Plaid lack of privacy

S2C's Avatar

S2C

13 Jul, 2023 03:22 PM

It's been now 9 months since Chase has turned off their QFX portal and the only option MoneyDance has been offering is through Plaid...

Plaid is a TERRIBLE idea and opens an unacceptable breach of privacy. To be clear, every time you use Plaid to access bank activity, this service downloads AND STORES your financial transactions. And do not think for a minute that your privacy is protected. There is zero privacy control, they can do whatever they want with your financial history. Feel like letting the world know what restaurant you go to, which doctor you visit, where you buy gas on a trip, what store you patronize? The data will be sold to companies that target you for their marketing, but it can also be subpoenaed. Plaid does not have the iron-clad industry privacy protection that a financial institution has. And it can be hacked. Their database is not secure at the level that a bank database is (e.g. PA-DSS standards, etc.)

There has already been several lawsuits against Plaid. Caveat emptor - buyer beware.

It is time for Moneydance to offer another solution that does not expose user privacy the way Plaid does.

  1. 1 Posted by -Kevin N. on 13 Jul, 2023 04:22 PM

    -Kevin N.'s Avatar

    Hi S2C,

    Personally, ever since Chase dropped OFX direct-connect access to my data, I kept my Chase credit card account open, but I rarely use it anymore. They still offer manual downloads in CSV, QIF & QFX formats so that's good enough for the amount that I use the card.

    It was a little bit of a hassle but I opened a new credit card account at my bank (Regions) that provides free OFX direct-connect access and some pretty generous cash-back incentives.

    Screw Chase and any other financial institution that makes my life more difficult.

    -Kevin N. (not a member of Moneydance Support)

  2. 2 Posted by dwg on 13 Jul, 2023 10:09 PM

    dwg's Avatar

    With financial institutions withdrawing Direct Connect services if folks want Automatic downloads then using aggregators is really the only possible solution. Moneydance cannot become an aggregator it does not have the resources to do so.

    Attempts were made to automate downloads via the institutions web site, however after a considerable amount of work it was found that just continuing to develop and maintain this would be a major undertaking, probably of a scale to rival Moneydance itself, hence it proved to not be viable.

    The most private solution, short of manual data entry, is to download and import transactions manually.

  3. Support Staff 3 Posted by Maddy on 14 Jul, 2023 09:27 AM

    Maddy's Avatar

    Hi,
    Thank you for contacting Moneydance support.

    To clarify:
    In order to link to your bank, Plaid will redirect your browser to the bank's site which authenticates you directly. Neither Plaid nor Moneydance ever sees your password or even username for that matter. The bank redirects your browser back to Plaid with a token that is used to access your accounts at that bank for some period of time.

    As soon as the access token is acquired by the Moneydance+ server, it is encrypted using the public key from your linked data file. That means that only your data file can ever decrypt that access key, and even our server cannot access it.

    We've made every effort possible to not require the Moneydance+ server at all and have all communication go between Moneydance and your bank or Moneydance and Plaid. Unfortunately, that's simply impossible, so we went with the route where the MD+ server is the smallest most basic piece that sees as little information as possible.

    So, when Moneydance downloads transactions, it has to go through the MD+ server which authenticates your data file's public key and then basically pipes the connection through itself to Plaid which returns your transactions.
    (logging nothing)

    We chose Plaid specifically for their better privacy policy regarding end-user data. They do not share or distribute your data in any way according to the people we've talked to there as well as their privacy policy which you can find here: https://plaid.com/legal/#end-user-privacy-policy

    Finally, for further information it might be useful referring you to our blog page about Moneydance+, Privacy, and Subscriptions.

    I hope this information is helpful. Please let us know if you have further questions or need more assistance.

    --
    Maddy, Infinite Kind Support

  4. 4 Posted by S2C on 14 Jul, 2023 02:16 PM

    S2C's Avatar

    The issue is not with password security. It is much, much worse.

    Every time a user uses MoneyDance+/Plaid to download their bank activity (daily?), it gives Plaid access to *ALL* their accounts for that bank. By access I mean transaction history, balances, account numbers, etc. Plaid then passes the transaction history to MD, but also stores the data and sells it to marketing firms.

    Plaid was sued over this behavior and paid $58m in settlement. Quote: "As part of the settlement, Plaid is required to delete some of its stored data [and] minimize the data it collects going forward..." Keywords: *SOME* of its stored data and *MINIMIZE* the data it collects. It does not say delete existing data and stop collecting new data...

    In short, Plaid is a for-profit company, what is their business model? Sell account holder data. Pure and simple. Are you ready to distribute your credit card transaction history so you can be better targeted by advertisers?

    The only viable solution is for InfiniteKind to develop a browser extension that will download QFX files from financial institutions, similar to what AwardWallet does with hotels and airlines to download rewards activities. User credentials are stored locally and the financial data is downloaded straight to the user's computer. I'd be more than willing to pay a reasonable subscription fee for this, and I bet I would not be the only one.

  5. 5 Posted by Stuart Beesley ... on 14 Jul, 2023 02:37 PM

    Stuart Beesley (Mr Toolbox)'s Avatar

    This is not true. It may be true in some countries, but it is not true for Plaid in the UK with Open Banking... For example, when I connect a UK bank, then the bank asks which account(s) to grant access; it's clear what info they provide. Plaid NEVER has access to my login details. Yes, it has readonly access to certain data..

    I believe un the US, it may be different as you describe.

  6. Support Staff 6 Posted by Maddy on 27 Jul, 2023 05:27 AM

    Maddy's Avatar

    Generally, in order to connect your accounts, Plaid will ask you to login to your bank. For many banks, Plaid will ask for your username and password and store it on their servers in order to enable continuous access to your transactions. For an increasing number of banks, Plaid will open a browser window directly to your bank's web site where you can login. In those cases, Plaid will store a token provided by the bank and not have access to or store your username and password. In all cases, Moneydance does not have access to your username or password.

    Finally, in the link we've posted earlier in this thread about Plaid's privacy, you may find that their privacy policy addresses some of this - they say they don't share with third parties - but not the fact that they have access to end-user data in general, which is essential to how Plaid works.

    I hope this information is helpful. Please let us know if you have further questions or need more assistance.

    --
    Maddy, Infinite Kind Support

  7. 7 Posted by dwg on 27 Jul, 2023 05:55 AM

    dwg's Avatar

    Every aggregator stores the transactions on their servers, it is the way they provide later retrieval and can efficiently download information, no aggregator does on demand data downloads with no storage. That is what Direct Connect did and is a service that many U.S. institutions are no longer interested in providing

    Aggregators like Yodlee state up front that they use the data for analysis, that is part of their business model.

  8. 8 Posted by nhamdak on 19 Sep, 2023 02:17 PM

    nhamdak's Avatar

    The first suit against Plaid was Cottle v. Plaid Inc., 20-cv-03056-DMR (N.D. Cal. Jul. 20, 2022), where the court awarded $58 million to the plaintiffs; a second was filed by TB bank in New Jersey, May of 2020, for trademark infringement. TB bank later settled with Plaid. In the first suit it emerged the when Plaid appeared to open a browser window "directly to your bank's web site" it was in fact spoofing the bank login websites and capturing and storing the login credentials of the user. It would then logon to the bank site itself and download all the data from that account that was available on that server. The TD suit was filed on the grounds that such spoofing was trademark infringement. In the Cottle case Plaid agreed to cease certain of its practices but one does not know which have stopped.

  9. 9 Posted by nhamdak on 19 Sep, 2023 04:25 PM

    nhamdak's Avatar

    If users or support staff want to look at those cases here are some references. The "Cottle vs Plaid Inc" opinion can be found at: https://casetext.com/case/cottle-v-plaid-inc-2, the court created settlement site is at: https://www.plaidsettlement.com/, and a news story about Plaid "screen-scraping" is at: https://www.americanbanker.com/news/plaid-expands-beyond-data-aggregation-into-id-and-fraud-tech.
    The DB bank description of its 2020 suit can be found at: https://stories.td.com/us/en/article/td-bank-files-trademark-counterfeiting-and-infringement-lawsuit-against-plaid-in-the-u-s and a courier-post news story about it is at: https://www.courierpostonline.com/story/news/2020/10/14/td-bank-plaid-trademark-infringement-lawsuit/3659383001/

  10. 10 Posted by avp2 on 27 Sep, 2023 10:32 PM

    avp2's Avatar

    Sounds like the User's ID and PW are pretty well protected with the MD+/Plaid method and the key is how do we know the data being passed back to us via a Plaid server and the MD+ server is secure and not being logged by Plaid or MD. I am inclined to believe MD is not logging readable data, but not so much in the case of PLAID. Maybe MD can provide a bit more detail on why they think this data is protected in the path from our banks through PLAID - for instance, is the data encrypted from bank to us and who might have the encryption key.

  11. Support Staff 11 Posted by Sean Reilly on 09 Nov, 2023 11:19 AM

    Sean Reilly's Avatar

    I'll start by saying that I totally understand somebody not wanting to use Plaid or any other aggregator. The only reason I've added the ability to use Plaid from Moneydance is because there is simply no other way for an increasing number of people to download transactions without it. We've tried to go the FDX route (financialdataexchange.org) but they had nothing for us, and even banks that were signed up for FDX wouldn't allow us to connect directly to them, instead telling us that we should use Plaid or Yodlee or some other aggregator if we wanted our customers to be able to download from their bank.

    Regarding how Plaid handles your data, the best source is their privacy policy: https://plaid.com/legal/#end-user-privacy-policy

    I can tell you how we handle your data in the Moneydance+ service:

    • We never store any financial information
    • We only store the absolute minimum information necessary to facilitate the connection from Moneydance to Plaid (an email address, your file's encrypt-only public key, and the access keys encrypted using that key).
    • We never share any information at all with any third parties. We don't even want that information ourselves.
    • When you establish (or re-link) a bank login (by logging in via Plaid web UI or redirection to your bank), Plaid returns an access key to our server which we immediately encrypt using a public key. This access key is stored encrypted on our server but can only be decrypted by the private key that is stored within the moneydance file on your computer. When you open Moneydance, it retrieves any access keys from the MD+ server, decrypts them, and uses them to connect to Plaid (via the MD+ server) to download transactions.
    • Moneydance then makes all connections to Plaid through our server. These connections are proxied pass-throughs where no data is logged, and are only necessary because our server needs to add an authorisation token to every request. We have requested from Plaid a way to delegate these connections so that Moneydance can connect directly to their servers, but it's not possible to do so yet.

    We're completely open about how this all works and understand if you'd rather not use it. We'll never force people to use the service, but need to provide the option. If you have any suggestions about how we could provide more privacy or security or know of an alternative to Plaid that is more private or secure, then please let me know.

    Thanks,
    Sean

    --
    Sean Reilly
    Developer, The Infinite Kind
    https://infinitekind.com

  12. 12 Posted by s2c on 10 Nov, 2023 05:27 AM

    s2c's Avatar

    Hi Sean.

    Personally I have no doubts that the MoneyDance+ service would not store
    my information, but I know for a fact that is not the case with Plaid.
    Not only do they store it, they use credit card transaction history for
    marketing purposes - it is their business model - and that is completely
    unacceptable. A few years ago I naively used Plaid to access the
    functionalities of an online app and had to ask them to delete all my
    information when I realized what they were doing. In the process I asked
    them to send me a copy of what they had for me and it was shocking:
    actual transaction dates, merchant names and amounts. From this
    information you can easily deduce someone's habit patterns, including
    whether the person has a medical conditions based on the name and
    specialty of the doctors you go see, just to name one example. Data
    leaks such as this would negate any semblance of privacy protection
    guaranteed by law.

    The only practical solution for not using Plaid I can think of is to
    develop a browser extension that will implement automated download of
    QFX files from bank websites such as Chase. A similar browser extension
    has been in use by AwardWallet.com for several years to download
    frequent flyer miles balance from airlines websites, points from hotel
    websites, etc. I understand it is not an easy endeavor and that the
    extension needs to keep up with potential website changes, but that
    would be the only solution to circumnavigate Plaid's unethical behavor.

    S-2C

  13. System closed this discussion on 09 Feb, 2024 05:30 AM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac