What did Plaid do that Yodlee/Envestnet didnt? Was there some sort of collective amnesia, where everyone pretended this wasnt a solved problem, and to fund it being reinvented?
What does Plaid do better? Is it just a more modern stable variant, or does the end user experience something more akin to "one plaid account for all my plaid connected services." Do I have to type my bank account number in twice if I sign up for two services that utilize plaid?
When Plaid originally launched, their value proposition was much higher-quality connections to the top dozen or so most popular institutions in the United States - fewer data quality issues and better integration with MFA than you could get by screen-scraping. Since those banks have about half the bank accounts in the US, that's pretty nice. They later started supporting long-tail banks (the 15,000 or so other institutions in the United States), although without the same data-quality advantage as they have for the big banks.
From the perspective of a new startup, Plaid also has a much more modern API and treats documentation as a much higher priority than most of their competitors - you can get up and running in an afternoon, which is absolutely not the case for every provider in the space.
Plaid also had much better support, at least in the early days - level 1 support was a native English speaker with deep technical knowledge of the product, level 2 support was a founder of the company.
Yodlee had direct data api access to bank databases before Plaid was a sperm in an investors pocket. Its been more than a screen scraper for a long time.
Well, I don't have experience with the quality of Yodlee's data, but I can certainly confirm that around 2014 there were Plaid competitors who had much worse support for big banks than Plaid did. Compared to Yodlee, Plaid might have just been competing on price, developer experience, and support.
If you ever had to use Yodlee's API you would instantly understand. As late as 2011 they only had a poorly designed SOAP XML API that was a nightmare to deal with.
"* but good" is the vast majority of successful tech companies. iPhone wasn't the first smartphone. Facebook wasn't the first social network. Google wasn't the first search engine. Etc.
I would assume most of their early customers were not using Plaid exclusively, because they only supported a handful of very big banks. Every company that I've seen select Plaid as a vendor has either done so after considering many alternatives, or used Plaid data alongside data from other providers.
I think the dynamics of account aggregation lend themselves to a duopoly, not a monopoly. Account aggregation is an incredibly difficult problem for any startup trying to do something with financial data. It's super hard to a) convince people to sync their accounts, b) get their data correctly, c) at unit economics low enough to enable a business, all while ensuring strong security. Any significant improvement in any one of those areas, and you have a compelling case to switch account aggregation provider contracts.
Essentially, the problem is so hard that the quality of the solution really matters. While there are barriers to entry to supplying an account aggregation service (imagine building 15,000 web scrapers), there's a lot of demand for product improvement, which only happens when there's market competition.
Built a personal app for my bank and plaid docs and integration were way easier to understand, their pricing wasn't ambiguous, and it just worked out the box with very little work.
I think plaid allowed anyone to sign up, and had really good Developer docs. I didn’t get this impression from yodlee, though they may have updated their offering.
If I understand right, using Plaid means giving bank account credentials to a 3rd party by design.
Let's say, for sake of argument, one day a Plaid user logs on to their bank account and discovers missing funds. Does the bank get to say Plaid users automatically lost consumer protections under e.g. Reg E and similar by sharing account credentials? Not an expert but it seems to me the answer is probably yes.
It's a little bit of a grey area, but the answer to your question is generally yes.
That's why Europe's move to require a modern, unified API for banks, planned to start this fall, is such a great thing. https://www.openbankingeurope.eu/ Most banks' incentives are not aligned with giving data to third parties ever. This is a case where hands-on regulation to compel banks to participate, and thereby clearly assigning legal liabilities, is such a great thing. Otherwise, we know for a fact that providers like plaid will fill that gap in functionality, kindof like the economics of black markets.
A relatively simple fix for this would be for banks to allow me to create a read-only user ID and a transactional user ID...I could hand the read-only credentials to services like Plaid. I suggested this to Fidelity over a year ago and they looked at me like I was crazy.
Banking in the US is so horrible at the moment. there’s an immense opportunity for someone to come through and give a better consumer experience, but I fear the barriers to entry are far too high. I had high hopes for Simple.com, but they ended up destroying about every useful feature they had and falling way short of the mark...
Yes, I've wanted this for years. I still use Mint but I hate the password part.
There was a clever hack someone posted here a while ago about using the email alerts feature to essentially get a read-only feed of transactions from a bank account. It does require you to parse the email and build your own system, so it wouldn't work for most people.
i did this for personal use a while back, but the biggest issue i faced was that the merchant name in the email alert was truncated, so it wasn't the same level of info quality that mint/plaid can provide (since they have the complete merchant name)
yes, you would think all banks would have or be required to provide a read only user/pass or api to your data, designed for this. This one reason I never used Mint. Great idea, but not providing them with your full account user and password.
Sorry, what I meant was - even if Plaid has username and password, they won't be able to login, at least with BofA, they ask security questions, image identification etc
Plaid's entire ideology has always seemed back-asswards to me. As far as I can tell it boils down to
1) Ask users for their plaintext login details to financial institutions
2) Store those details unhashed because they'll be used to authenticate directly with said institutions because they're not implementing some sort of reasonable Oauth flow
3) If users have 2fa enabled and the 3rd party doesn't allow app-specific passwords ask users to disable 2fa JUST so the user can use Plaid???
It seems like the product goes against every single good practice that websites have been trying to train into their users for years i.e. `Don't type your password for abc.com unless you literally see abc.com in the URL bar`. Not to mention they masquerade as an Oauth flow with plaid.js on sites that support it.
Can somebody explain ANY way in which Plaid is a net good for users/security/etc??
Everything you described is fundamentally a problem with banks not with Plaid.
Plaid solves the problem of people wanting to give third-parties access to their financial data. The fact that in some cases it's a kludge to work around this and not secure end-to-end (although I do think Plaid natively supports 2FA now, at least for some banks) is due to the banks not making this easy.
At the end of the day people are going to get what they want, and many many many people prefer convenience (in this case, the ability to use third-party services like Truebill, Mint, etc etc) over perfect end-to-end security.
> Everything you described is fundamentally a problem with banks not with Plaid.
I don't disagree, but banking is not an arena where "creative disruption" that has harmful side effects should be welcomed. The reason you can't send money from one bank to another efficiently in the US but can in the UK is purely due to regulation. Or why there isn't an Open Banking Initiative in the US but there is in the UK. Once again, regulation.
The private market isn't making the solution better in this case because their implementation is reckless and potentially harmful.
> The private market isn't making the solution better in this case because their implementation is reckless and potentially harmful.
You could make this same argument about the existence of online banking. At some point utility supercedes risk. Personally, I feel fortunate to live in a society where I am able to make that decision for myself rather than the government making it for me.
> You could make this same argument about the existence of online banking.
How so? If I'm using Wells Fargo and I find out they have a breach, I can happily switch to another bank because they're clearly being incompetent. If a software provider that I'm using uses Plaid and Plaid gets hacked, then my banking data is potentially compromised. The bank has zero control over that, so there is no impetus for me to change banks, yet it's their data that has been compromised.
> Personally, I feel fortunate to live in a society where I am able to make that decision for myself rather than the government making it for me.
For most things, yes I agree. Do you think it's any coincidence that the banks haven't adopted modern/secure API access even though their consumers demand it? That's not the definition of a free market and is at odds with "having a free choice is better than having the government do it for me".
>> At the end of the day people are going to get what they want
The end of _that_ day is when all of their credentials are leaked from a data compromise.
I would agree that most people prefer convenience to security (and that they are two opposite points on the same line), but people only learn what security means when it's too late.
I actually don't want to give 3rd parties access to my financial data, but I do because there is no cloudless, desktop application that provides the functionality of Mint & its friends/competitors.
I was trying to get a mortgage and the agent made me download their app and fill it there. I had to put my bank username and pass in the app. I thought it is Auth2 and I am putting those credentials in the bank website.
Now I am wondering could it been Plaid? I read that they are mimicking bank's page design.
there was no URL in the app to verify where I am putting my credential in.
now that I am thinking about it, it was super stupid of me.
I bought a home last year and had to do none of that, although I will say I had to share some PII (SSN in particular) through email. They claimed that email was “SECURE” several times, but without an explanation of what security measures they take and given that I used my normal mail client to send an unencrypted message, I’m assuming my data is just sitting around undeleted on someone’s mailbox.
FWIW, I'm very familiar with Plaid as I've worked in several FinTech startups using Plaid for various reasons. If you simply want to revoke Plaid's access all you need to do is change your bank password. Of course, all past data will live on in Plaid. If you're a EU user, you can request to have your data removed. Curious what their response might be if you're not in the EU. Hate to be cynical, but I bet they'll ignore you as is all too common for customer service these days.
Plaid is a great product that can provide alternative paths to credit for people with poor credit scores, but the fact that they give developers access to all your banking activity for months after using it once is pretty scummy. The ethical thing to do would be to provide a one-time snapshot unless the user is made explicitly aware of and agrees to allow the developer to access their bank transactions whenever they like.
What does Plaid do better? Is it just a more modern stable variant, or does the end user experience something more akin to "one plaid account for all my plaid connected services." Do I have to type my bank account number in twice if I sign up for two services that utilize plaid?