tag:infinitekind.tenderapp.com,2009-01-14:/discussions/online-banking/19898-accessmanage-plaid-account-linked-to-md-subscriptionInfinite Kind: Discussion 2023-03-29T21:10:18Ztag:infinitekind.tenderapp.com,2009-01-14:Comment/494388292021-10-16T19:49:17Z2021-10-16T19:49:17ZAccess/Manage Plaid Account linked to MD+ Subscription<div><p>FYI - in the U.K., with open banking, I can log on to my bank(s) and actually see the plaid access and then revoke access. But I agree this is not the plaid portal and I’ve not found a way to do this.</p></div>Stuart Beesley (Mr Toolbox)tag:infinitekind.tenderapp.com,2009-01-14:Comment/494388292021-10-16T20:22:42Z2021-10-16T20:22:42ZAccess/Manage Plaid Account linked to MD+ Subscription<div><p>I'm a fellow user.</p>
<p>I do not believe you have an account with Plaid rather it is The Infinite Kind (Moneydance) that has an account with them and gets directly billed for the service.</p></div>dwgtag:infinitekind.tenderapp.com,2009-01-14:Comment/494388292021-10-16T20:33:38Z2021-10-16T20:33:38ZAccess/Manage Plaid Account linked to MD+ Subscription<div><p>@Stuart - thanks, unfortunately, it appears this will be hit or miss at best. I have not found a Plaid connection in a couple of accounts I've sampled so far, though I did notice that Chase will let me call them to disallow connection from Desktop Apps (though I suspect that is from my old OFX connection not the Plaid connection).</p>
<p>@dwg -</p>
<p>I'm keying off of language like this from the Plaid "For Consumers" page:</p>
<p>"When you connect with Plaid, you have control over who you’re sharing your data with. To manage the connections between your financial institutions and your apps, or to delete your data from Plaid’s systems, visit my.plaid.com."</p>
<p>I'm also keying off of MD's recommendation to read the Plaid Privacy policy. If the Plaid account is owned by MD and I have no rights in respect to it, then how is the Plaid Privacy policy helpful to me.</p>
<p>More importantly, how do I ensure Plaid deletes my data if I discontinue my MD+ subscription if I have no direct access to the Plaid account.</p>
<p>Hoping someone from IK can speak to this. Seems like a pretty important thing to have looked into and considered before rolling out this service.</p></div>natonictag:infinitekind.tenderapp.com,2009-01-14:Comment/494388292021-10-16T22:08:23Z2021-10-16T22:08:23ZAccess/Manage Plaid Account linked to MD+ Subscription<div><p>… I’ve also posed the same questions.</p>
<p>I believe if plaid has ‘token’ access (ie they are not holding your username/password) then your bank might Show the access details. But probably if they do hold your user/password then the bank might not know. Just a guess.</p>
<p>I have tried creating a my plaid account and my accesses do not show (as they are held by MD). I did raise a plaid HELPDESK ticket and they said they would search for the access if I proved my identity with them.</p></div>Stuart Beesley (Mr Toolbox)tag:infinitekind.tenderapp.com,2009-01-14:Comment/494388292021-10-18T10:00:24Z2021-10-18T10:00:24ZAccess/Manage Plaid Account linked to MD+ Subscription<div><p>Stuart and dwg are correct: you don't technically have an account with Plaid, but you do have a set of connections that are links between you and a login/username at each bank to which you connect. We do send to Plaid an opaque "user ID" when setting up each connection, but I don't see any way that Plaid could resolve that ID back to your real-world identity. They could in theory use that ID to associate multiple connections, but I don't know if or why they would do this.</p>
<p>Thanks,<br>
Sean</p>
<p>--<br>
Sean Reilly<br>
Developer, The Infinite Kind<br>
<a href="https://infinitekind.com">https://infinitekind.com</a></p></div>Sean Reillytag:infinitekind.tenderapp.com,2009-01-14:Comment/494388292021-10-18T13:18:58Z2021-10-18T13:18:58ZAccess/Manage Plaid Account linked to MD+ Subscription<div><p>Thank you for the reply. I may be misunderstanding Plaid's role in this system. I assumed that when I connect MD to my bank by using Plaid that Plaid, as an aggregator has access to my accounts (I do enter my credentials to access those accounts through the Plaid web interface). Is this not the case? If Plaid does have access to the accounts, how would I ensure that access is terminated and any financial data purged were I to discontinue my MD+ subscription?</p></div>natonictag:infinitekind.tenderapp.com,2009-01-14:Comment/494388292021-10-18T14:01:45Z2021-10-18T14:01:45ZAccess/Manage Plaid Account linked to MD+ Subscription<div><p>If you enter your UserID/Password when registering a MD+/Plaid Link on a web popup page that is a Plaid page, then YES, Plaid have your userid and password... If you get your bank's webpage to enter your details (like we do in the UK for open banking) then NO, Plaid do not have your credentials...</p>
<p>This doesn't answer however your main question about how do you know that Plaid has destroyed your credentials when requested....</p></div>Stuart Beesley (Mr Toolbox)tag:infinitekind.tenderapp.com,2009-01-14:Comment/494388292021-10-18T14:24:10Z2021-10-18T14:24:10ZAccess/Manage Plaid Account linked to MD+ Subscription<div><p>Yes - this is my concern. The MD+ mechanism is redirecting to the Plaid web page so the credentials are entered there. This is a security and privacy concern and since Plaid's relationship is not with me, I cannot directly hold them accountable for should any breach occur in Plaid's service.</p></div>natonictag:infinitekind.tenderapp.com,2009-01-14:Comment/494388292021-10-28T01:10:07Z2021-10-28T01:10:08ZAccess/Manage Plaid Account linked to MD+ Subscription<div><p>I thought MD+ with Plaid allows two factor identification for improved security.. I used my password and a Verasign code (a one time code only usable for 10 minutes) to connect MD+ to Plaid. But when I download transactions days later, it downloads and does not request a new Verasign code.</p></div>JWAtag:infinitekind.tenderapp.com,2009-01-14:Comment/494388292021-10-28T05:22:59Z2021-10-28T05:22:59ZAccess/Manage Plaid Account linked to MD+ Subscription<div><p>So. When you authenticated, were you on a bank web login page or a plaid web login page? If a bank web page (like happens in the U.K.), then the bank grants plaid an access token which is valid for x months. So it depends on what happened when you authenticated.</p></div>Stuart Beesley (Mr Toolbox)tag:infinitekind.tenderapp.com,2009-01-14:Comment/494388292021-10-28T13:19:35Z2021-10-28T13:19:37ZAccess/Manage Plaid Account linked to MD+ Subscription<div><p>It must have been the bank site. I didn't notice I had the choice when I connected MD to Plaid. Is there a way to change the connection to the Plaid web login page?</p></div>JWAtag:infinitekind.tenderapp.com,2009-01-14:Comment/494388292021-10-28T14:10:37Z2021-10-28T14:10:37ZAccess/Manage Plaid Account linked to MD+ Subscription<div><p>I doubt it, but if if there was, I would not do that..</p>
<p>Using the bank's own page is secure and Plaid only has a revokable token... Using Plaid's page to login to your bank means Plaid has and stores your logon credentials.....</p></div>Stuart Beesley (Mr Toolbox)tag:infinitekind.tenderapp.com,2009-01-14:Comment/494388292021-10-28T21:11:14Z2021-10-28T21:11:14ZAccess/Manage Plaid Account linked to MD+ Subscription<div><p>What method Plaid uses to access the data depends on the services a bank provides.</p>
<p>Under Open Banking it is via a token which you authorize, thus Plaid holds this token (which you can revoke at any time) they never have your login credentials.</p>
<p>If a bank uses FDX again it looks to be via a token, the same if they are using OFX + Oauth. However if they have to use vanilla OFX, file downloads or even screen scraping then they need to hold your username/password combination.</p>
<p>Open banking is not geared towards product vendors like the Infinite Kind, and the way the instiutions in the US are approaching FDX would seem likewise, hence the move towards aggregators. For institutions that do not provide the more security conscious methods that is the price you pay for convenience of automatic downloads.</p></div>dwgtag:infinitekind.tenderapp.com,2009-01-14:Comment/494388292022-12-28T21:06:50Z2022-12-28T21:08:32ZAccess/Manage Plaid Account linked to MD+ Subscription<div><p>This has been closed for a while, but since I opened it and have new information, I'm replying here for those who might come later. Plaid now has (and may have always had) a way for a user to manage their connections with authorized apps/services like MD+.</p>
<p>You can go to <a href="https://my.plaid.com">https://my.plaid.com</a> and sign up for an account with your phone number (the same one you have given the financial institutions on either side of the connection). Plaid will verify you own the phone number and then let you know if you have any accounts linked to it. You can then disconnect access for those accounts if necessary. I was able to confirm this works with the accounts I've connected through MD+ (and other services) and it satisfies the last lingering question I had about MD+ security.</p>
<p>Once you have an account, Plaid will also let you add other accounts (which might not be associated with your phone number) and will let you control services connected to them as well.</p></div>natonic