You’ve likely encountered Plaid when linking your bank account to popular financial apps like Venmo, American Express, or Upstart. Plaid acts as a behind-the-scenes connector, securely authenticating your financial data to allow these services to access your information. This raises a common question: What Is Plaid, and is it safe to use? The answer is yes, Plaid is widely considered a safe and secure way to connect your financial accounts. It employs robust security measures and encryption to protect your sensitive data and operates with your explicit permission to share information.
How Plaid Works
Plaid functions as an intermediary between your bank or credit union and the various financial applications you use. Imagine you want to use a budgeting app like YNAB (You Need A Budget) or a portfolio management tool such as Personal Capital. These services require access to your financial transaction data to provide their features. Instead of directly providing these apps with your bank login credentials, Plaid steps in as a secure middleman.
Plaid establishes connections with a vast network of financial institutions, including major banks like Bank of America, Wells Fargo, American Express, and U.S. Bank. When you use an app that utilizes Plaid, you’ll be directed to a Plaid interface to link your account.
Plaid as an Intermediary
Think of Plaid as a secure messenger. It doesn’t store your bank login details but facilitates the secure communication channel between your bank and the app you’re trying to connect. This intermediary role is crucial for protecting your sensitive information.
Authentication Process
When you connect an app through Plaid, a Plaid-branded window will appear. For example, if you’re linking your Chime account, you’ll be prompted to enter your Chime username and password directly into this Plaid window. This login information is securely transmitted to Plaid, which then contacts Chime to verify your credentials. If you have two-factor authentication (2FA) enabled on your bank account, you’ll also complete that verification step within the Plaid interface. Plaid also offers its own 2FA in cases where your bank might not support it, adding an extra layer of security. Plaid emphasizes its commitment to security by adhering to internationally recognized security standards such as ISO 27001, ISO 27701, and SSAE18 SOC2 compliance.
Once your bank information is authenticated through Plaid, a secure connection is established. This connection enables the authorized transfer of financial data, such as transaction history and account balances, to the financial app you’ve approved. Companies like Sezzle, an installment payment platform, utilize Plaid to facilitate secure financial authorizations, allowing customers to pay via Automated Clearing House (ACH) for more efficient transactions.
Plaid Security Measures
Security is paramount for Plaid, as it handles sensitive financial data. The company employs multiple layers of security to protect user information.
Encryption and Protocols
Plaid utilizes advanced encryption protocols, including Advanced Encryption Standard (AES 256) and Transport Layer Security (TLS), when transmitting financial data. These industry-leading encryption methods ensure that your data is scrambled and protected during transmission, making it virtually unreadable to unauthorized parties.
Other Security Practices
Beyond encryption, Plaid implements various security best practices to safeguard user data, as outlined on their Trust and Safety page:
- Multi-factor authentication (MFA): Plaid offers MFA to enhance account security, especially if your financial institution doesn’t provide it.
- Bug bounty program: Plaid actively encourages security researchers to identify and report potential vulnerabilities through a bug bounty program, adding an extra layer of scrutiny to their security systems.
- Data privacy commitment: Plaid pledges not to share your data without your explicit permission and asserts that they will never sell or rent your personal information to other companies.
- User data control: Plaid empowers you with control over which companies have access to your financial data and the specific data points shared with each company.
Plaid and Data Privacy
Plaid emphasizes user privacy and control over their financial data. You maintain control over which applications connect to your accounts through Plaid and can manage these connections.
User Data Control
By acting as an intermediary, Plaid ensures that financial sites only receive the specific information you authorize, rather than gaining access to all of your banking data. This granular control over data sharing enhances your privacy and security.
Addressing the Plaid Class Action Lawsuit
It’s worth noting that Plaid settled a class-action lawsuit, agreeing to a $58 million settlement for users of platforms like Venmo, Robinhood, and Coinbase who had used Plaid’s interface. The lawsuit alleged that Plaid collected and stored excessive user data, including bank account login credentials on their systems. While this lawsuit occurred, Plaid has since reinforced its security measures and data handling practices. It’s important to consider that this settlement relates to past practices, and Plaid has evolved its security protocols and data management since then.
Conclusion
Plaid serves as a crucial fintech infrastructure, connecting over 11,000 companies to users’ financial accounts. It’s the technology powering connections for popular apps like Venmo, Acorns, and Betterment. When you use Plaid, you authenticate your bank login directly with your financial institution, ensuring that the third-party app never directly sees your sensitive credentials. Instead, the app receives confirmation of successful login and only the authorized financial information you permit it to access.
While entrusting any third-party with financial account access may raise concerns, Plaid is committed to robust security practices. They prioritize data protection, do not sell or rent user information, and provide users with significant control over their data sharing, making it a secure and efficient way to connect your financial world.
