Access/Manage Plaid Account linked to MD+ Subscription

public.banek+nathan's Avatar

public.banek+nathan

16 Oct, 2021 07:38 PM

Is there a way to access/manage the plaid account that is used to support my MD+ subscription? A lot of plaid's commitments to security and privacy seem to go back to the individual being in charge of the data that they give their app access to, but I'm not sure how I can be in charge of the data that Plaid has if I can't directly access my plaid account. For instance, If I cancel my MD+ subscription, I'd want to confirm that I had shut off plaid access as well.

  1. 1 Posted by Stuart Beesley ... on 16 Oct, 2021 07:49 PM

    Stuart Beesley - JUST A FELLOW USER and Toolbox ‘guy’'s Avatar

    FYI - in the U.K., with open banking, I can log on to my bank(s) and actually see the plaid access and then revoke access. But I agree this is not the plaid portal and I’ve not found a way to do this.

  2. 2 Posted by dwg on 16 Oct, 2021 08:22 PM

    dwg's Avatar

    I'm a fellow user.

    I do not believe you have an account with Plaid rather it is The Infinite Kind (Moneydance) that has an account with them and gets directly billed for the service.

  3. 3 Posted by public.banek+na... on 16 Oct, 2021 08:33 PM

    public.banek+nathan's Avatar

    @Stuart - thanks, unfortunately, it appears this will be hit or miss at best. I have not found a Plaid connection in a couple of accounts I've sampled so far, though I did notice that Chase will let me call them to disallow connection from Desktop Apps (though I suspect that is from my old OFX connection not the Plaid connection).

    @dwg -

    I'm keying off of language like this from the Plaid "For Consumers" page:

    "When you connect with Plaid, you have control over who you’re sharing your data with. To manage the connections between your financial institutions and your apps, or to delete your data from Plaid’s systems, visit my.plaid.com."

    I'm also keying off of MD's recommendation to read the Plaid Privacy policy. If the Plaid account is owned by MD and I have no rights in respect to it, then how is the Plaid Privacy policy helpful to me.

    More importantly, how do I ensure Plaid deletes my data if I discontinue my MD+ subscription if I have no direct access to the Plaid account.

    Hoping someone from IK can speak to this. Seems like a pretty important thing to have looked into and considered before rolling out this service.

  4. 4 Posted by Stuart Beesley ... on 16 Oct, 2021 10:08 PM

    Stuart Beesley - JUST A FELLOW USER and Toolbox ‘guy’'s Avatar

    … I’ve also posed the same questions.

    I believe if plaid has ‘token’ access (ie they are not holding your username/password) then your bank might Show the access details. But probably if they do hold your user/password then the bank might not know. Just a guess.

    I have tried creating a my plaid account and my accesses do not show (as they are held by MD). I did raise a plaid HELPDESK ticket and they said they would search for the access if I proved my identity with them.

  5. Support Staff 5 Posted by Sean Reilly on 18 Oct, 2021 10:00 AM

    Sean Reilly's Avatar

    Stuart and dwg are correct: you don't technically have an account with Plaid, but you do have a set of connections that are links between you and a login/username at each bank to which you connect. We do send to Plaid an opaque "user ID" when setting up each connection, but I don't see any way that Plaid could resolve that ID back to your real-world identity. They could in theory use that ID to associate multiple connections, but I don't know if or why they would do this.

    Thanks,
    Sean

    --
    Sean Reilly
    Developer, The Infinite Kind
    https://infinitekind.com

  6. 6 Posted by public.banek+na... on 18 Oct, 2021 01:18 PM

    public.banek+nathan's Avatar

    Thank you for the reply. I may be misunderstanding Plaid's role in this system. I assumed that when I connect MD to my bank by using Plaid that Plaid, as an aggregator has access to my accounts (I do enter my credentials to access those accounts through the Plaid web interface). Is this not the case? If Plaid does have access to the accounts, how would I ensure that access is terminated and any financial data purged were I to discontinue my MD+ subscription?

  7. 7 Posted by Stuart Beesley ... on 18 Oct, 2021 02:01 PM

    Stuart Beesley - JUST A FELLOW USER and Toolbox ‘guy’'s Avatar

    If you enter your UserID/Password when registering a MD+/Plaid Link on a web popup page that is a Plaid page, then YES, Plaid have your userid and password... If you get your bank's webpage to enter your details (like we do in the UK for open banking) then NO, Plaid do not have your credentials...

    This doesn't answer however your main question about how do you know that Plaid has destroyed your credentials when requested....

  8. 8 Posted by public.banek+na... on 18 Oct, 2021 02:24 PM

    public.banek+nathan's Avatar

    Yes - this is my concern. The MD+ mechanism is redirecting to the Plaid web page so the credentials are entered there. This is a security and privacy concern and since Plaid's relationship is not with me, I cannot directly hold them accountable for should any breach occur in Plaid's service.

  9. 9 Posted by JWA on 28 Oct, 2021 01:10 AM

    JWA's Avatar

    I thought MD+ with Plaid allows two factor identification for improved security.. I used my password and a Verasign code (a one time code only usable for 10 minutes) to connect MD+ to Plaid. But when I download transactions days later, it downloads and does not request a new Verasign code.

  10. 10 Posted by Stuart Beesley ... on 28 Oct, 2021 05:23 AM

    Stuart Beesley - JUST A FELLOW USER and Toolbox ‘guy’'s Avatar

    So. When you authenticated, were you on a bank web login page or a plaid web login page? If a bank web page (like happens in the U.K.), then the bank grants plaid an access token which is valid for x months. So it depends on what happened when you authenticated.

  11. 11 Posted by JWA on 28 Oct, 2021 01:19 PM

    JWA's Avatar

    It must have been the bank site. I didn't notice I had the choice when I connected MD to Plaid. Is there a way to change the connection to the Plaid web login page?

  12. 12 Posted by Stuart Beesley ... on 28 Oct, 2021 02:10 PM

    Stuart Beesley - JUST A FELLOW USER and Toolbox ‘guy’'s Avatar

    I doubt it, but if if there was, I would not do that..

    Using the bank's own page is secure and Plaid only has a revokable token... Using Plaid's page to login to your bank means Plaid has and stores your logon credentials.....

  13. 13 Posted by dwg on 28 Oct, 2021 09:11 PM

    dwg's Avatar

    What method Plaid uses to access the data depends on the services a bank provides.

    Under Open Banking it is via a token which you authorize, thus Plaid holds this token (which you can revoke at any time) they never have your login credentials.

    If a bank uses FDX again it looks to be via a token, the same if they are using OFX + Oauth. However if they have to use vanilla OFX, file downloads or even screen scraping then they need to hold your username/password combination.

    Open banking is not geared towards product vendors like the Infinite Kind, and the way the instiutions in the US are approaching FDX would seem likewise, hence the move towards aggregators. For institutions that do not provide the more security conscious methods that is the price you pay for convenience of automatic downloads.

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac