capital and
| Google Ventures. Their most recent round included Mary Meeker
| and Andreessen Horowitz. [1]
|
| These investors have reputations to protect. This type of
| thing would certainly come out in diligence:
|
| "How do you gain access to the customer's account data with
| their bank?"
|
| "We impersonate their bank."
|
| "Do you tell them you do this?"
|
| "No."
|
| "Ok, that's probably fine."
|
| How in the hell does this conversation pass muster?
|
| [1] https://en.wikipedia.org/wiki/Plaid_(company)#Funding
| etaioinshrdlu wrote:
| VC's actually tend to love companies that are a little bit
| sneaky. Just not too sneaky to have to face consequences.
| abrowne wrote:
| "Disruptive".
| conradev wrote:
| They do integrate natively with some banks, like JPMC:
|
| > When this is implemented, Plaid will access customer
| information through the bank's secure API (application
| programming interface) connection. That will allow
| customers to share their information more safely and
| quickly with Plaid and the financial apps it supports while
| protecting their bank username and password.
|
| and also Wells Fargo:
|
| > The API used in the agreement will utilize a more secure,
| tokenized "handshake" between the companies' servers
| through which customers' financial data will be shared.
| Once integrated, the API will allow customers to share
| their financial data, while also maintaining the privacy of
| their user credentials. The enrollment process will be easy
| and designed to work seamlessly within Plaid-supported
| apps' user experiences.
|
| I think it would be good to do some quick Google searches
| before getting (all of) the torches out.
|
| https://media.chase.com/news/plaid-signs-data-agreement-
| with...
|
| https://www.businesswire.com/news/home/20190919005081/en/We
| l...
| f430 wrote:
| I don't think you are naive at all regarding this but
| generally people see famous people, name dropping and due
| diligence goes out the window.
|
| There are people who take advantage of that and are very
| successful. Disgusting because it is just another form of
| deceiving people's trust.
| kripy wrote:
| They're not hiding the fact.
|
| From their website [1]: "When you choose to connect your
| financial accounts to an app using Plaid, you will be
| prompted to enter the username and password associated with
| those accounts. Plaid then links your accounts to the app
| you want to use so you can share your data."
|
| [1] https://plaid.com/how-it-works-for-consumers/
| ZephyrBlu wrote:
| "link" to me implies something along the lines of a
| FB/Google/GitHub OAuth login, not that they steal my
| credentials.
|
| I guess technically they just say, "you will be prompted
| to enter the username and password associated with those
| accounts" and don't specify that they (Plaid) will be
| using your credentials, but I don't think it's clear
| enough that you are giving your credentials away!
| gjulianm wrote:
| The fact is pretty much hidden. I tried to link my Toshl
| (a budget app) account to my bank, to import
| automatically my movements. I saw that they were using
| Plaid, and I found that weird. I went to search the page
| you linked, and I still didn't know how was it connecting
| to my bank. I used an "application password" with limited
| permissions from my bank to use with Plaid, and funnily
| enough it didn't work. In fact, my bank locked my account
| because Plaid tried to login through the regular user
| interface with a wrong password several times. It was
| only then when I saw in forums and such that what Plaid
| does is to scrape HTML.
|
| When you use Plaid, you don't get the impression that's
| what they're doing. We're used to dialogs to "give
| permissions to an app" that don't share our user/password
| with anybody. Plaid purposefully emulates those dialogs
| and gives you the impression that you're just logging in
| with your bank, instead of explicitly telling you "we
| will store your user and password and use that to log-i
| with your bank".
| waprin wrote:
| Disagree, they are hiding the fact by assuming ignorance
| of most users. A true "link" , would use something like
| OAuth to have the bank handle authentication and provide
| explicitly scoped subset of consumer data to Plaid.
| Instead they are taking the plaintext password and
| getting total access. Just taking that passwords itself
| is a security vulnerability. Google doesn't even know
| your Gmail password, just the hash, but since Plaid can't
| use a password hash to login, it must store your
| plaintext password to your financial accounts, some of
| THE most sensitive data. Furthemore they have access to
| way more data than they should rather than clearly
| defined scoped subsets of it.
|
| The whole company is a privacy and security disaster. Of
| course it's annoying that banks don't provide reasonable
| OAuth APIs, but Plaid "disrupts" that by deceiving
| consumers into dangerous security vulnerabilities with
| their most sensitive personal data.
| dmak wrote:
| You speak idealistically, but the reality is that many of
| these banks did not having open banking standards nor
| APIs before. The scraping led to this movement and FSAs
| all over the world are starting to push for no scraping
| while financial institutions create APIs and contracts
| with these platforms.
| joshspankit wrote:
| In the "startup" world, this is simply the only way to do
| it when your goals are to be _everyone_ 's service. Banks
| rarely create open APIs, and even when they do they are
| fragile and subject to whims as the banks are optimizing
| for security first (plus: they need strong incentives to
| maintain APIs since it's not even in their core business).
|
| And since you can't rely on an API, "there's no other
| option" which compounds with the fact that coding up a web
| scraper for a specific bank takes _maybe_ a dozen
| programmer-hours. Then throw on a disclaimer to cover
| legal, and start counting your billions of unhatched eggs.
| o-__-o wrote:
| It's clear as day in the privacy policy. You did click on
| the privacy policy link and read through it right?
| Ihaveacomment12 wrote:
| I won't name names, you can Google them, but these people
| are ethical for optics. These are the same people
| supporting Modi, who's arguably worse than trump, a man who
| was banned from flying into America.
|
| Same capitalist who have injected a significant amount of
| capital to Indian Oligarchs like Ambani, to fund JIO and
| aggregate a billion users. Under the covers you'll find
| corruption in the deepest levels. 250M , yes Million,
| protested these same Oligarchs - and I'm surprised this
| isn't getting connected up the chain. Maybe a matter of
| time?
| purple_ferret wrote:
| A lot of these banks never had any APIs. Plaid made its
| name basically scrapping the html of account pages.
| Companies used it because there were no alternatives (no
| apis)
| throwaway9980 wrote:
| I understand the situation. Another of Plaid's investors
| is Goldman Sachs. I naively assumed that Plaid's ability
| to build their product was likely based on access to
| private APIs available to them based on their
| relationships and backing.
|
| If someone came to me and asked me to build what Plaid
| has built, I would decline the work. I would _assume_
| that impersonating a bank would be illegal. I would
| _assume_ that the banks I am impersonating would treat me
| as a malicious actor. I would _assume_ that I would go to
| jail for building a system like this.
|
| Absolutely unbelievable.
| thayne wrote:
| I've learned that when it comes to banks, assuming things
| like that is usually wrong.
| f430 wrote:
| Back when I used to run a web scraping shop, we had this
| exact request. I didn't know it was illegal at the time
| but we ultimately didn't do it because lot of people just
| want to pay as little as possible for scraping without
| considering the amount of work that goes behind it.
| jjeaff wrote:
| Web scraping is not illegal per se. Though it may be
| against the specific terms of service of the site you are
| scraping.
| LegitShady wrote:
| fraudulently obtaining people's banking information can
| be described many ways. The prosecutors won't call it web
| scraping and the judge hasn't seen that although he has
| heard of people who steal users information to hack their
| banks.
|
| Seems like a bad bet to me.
| f430 wrote:
| that was before the 2018 ruling this was back in 2012, I
| remember Craigslist sued someone for scraping under CFAA.
|
| Thanks to EFF, this scummy tactic used to kill Aaron
| Swartz is no more.
| o-__-o wrote:
| You are misremembering. CFAA defines criminal acts not
| civil, so Craigslist could not sue someone under the
| CFAA. The DA would have to bring charges first and then
| the civil suit by Craigslist would reference the criminal
| suit.
| TuringNYC wrote:
| Even if it isn't illegal it can be against the terms of
| service and void your warranty/insurance
| tadfisher wrote:
| Plaid does have real integrations with some institutions,
| using OAuth and the works. The list is relatively
| miniscule compared to the vast majority of institutions
| that still consider customer data _their_ asset and not
| their customers '.
| jsinai wrote:
| On the other hand, Plaid's behaviour means that your data
| is not yours either, but is up for grabs by a 3rd party
| for which you may not have given consent to. Plaid is no
| Robin Hood (the story not the app) here.
| Nextgrid wrote:
| Plaid is equivalent to a carrier, right? They merely
| provide the data to their client (whatever service/app
| you're signing into) and it's up to that client to decide
| how to use it.
| casey77 wrote:
| Let's not forget the companies that enabled Plaid to do
| this. One of the worst offenders was Carta. They made you
| use Plaid to exercise your stock options. So you had to let
| Plaid scrape your account info to get the stock you worked
| so hard for. Most people had no idea they were allowing
| this.
| tadfisher wrote:
| I'm surprised, because Plaid is far from the first mover in
| the "scraped banking data API" space. Mint (now Intuit) and
| Yodlee come to mind, and they use essentially the same
| sign-in flow and come with the same limitations.
|
| There are organizations and companies that are trying to do
| this legitimately, through open standards and real
| incentives to both FIs and customers to share information
| in exchanges:
|
| - Open Banking Project: https://www.openbankproject.com/
|
| - MX: https://www.mx.com/
|
| _P.S. Can we get real Markdown support already? The fact
| that the Markdown URL format isn 't supported is extremely
| user-hostile._
| Hydraulix989 wrote:
| The fact that the Markdown URL format cloaks URLs is
| user-hostile.
| Veen wrote:
| Markdown doesn't cloak URLs; HTML does. We seem fine with
| that on every other webpage.
| spurdoman77 wrote:
| > There are organizations and companies that are trying
| to do this legitimately, through open standards and real
| incentives to both FIs and customers to share information
| in exchanges:
|
| That is never going to work. The reason the world works
| the way it works is because banks dont want to give easy
| access, so market opportunity for companies like Plaid
| exists.
| jsinai wrote:
| It works in the UK where open banking is regulated by the
| FCA:
|
| https://www.openbanking.org.uk/customers/what-is-open-
| bankin...
| overscore wrote:
| Open Banking is the result of the EU PSD2, so
| unfortunately is no longer guaranteed in the UK. UK firms
| have already lost passporting rights, and it's yet
| unclear whether the UK will align with EU regulation
| going forward.
| martinald wrote:
| I think it would be highly unlikely the UK would regress
| on open banking. It's been a cornerstone of a lot of govt
| policy for banking.
| overscore wrote:
| I guess the question is what you mean by "open banking".
| Initially, in the UK, that phrase referred to the FCA's
| implementation of the PSD2 requirement for banks to allow
| a secure mechanism of access to third parties. I think
| that this definition of open banking has already
| regressed post-Brexit, from the absence of passporting.
| UK firms and banks are no longer able to interoperate
| with EU firms and banks, and PSD2 no longer applies to
| them.
|
| Another definition may be domestic API access to bank
| accounts, which I agree will continue to be policy in the
| UK. It won't be PSD2 open banking, though.
| buckminster wrote:
| "Open banking" and "cross-border banking" are two
| different things. The UK will definitely continue to have
| open banking. The UK-EU banking relationship is still up
| for negotiation. (I'm not hopeful though.)
| overscore wrote:
| > The UK will definitely continue to have open banking.
|
| As discussed elsewhere in this thread, this requires a
| definition of "open banking" which is separate from PSD2
| and not what the phrase commonly meant until now. The
| distinction isn't between "open banking" and "cross-
| border banking" - the distinction is between:
|
| * PSD2 compliant "open banking" between TPPs and ASPSPs,
|
| * _Some banks in the UK must have APIs_ "open banking".
|
| Up until January 1st, the phrase "open banking" referred
| to the former. The latter may become accepted as the
| definition in the UK, but it is materially different to
| the original meaning.
| avianlyric wrote:
| PSD2 still applies. That was integrated into U.K. law
| long before Brexit. It would take an act of parliament to
| unwind.
|
| Additionally the U.K. has generally been on the leading
| edge of open banking, which is why our standards weren't
| identical to the EUs for a while. It's going nowhere, and
| pass-porting will make no difference.
|
| The only real impact of Brexit is the open banking
| entities will need to register separately in the U.K. and
| the EU, and be subject to two different regulators. But
| that's just paperwork for the most part.
| overscore wrote:
| > PSD2 still applies. That was integrated into U.K. law
| long before Brexit. It would take an act of parliament to
| unwind.
|
| It's not that simple. The FCA is no longer an EEA
| National Competent Authority and UK Third Party Providers
| must register with an EEA NCA to continue to operate in
| the EEA. Domestic legislation which put PSD2 in force is
| of course still UK law, and domestic TPPs and Account
| Servicing Payment Service Providers can continue to
| operate together (even using the same eiDAS certs), but
| they cannot engage in open banking with the rest of the
| EU/EEA.
|
| PSD2 and its supporting institutions (EBA, EPC, ECJ) no
| longer apply to the UK.
|
| > Additionally the U.K. has generally been on the leading
| edge of open banking, which is why our standards weren't
| identical to the EUs for a while. It's going nowhere, and
| pass-porting will make no difference.
|
| Internally, maybe, but UK TPPs and ASPSPs can no longer
| interoperate with EU/EEA TPPs and ASPSPs unless they
| register with an EU/EEA NCA, and thus become subject to
| EU Directives. Again it comes back to your definition of
| "open banking". If you mean only UK banks and firms being
| able to operate an open banking scheme, then you are
| correct that this will continue. If you mean open banking
| as defined by PSD2, it has already come to an end in the
| UK.
|
| > The only real impact of Brexit is the open banking
| entities will need to register separately in the U.K. and
| the EU, and be subject to two different regulators. But
| that's just paperwork for the most part.
|
| So either UK TPPs and ASPSPs have to abide by EU
| Directives (if possible - the UK legislature may diverge
| from the EU in unreconcilable ways), or the UK has to
| maintain alignment with the EU indefinitely. Doesn't seem
| like just paperwork to me.
| Nextgrid wrote:
| It doesn't really work. Open Banking doesn't seem to
| enforce a consistent API which means you either need to
| implement a client for each bank (and their data model)
| individually or use something like Plaid (in the UK our
| equivalent is TrueLayer) to aggregate all the different
| banks into a single API.
| overscore wrote:
| PSD2 doesn't even mandate APIs as the mechanism of
| access!
| Nursie wrote:
| This is just not true, for Open Banking in the UK. API
| standards are published and banks must implement them.
|
| There was a get-out, but it was a bad one for the banks -
| if any bank did not provide a compliant API by a specific
| date (IIRC sometime last year) then they would have to
| keep their web sites entirely unaltered in order to
| support scraping.
| shrimp_emoji wrote:
| >P.S. Can we get real Markdown support already? The fact
| that the Markdown URL format isn't supported is extremely
| user-hostile.
|
| Hear hear! Markdown is definitely the new formatting
| standard, and it's amazing (I even take notes in .md
| files).
| throwaway9980 wrote:
| You're right, they aren't the first. That said, when I
| use accounting software, it's pretty obvious to me that I
| am going to be sharing my transaction history with the
| accounting software. When I connect my bank account to
| Venmo, it is absolutely not obvious to me that I'm
| sharing my entire transaction history with Plaid.
| Replicating the appearance of my bank's login screens is
| critical to the illusion.
|
| Even if I did understand that they are storing and using
| my credentials, I should be able to expect from a
| reputable business that they are not scraping irrelevant
| transaction data and then using it for purposes that
| don't explicitly support the app I am using. Selling my
| transaction history _definitely_ isn 't supporting the
| use case I'm authorizing.
| milesskorpen wrote:
| Fortunately, Plaid doesn't sell your transaction history,
| so this isn't a concern.
| Cederfjard wrote:
| Going by what was posted further up in the thread, that
| seems to be what TD Bank alleges in their suit?
| milesskorpen wrote:
| If you authenticate with <mortgage broker> via Plaid,
| then the broker pays plaid money and the broker gets your
| bank information. So I suppose in a sense that's "selling
| your data," but I don't think that's what people are
| concerned about: You explicitly sign into the mortgage
| broker to give them data!
|
| What Plaid has said on record they DON'T do is take that
| data they provided to the broker, bundle it up, and then
| sell it to marketing firms or hedge funds or other random
| third parties for which the user didn't explicitly ask
| their data to be shared.
|
| See: https://www.americanbanker.com/news/lawsuit-against-
| plaid-he...
|
| "Plaid does not sell and has never sold consumers'
| personal information or data. Consumer data is obtained
| and used with consumer consent. Plaid believes strongly
| that consumers should have permission-based access to and
| control over their financial data, and embodies these
| principles in its practices."
|
| That's pretty strong language.
| o-__-o wrote:
| READ: https://plaid.com/legal/#consumers
| tazard wrote:
| Any chance you could point me to something more specific?
| From your link I found this:
|
| > We do not sell or rent personal information that we
| collect.
| sangnoir wrote:
| Alternative title to this thread is "Plaid fails to sell
| customer data to Visa" (along with code, and the rest of
| the company). Consumers, _as well as Plaid_ , have _no_
| idea where this data is going to end up ultimately,
| depending on who winds up getting control of Plaid. What
| are the odds of Private Equity acquiring Plaid and
| "leveraging synergies" with the pay-day loan company in
| their portfolio? I think the odds are greater than zero.
| ROARosen wrote:
| From the press release: "Plaid is a financial services
| company that operates the leading financial data
| aggregation platform in the United States"
|
| I love the way they are literally defined as "the leading
| financial data aggregation platform in the United
| States", rather than "the leading financial integrations
| platform".
|
| Seems like Justice does know their _real_ business. And
| they don 't seem to care.
| smichel17 wrote:
| Re: formatting, I strongly suggest using markdown's
| [reference link syntax], which is much more readable when
| rendered as plain text.
|
| [reference link syntax]:
| https://daringfireball.net/projects/markdown/basics
| f430 wrote:
| Oh man I can't believe they actually pulled this on a
| Canadian Bank.
|
| I tell my founders to always always fly straight or don't fly
| at all because if you cut corners or deceive, it will come
| back to you.
|
| Had they been honest and played by the rules they could be
| sitting on a massive windfall.
|
| Unfortunately, some VCs and founders think like gangsters and
| get surprised when things dont plan out. Just because it
| worked for someone in your circle doesn't mean its gonna work
| for you. It is a horrible behavior to emulate.
| milesskorpen wrote:
| The deal didn't go through because of antitrust concerns,
| not because of TD's lawsuit.
| smnrchrds wrote:
| Yeah. TD is so tired of them they have a page warning
| customers about them, without naming names:
|
| > _When using a fintech app, you may be providing your
| confidential TD username and password directly to third
| parties over whom TD has no control. Please be aware that
| the sharing of your TD credentials is contrary to the terms
| of our agreements, and TD will not be responsible for any
| harm that results from the sharing of your credentials._
|
| https://www.td.com/us/en/personal-banking/security-
| center/fi...
| toomuchtodo wrote:
| TD should force a password reset every time a login
| occurs from Plaid on behalf of a user.
| cameldrv wrote:
| It's difficult to draw a clear line between what Plaid is
| doing and a phishing scam.
| smnrchrds wrote:
| The difference is the pinky promise that they will not do
| bad things with their access.
| cameldrv wrote:
| They are selling the data to marketing companies to build
| a dossier on you, and this could be used for any number
| of purposes once it is in the hands of data brokers.
|
| They're tricking people into handing over the
| information, and then they're using it for purposes that
| may harm the victim, so like I said, it's hard to draw a
| line.
| iancarroll wrote:
| I don't think this is true, and Plaid makes pretty
| explicit claims that they do _not_ do this, i.e.:
|
| - https://news.ycombinator.com/item?id=18655417
|
| - https://plaid.com/how-we-handle-data/
| cameldrv wrote:
| They do not make such an explicit claim in their privacy
| policy. There is a carve-out for "affiliates", although
| what constitutes an affiliate is not defined. They also
| say:
|
| "We may collect, use, and share End User Information in
| an aggregated, de-identified, or anonymized manner (that
| does not identify you personally) for any purpose
| permitted under applicable law. This includes creating or
| using aggregated, de-identified, or anonymized data based
| on the collected information to develop new services and
| to facilitate research."
|
| This is a cop-out used by a lot of services these days.
| De-identified data can be and is routinely re-identified.
| For financial transaction data this is fairly easy. For
| example, if you buy location data, it's trivial to
| determine where someone's home is, and therefore their
| likely identity.
|
| Once you have a set of locations a person visited, you
| can correlate them with financial transactions. Even just
| a couple of retail transactions are often unique. You
| were probably the only person who was at your
| neighborhood Starbucks on Monday at 6:37am and also at
| Starbucks on Friday at 7:32am. Your credit card
| transactions provide a time and a location for every
| retail transaction.
| nabaraz wrote:
| That was 2018 though when they were barely setting up.
| milesskorpen wrote:
| And still the case from what I've heard.
| coachtrotz wrote:
| Plaid can very well not use the data in this way, but any
| company using Plaid's APIs and gaining access to the end-
| user bank account can do whatever they want with the
| data. There are no restrictions on potential bad actors
| who will do this, and no consumer protections.
| milesskorpen wrote:
| Sure, and that would be true however a partner collected
| this data. It's true whenever you apply for a credit card
| or a mortgage.
|
| I believe that Plaid doesn't work with just anyone, and
| they do attempt to put some limited controls in place to
| block bad actors - just like any other platform in the
| world.
|
| All that said, the parent were suggesting that Plaid
| itself bundled and resold data for marketing purposes
| which it does not do (though I believe some of its
| competitors might).
|
| You should hold their feet to the fire for real issues
| (potential for misuse by companies that use Plaid to
| gather info, security concerns), not imaginary ones
| [deleted]
| novok wrote:
| Dont worry, visa, amex and MasterCard already do it
| directly
| cameldrv wrote:
| That's true, and perhaps the real reason this really is a
| very valid anti-trust action is that Visa would be
| removing their only real competitor for providing this
| type of data.
| dmix wrote:
| Doing it on purpose vs via black/grey market trickery is
| often treated as separate matters. Even if the legal mode
| is still full of moral issues that society has yet to
| fully confront.
|
| Phishing people's bank credentials has been fully
| established as a computer crime (not even just bad within
| civil law).
| Judgmentality wrote:
| I adore the idea of the Plaid founders, and everyone else
| deemed complicit in a court of law (I think this should
| likely include investors), going to fuck-you-in-the-ass
| prison instead of becoming billionaires.
|
| Alas, I've lived in Silicon Valley too long to believe
| that anything moral will ever occur when there's money to
| be made.
|
| It makes me sad that people actually admire this place
| for anything other than the geography.
| f430 wrote:
| Do you think Plaid founders are going to jail?
| [deleted]
| jtbayly wrote:
| No. He specifically implied that they would become
| billionaires instead of going to jail.
| f430 wrote:
| It's sad that we award unscrupulous behavior.
| morpheuskafka wrote:
| > Also, giving your credentials to any third party, including
| Plaid, voids the warranty at many financial institutions. If
| your account gets hacked and your money stolen, you may find
| out that the zero liability policy no longer applies to you.
|
| The trouble is, giving someone your account number also makes
| it not the bank's problem what they do with that number, even
| if it was clearly unauthorized by you. There's no good way to
| do ACH transfers without a high degree of trust in the
| recipient.
| thekyle wrote:
| I don't buy this. If I give someone a check (which has an
| account number on it) that doesn't mean they get to
| withdraw whatever they want from my bank account. What bank
| in the U.S. wont reverse fraudulent ACH debits?
| koolba wrote:
| > What bank in the U.S. wont reverse fraudulent ACH
| debits?
|
| Ah that's the key though, _you_ have to tell them to
| reverse it. I think you have 60 days in most cases. But
| the onus is on you to dispute the debit.
| sbeller wrote:
| handing out your login credentials is like giving a
| blanko check with your signature on it already.
|
| > What bank in the U.S. wont reverse fraudulent ACH
| debits?
|
| If you admit to handing out signed blank checks, I would
| hope that most if not all banks would at least have a
| discussion with you about how you may be not the customer
| they are looking for.
| [deleted]
| morpheuskafka wrote:
| It says on page 35 of my Bank of America Deposit
| Agreement and Disclosures:
|
| > If you voluntarily disclose your account number to
| another personal orally, electronically, in writing or by
| other means, you are deemed to authorize each item,
| including electronic debits, which result from your
| disclosure. We may pay these items and charge your
| account.
|
| It may be that there is some rule that says just giving
| someone a check doesn't count as "voluntarily disclosing"
| your account number.
| alfalfasprout wrote:
| Actually, if you hand someone a check they indeed _can_
| just use your account and routing number to pay for
| things using ACH.
|
| Hence why I avoid ever linking my bank to anything.
| jjeaff wrote:
| You are guaranteed a minimum of 30 days to contest an ACH
| charge. 2 days for businesses.
| coachtrotz wrote:
| Return timeframe is 60 days for Unauthorized Debit.
| judge2020 wrote:
| Yeah, banks could have done oauth2 years ago but it never
| happened.
| Nursie wrote:
| Open Banking in the UK does that now.
| Nextgrid wrote:
| Not really, considering it doesn't enforce a single,
| consistent API, so most companies will still use
| something like TrueLayer (our local equivalent of Plaid)
| to aggregate all these separate APIs into a single
| consistent one.
|
| Furthermore, "open" banking is very misleading because
| it's only open to corporations with deep pockets to
| obtain an AISP license/certification*, but doesn't even
| allow the account holder to gain API access to their
| _own_ account. Unless you 're lucky enough to be with a
| modern bank that provides that as a feature (which is
| legally separate from Open Banking, though often it's the
| same API), your only workaround is to sign up for
| TrueLayer yourself just to access your own account
| through them.
|
| * given the "deep pockets" requirement, it almost forces
| all the account aggregator apps/services (Emma, Yolt,
| etc) to have a somewhat scummy business model and
| monetize the captured data. Wouldn't it have been nicer
| that you _didn 't_ need deep pockets to gain read-only
| access, so that an indie developer could make such an
| account aggregator and not have to resort to a scummy
| business model to fund the certification/compliance
| expenses?
| Nursie wrote:
| Yes, it's only 'open' to FCA registered entities, which
| is an entirely reasonable requirement given how easy it
| is for scammers to get people to give away the keys to
| the kingdom.
|
| So no, it wouldn't have been nicer, it would have been a
| scammers delight.
|
| And yes, it does require a consistent API, thought it's
| perhaps open to a bit too much interpretation.
| Nextgrid wrote:
| > given how easy it is for scammers to get people to give
| away the keys to the kingdom
|
| Restricting API access doesn't help. There are plenty of
| idiots out there who willingly install remote access
| software on their computers/phones, fall for "authorized
| push payment" fraud when scammers tell them to move their
| money to a "safe account" or to pay overdue "taxes"
| (gullibility taxes?) over the phone and even use the two-
| factor card readers despite the "do not use over the
| phone" text being printed right on them.
|
| I'm not sure how _read-only_ API access would benefit
| scammers (if people can be tricked into granting API
| access, they will usually just as well install remote
| access software or just do the payments manually) but it
| would open up a nice field of self-contained, on-device
| money management apps that don 't need significant
| corporate (most likely VC) backing with all the (usually)
| nasty ramifications that entails.
| Nursie wrote:
| > I'm not sure how read-only API access would benefit
| scammer
|
| Information leaks are always useful to scammers,
| extortionists, blackmailers etc. It's one reason we
| protect financial info.
|
| Like the other poster said, VC money isn't really needed,
| though the process of getting accredited with the FCA is
| more than just paying for a license. The Open Banking
| Implementation Entity (or just Open Banking Ltd, whatever
| they're calling themselves at the moment) may be able to
| help you go through the accreditation process if you
| approach them, they were certainly talking about doing
| that for people a couple of years back.
|
| And before that you can sign up to their public sandbox
| service as a "Technical Service Provider" to start
| developing against the ecosystem, for nothing (I've done
| this though I've not really used the capability for
| anything).(You may need a Ltd company for this, can't
| remember off the top of my head)
| ethangk wrote:
| > Not really, considering it doesn't enforce a single,
| consistent API, so most companies will still use
| something like TrueLayer (our local equivalent of Plaid)
| to aggregate all these separate APIs into a single
| consistent one.
|
| That's not quite true. The CMA9 have to follow the Open
| Banking spec, and some other non-cma9 banks have decided
| to follow the same spec. In practise, there's some
| deviation from the spec between the banks (in part, due
| to ambiguity in the spec), but it's not like they're all
| pulling their own spec out of the air.
|
| > Furthermore, "open" banking is very misleading because
| it's only open to corporations with deep pockets to
| obtain an AISP license/certification*, but doesn't even
| allow the account holder to gain API access to their own
| account. Unless you're lucky enough to be with a modern
| bank that provides that as a feature (which is legally
| separate from Open Banking, though often it's the same
| API), your only workaround is to sign up for TrueLayer
| yourself just to access your own account through them.
|
| The 'deep pockets' don't need to be as deep as implied. I
| think it's <~PS3k. It's not something that only big
| companies can afford, but I agree, it's not something
| that an individual would use to test out an idea, which
| would push them towards something like TrueLayer.
| Nextgrid wrote:
| > I think it's <~PS3k.
|
| Do you have any more details? If this is indeed the price
| and it's a one-time cost without costly maintenance
| overheads (such as ongoing audits) I might just pay that
| to be able to release simple money management or just
| better UIs than the existing banks (even modern bank's
| apps have gotten worse lately as they try to push their
| "premium" offerings - looking at Monzo specifically
| here).
| viraptor wrote:
| That's what OFX was supposed to provide, but realistic
| support never arrived. Even banks which allow you to
| download OFX format searches fail at complying with
| basics of the standard. (https://www.ofx.net/)
| ehnto wrote:
| Good god that's disgusting behavior. Surely VISA would have
| seen this as a huge risk?
| [deleted]
| WesolyKubeczek wrote:
| > takes the information, stores it on its servers, and uses
| it
|
| So does, for example, Yodlee, when you use them to have an
| API for bank statements. I cannot say if they too monetize
| the data that opens up to them for grabs.
|
| It took legislation and years of preparation to enforce APIs
| and interoperability onto European banks (yes, I can now use
| bank A's app to view my account balance in bank B, while
| maintaining control over what kind of access I'm giving).
| Can't see it happening in the US, though, although the demand
| for such APIs is clearly there, given that companies like
| Plaid and Yodlee prosper.
| tadfisher wrote:
| I would wager that 90% of the business for Plaid, Yodlee,
| and Intuit is account verification; the thing that you used
| to do by having small ACH transfers of random amounts that
| you verify. The fact is that 90% of running a fintech
| business is identifying and bounding fraud risk, and these
| "banking API" companies are able to move the needle down a
| couple of basis points.
|
| _edit_ It 's shit like this that just screams for the Fed
| to force FIs to implement a standard API for verifying
| accounts and making transfers. I bet half of fintech would
| collapse overnight, but the collective cost savings would
| be in the billions.
| RC_ITR wrote:
| Yodlee literally sells the data directly to hedge funds.
|
| https://www.thetrustedinsight.com/investment-news/yodlee-
| jum...
| krisboyz781 wrote:
| No, that's not the problem at all. The problem is that Plaid
| falsely used TD Bank without having a relationship with the
| bank. The company literally has a bank partnerships team so
| that "void warranty" argument doesn't even make sense.
| gravyboat wrote:
| Why are you sorry for them? They are making the choice to work
| at Plaid when they know Plaid is a terrible legal phishing
| company.
| nailer wrote:
| FWIW their competitor Teller uses the bank's own native APIs.
|
| The idea is the bank can't shut off Teller clients without
| shutting off their own customers. This involves a lot of iOS
| reverse engineering.
|
| So things like Plaid's Capital One integration breaking for
| months have never happened with Teller - who've been running
| for something like 5 years now.
|
| https://teller.io/
| ZephyrBlu wrote:
| So Teller reverse engineers a bank's internal APIs and uses
| those to manage your account?
| nailer wrote:
| Yes.
| mattnewton wrote:
| I once went to use plaid to apply for a mortgage on one of the
| new fancy broker platforms. It asked me to type my login
| credentials.. sketchy , but alright banks and mortgage
| companies seem to trust them? Then they asked me to disable 2FA
| on my account and at that point it was indistinguishable from a
| phishing attack to me. I noped out and changed my bank password
| immediately.
| jsinai wrote:
| This is why a standard API is needed, like Open Banking in
| the UK. When I use a third party app, the access request is
| redirected to my bank app and authorisation is granted there.
| At this point it is explicit what data the third party will
| require. Once authorised, I'm redirected back to the third
| party's app. At no point have I given my credentials. This
| must be renewed every 90 days. Furthermore I can view what
| apps have access to my account and can revoke this access at
| any time.
|
| PS Yes I know people like Ben Thompson [1] and even the US
| Treasury (mentioned in the same link) advocated for a private
| solution like Plaid (and nearly by extension Visa), but
| seriously this seems like something that needs to be
| government regulated to prevent incentives for selling user
| data.
|
| [1] https://stratechery.com/2020/visa-plaid-networks-and-
| jobs/
| mtgx wrote:
| Pretty much how 99% of this data robbery happens by all
| surveillance companies.
|
| This is why Facebook is so pissed off at Apple that it dares to
| ASK users first.
|
| "Most users aren't aware what data is gathered about them" is
| about 10x more accurate than "users don't care about privacy",
| even though it's the latter that gets repeated all the time
| (with some help from the surveillance companies themselves
| spreading this propaganda).
| fintechthrow456 wrote:
| As someone who's worked in fintech for 10 years, I think this
| is a bad take. Out of all aggregators (what this is called),
| Plaid is by far the most open and privacy-forward.
|
| First, they're transparent about being a 3rd party that's part
| of the flow (see https://plaid.com/blog/the-all-new-plaid-
| link/). It's clear it's Plaid, they use neutral colors and not
| the bank's, etc. They have a portal where you can manage your
| data (https://my.plaid.com/).
|
| Second, they are very open about not selling data (unlike most
| of the their competitors). It's in their terms and their
| website (see https://plaid.com/how-we-handle-data/). I guess
| that could change, but from working with them I know it's part
| of their positioning so I'd be surprised if that changed.
|
| Third, they've announced bank integrations and afaik they're
| moving to OAuth where the banks support it (I've seen this in
| the wild, but can't replicate right now). The key here is where
| banks support it. I think you have to look at the historical
| context: the banks do not want you to own your data as a
| consumer. They don't want fintech apps to exist. Having talked
| to banks about integrating directly with them, it's onerous and
| only the big players can do it. Plaid's fighting the good fight
| for fintech startups.
|
| But yeah it's a less-than-ideal solution and it sucks that it
| doesn't work without creds flowing through and it's not clear
| regulators or banks will work to make it better. That sucks. I
| just think bashing on Plaid here is one-sided.
|
| (throwaway account because I work in fintech)
| ZephyrBlu wrote:
| > But yeah it's a less-than-ideal solution and it sucks that
| it doesn't work without creds flowing through
|
| I can appreciate that Plaid is trying to push stuff forwards,
| but (Presumably) storing your bank credentials in plain-text
| is a far worse than a "less-than-ideal solution".
| kelnos wrote:
| > _It 's clear it's Plaid, they use neutral colors and not
| the bank's, etc._
|
| Every time I've been confronted with a Plaid-backed bank
| login prompt, they use the bank's colors and logo, the word
| "Plaid" or their logo is either nowhere to be found or is in
| tiny fine print, and I run away screaming from that service.
| teagee wrote:
| I tried to use their API for a personal project and found
| starting one month a bunch of transactions were missing from my
| bank account. It turned out Chase included a promotion on the
| pdf statement that month which threw off their scraping algo.
| Really woke me up to their "tech", I changed passwords and
| avoid them now.
| Ericson2314 wrote:
| Well, better one small company doing that garbage than Visa! It
| makes it easier to avoid.
| kinkrtyavimoodh wrote:
| I am sorry to say this but your friends should really give a
| thought to why they are still working there. I understand that
| people have families to feed and mortgage, but they should at
| least consider changing jobs if they are software engineers.
| morpheuskafka wrote:
| They really do need an OAuth rather than save-and-forward-
| credentials approach to account access. Hopefully the new
| FedInstant platform will have improvements in this area.
|
| That said, I personally wasn't surprised to see they have this
| access. It makes sense that if you give them your bank
| password, they will have full access to your account unless
| they clearly convince me otherwise.
| judge2020 wrote:
| > FedInstant
|
| for the uninitiated:
|
| https://www.frbservices.org/financial-
| services/fednow/index....
|
| https://www.frbservices.org/financial-
| services/fednow/what-i...
| esotericimpl wrote:
| Their engineering team is so terrible. They implemented race
| conditions that caused their end users to receive data that
| didn't belong to the underlying account that they had
| connected.
| [deleted]
| Dirlewanger wrote:
| Blame the banks for dragging their feet and not making proper
| APIs for these companies to use instead of screen scraping.
| krisboyz781 wrote:
| That's not true. Plaid says they'll be accessing your
| information literally when you sign into your account.
| Kharvok wrote:
| I can confirm this as I currently use Plaid in a few projects.
| People have no idea what they are signing up for when they
| authorize this. It's possible to get near real time transaction
| data from somoene's bank account as well as monitor their
| account balances for any linked account essentially in
| perpetuity. With this data it's possible to back in to a lot of
| behaviors about someone's life. All of that is handed to any
| firm you authorize to link your bank account.
| [deleted]
| ultimoo wrote:
| This is so terrible. Is there an easy way for me to write to
| Plaid to delete all my information or do I have to go into each
| service and unlink?
| EricFortney wrote:
| Yes.
|
| https://my.plaid.com/help/360043065334-can-i-remove-app-
| acce...
| asibehar wrote:
| If you're in CA, use the CCPA. They claim to have removed my
| information in response to a CCPA request.
| hansvm wrote:
| Nice to see somebody respecting the law. Atlassian is still
| claiming that if they give my account to somebody else then
| they can ignore my CCPA claims.
| lambda_obrien wrote:
| Now I know why I can never think of good ideas for a business,
| I'm thinking about what I can build to help my customers, but
| in today's SV I need to be thinking how can I more easily steal
| user data at a lower cost than my competitors.
| briankelly wrote:
| Yes, awhile back my bank account was decoupled from Venmo for
| reasons unknown. I unwittingly used Plaid to sign into my bank
| account instead of the usual wait a couple days procedure. No
| indication whatsoever - only found out because I saw an
| article, probably on here, about this company and their
| basically fraudulent practices.
| ngai_aku wrote:
| I was under the impression that Venmo uses Plaid's APIs on
| the backend, no?
| briankelly wrote:
| I don't really know how the integration works. AFAICT you
| can avoid Plaid if you verify your account manually [1].
|
| https://help.venmo.com/hc/en-
| us/articles/221073067-Verifying...
| wh-uws wrote:
| Finally some antitrust enforcement!
|
| This was clearly going to be anti competitive and bad for
| consumers.
|
| Plaid has a great product and will either spac / ipo or be a
| great acquisition target for someone else.
| f430 wrote:
| Plaid broke the law and now someone can acquire it at a huge
| discount. They played themselves.
| dexterous wrote:
| You get an upvote just for the sheer brashness of that
| comment! :D
| d33lio wrote:
| It blows me away our legal system can prevent this but not a tech
| social media plutocracy?
| lovecg wrote:
| Baby steps.
| kemitchell wrote:
| Can? Sure. Motivated to do so? Not a given.
| nceqs3 wrote:
| Plaid acquired a direct competitor Quovo in 2019 for $200m. I am
| sensing a trend.
|
| https://www.businessinsider.com/plaid-acquires-quovo-2019-1
| thiscatis wrote:
| Looking at this from an opionated Open Banking side here in the
| UK, this is a good thing.
___________________________________________________________________
(page generated 2021-01-13 23:02 UTC)