Thank you for reading IT Enlightenment for SMBs, a weekly series that provides actionable IT advice & tech tips for your business’s growth and success. These tips stem from over 20 years of providing executive-level IT management to hundreds of small and mid-sized organizations, like yours, in a variety of industries. As the founder and principal of Pagoda Technologies, my purpose is to help business owners secure and streamline their operations, optimizing productivity and cybersecurity so that they can achieve their goals and focus on the work that matters most to them.
I’m glad you’re here and hope these weekly tips are invaluable in informing the success and security of your business. Make sure to subscribe using the button above!
When you conduct financial transactions (electronic fund transfers, trading, investing, etc) using online tools there is more often than not a third-party involved. This third-party is responsible for seamlessly connecting your financial institution with the selected fintech app. And, as it turns out, there is one third-party application that has a near monopoly on the world of online finance: Plaid.
There is one third-party application that has a near monopoly on the world of online finance: Plaid.
Whenever a third-party asks to gain access to your banking credentials it warrants asking a few questions of your own:
Let’s start with one additional basic question before we dive into the others:
What exactly is Plaid and why is it so ubiquitous in the online banking landscape?
What is Plaid?
Plaid is a fintech application that connects your financial institutions with other fintech apps that provide online payment, banking, and investment services. Some examples of these tools include Venmo, Zelle, Chime, Acorns, Robinhood, Betterment, and SoFi.
Plaid is what allows you to transfer money directly — without fees — from your checking or savings account into a friend’s Venmo account or vice versa. It is connected with over 10,000 financial institutions. If your bank supports a third-party connection, then it’s a safe bet that it’s using Plaid.
Plaid’s website explains the need for their service like this:
"There are more than 11,000 financial institutions in the U.S., but they structure and manage their data in many different ways. For an app that wants to enable users to connect their financial accounts, building a digital connection to a single financial institution can take a lot of engineering time and expertise. Now imagine doing that thousands of times. For many companies, it’s not feasible."
Plaid makes this feat feasible by acting as the intermediary and ensuring platforms like Venmo never have access to your banking credentials while linking the accounts to allow for transactions to take place.
How does Plaid work?
Plaid is integrated into participating apps so users are not required to pay for or create a Plaid account to use the service. Platforms use Plaid to securely share necessary information between your financial institution and the platform in order to conduct transactions and other financial services. With Plaid, your banking credentials are never shared with the platform. Instead, that data is stored on Plaid’s platform using some of the highest encryption protocols available.
After you share the required personal information, you’re taken through a series of steps to complete the connection.
Below are the steps Venmo takes you through to connect a bank account to the app:
What data is shared with Plaid?
The data shared with Plaid depends on the service using it, but in general you can expect the following data to be collected and stored on Plaid’s network:
Personal information: Full name, address, phone number and email address
Account information: Account name or type, account number, routing number, balances, transaction dates, types of transactions, and transaction descriptions
Recommended by LinkedIn
How secure is Plaid?
Thousands of financial institutions and brands use Plaid to allow for seamless online financial experiences. Plaid touts itself as “the most trusted digital finance platform” and has the security practices to back that claim.
Multi Factor authentication
Plaid uses MFA to add an additional layer of security to each connection, if your bank doesn’t offer it.
Advanced encryption protocols
Advanced Encryption Standard (AES) protects stored data and Transport Layer Security (TLS) is used to protect data in transit between applications. (TLS is the standard security protocol used to encrypt websites using HTTPS.)
Independent security testing
Uses an independent party to conduct security testing and has a bug bounty to catch vulnerabilities in the platform as quickly as possible.
Ongoing monitoring
Plaid boasts around-the-clock monitoring to ensure they are always available to react to security threats.
Compliant with global security standards
Plaid complies with global security standards such asISO 27001 and ISO 27701. The platform also participates in annual SOC 2 Type II compliance audits. This level of compliance demonstrates a strong commitment to protecting customer data.
User control and transparency
You can keep track of which of your accounts are connected to Plaid by creating an account on my.plaid.com. With a Plaid account, you can see what data has been shared with the app and which financial institutions are connected to Plaid. You can also easily discontinue sharing info with these financial institutions and delete any data stored on Plaid’s platform/network.
2021 Lawsuit against Plaid
It is important to address that in 2021, Plaid paid $58 million to settle a class-action lawsuit filed in California in relation to its data privacy practices. The primary claim was that Plaid accessed users’ bank account data without their knowledge. This is why you now receive a notification in apps like Venmo clearly stating that the app uses the fintech app to connect financial accounts. Plaid also denied claims made that they sold consumer data to third-parties as this directly goes against their own privacy policy.
Should you give Plaid your banking credentials?
Plaid has proven itself to be a secure platform that you can trust with your banking credentials. (Identitytheft.org even gives it its stamp of approval.) This is fortunate because it is now difficult to use most fintech apps without allowing for the integration of Plaid. Their track-record as well as high-level of encryption, security monitoring, and commitment to protecting user data indicates that Plaid walks the talk when it comes to security and data privacy. You can trust this platform both as a consumer and as a business.
With that said, it’s always important to follow all required and recommended security protocols for your financial institutions, such as MFA, secure passwords, and storing your login credentials in a trusted password management service.
Missed last week’s IT advice & tech tips for business success? Read last week’s edition here and be sure to subscribe.
We publish a new blog post on our website on the 1st and 3rd Thursday of the month. These posts tend to be more in-depth than our weekly series, so make sure to visit our website and subscribe to our monthly newsletter to keep your business highly-informed.
Ready to talk about how Pagoda Technologies can provide you with an IT service partner at an affordable, flat monthly rate? Let’s connect and get you on the calendar for your free consultation.