Note that there are <i>two</i> major security flaws in Plaid when it comes to authentication:<p>Since banks don't provide secure mechanisms for third-party authentication and authorization, e.g. OAuth, Plaid receives you credentials in plain text and will then use them to communicate with the bank. So you really have to <i>trust</i> Plaid.<p>The second weakness is even more dangerous: Apps implementing the Plaid authentication flow will show the Plaid "login page" with bank selection in an overlay on their own sites. Since this is <i>not</i> a redirect again, you don't even see whether your credentials are transferred to Plaid or the third-party app. That is, you have to trust your bank (sure!), Plaid (okay!) <i>and</i> the app using the auth flow (dangerous!).<p>You should fix this!
This is really good news. Plaid has an amazing API, it makes it very easy to get your own financial data. I'm trying to analyze my own spending habits / make a budget-allocator using my own patterns, so it's been insanely helpful. My big fear with all small SaaS's if they just suddenly shutter, so a new round of fundraising is always good news :)
I'm going to be really rude here (forgive me) but I feel like every time a security question comes up you dodge the question really hard.<p>I want to know one thing: If I log into your service with my bank credentials. Do you store these as plaintext files (or "encrypted" files of which you have the encryption key)? Yes/No.<p>Furthermore, congratulations! I've been trying to start something up like this in Europe but I feel like there are way more restrictions in Europe on banking data and this kind of third-party aggregation. Sorry for being so rude.
For those interested in a European perspective, the Revised Payment Services Directive (aka PSD2) will in a similar fashion to Plaid's API, force banks to offer APIs for not only client information but payment. If implemented it will probably create radical change and opportunity in FinTech across the EU.
Congrats Plaid! Opening up banking data via API is a great enabler for fintech startups to create valuable apps. I interviewed them a couple months back: <a href="https://medium.com/get-put-post/how-plaid-s-api-brings-finance-into-the-21st-century-efc174028f09#.si7lqyoik" rel="nofollow">https://medium.com/get-put-post/how-plaid-s-api-brings-finan...</a>
Was just looking at Plaid this weekend, seems really slick. The only thing that gave me brief pause was no public pricing (or indication of order of magnitude).
Awesome news! Does anyone have a detailed and unbiased pros/cons of Plaid vs. Yodlee - thinking about integrating with one for my startup.
I think the one area I'm most interested to learn about is the data quality / depth / breadth - do they offer the same? Which one is better? Why?
Hey Plaid, interested user here! I'm curious why you don't have any pricing on your web page. I'm just trying to do a back of the envelope calculation on how much it would cost to use your service.
Does Plaid have billing data? Ostensibly, that was the motivation for Intuit's Check acquisition.<p>It's also interesting that Intuit runs their own massive aggregation effort that they haven't attempted to product-ize...