Read on Twitter
When I thought the US financial landscape couldn’t get any worse… Plaid happened.
First @TransferWise. Now the @CashApp just asked me for my bank username, password and 2FA token to give me my money. Account closed.
To be clear this is not OAuth, this is phishing as a service.
First @TransferWise. Now the @CashApp just asked me for my bank username, password and 2FA token to give me my money. Account closed.
To be clear this is not OAuth, this is phishing as a service.
In order to do an ACH, which only requires an account and routing number, Plaid uses your credentials to collect:
your transaction history;
info about your credit and loan accounts;
the assets you invest in.
From https://plaid.com/legal .
your transaction history; info about your credit and loan accounts; the assets you invest in.From https://plaid.com/legal .
Plaid should be ashamed to be in the business of phishing users.
Banks should be ashamed they made Plaid possible by not providing OAuth, proper APIs, and c2c transactions.
Most of all, @TransferWise and @CashApp should be ashamed to be selling out their customers to Plaid.
Banks should be ashamed they made Plaid possible by not providing OAuth, proper APIs, and c2c transactions.
Most of all, @TransferWise and @CashApp should be ashamed to be selling out their customers to Plaid.
I get particularly incensed about Plaid because 1) it deceives regular users who don’t have any reason to think a 3rd party is involved 2) it normalizes phishing 3) it abuses the user’s trust in financial institutions and 4) it gates a transaction that the user might really need.
