Plaid is an intermediary platform that allows users to share information from their financial accounts with other apps and services. It acts as a safe intermediary that only transmits the financial information these companies require, not your login details or any additional information related to your banking. In addition, Plaid uses the highest level of encryption available to ensure that your financial information is as secure as possible.
Technology is an integral part of modern daily life. There was once a time when you would only receive your bills in the mail, and to pay them, you had to write checks and mail them back to the service provider.
These days, however, you can do it all digitally, thanks to the power of the internet and tech devices. Now when you have to pay a credit card bill, for instance, your credit card company will have an app or online portal that enables you to pay your balance with a single click or tap.
In many cases, the financial institution, credit card company, or vendor will use a service like Plaid to send and receive financial information. However, as with many tech-based financial services, payment portals come with questions about privacy. Is your financial data safe? Where does it go whenever you send it? Let’s look specifically at Plaid and whether or not it’s a safe option for transferring financial information.
What is Plaid?
Plaid is an intermediary fintech service that is a gateway between two parties transmitting financial data. Currently, there are around 4,500 companies using Plaid, some of which you may be familiar with or even use yourself.
Plaid was developed to be a buffer between the consumer and the services or institutions using their financial information. Businesses often prefer to use a platform like Plaid because it offers intermediary financial data transfer services with top encryption methods. This reduces liability for companies and gives consumers more peace of mind regarding their data privacy.
How does Plaid work?
As mentioned above, Plaid connects two parties between which financial information is transferred, essentially working as a third-party intermediary. Many popular financial applications use Plaid to facilitate their services, such as money transfers or accessing bank account information.
For example, Venmo is an app that makes it easy for one user to transfer money to another. The first time you open Venmo, you will be asked to connect a bank account or credit card to use the app. Normally, this would mean you’d enter the login information for your account directly into the app.
However, because Venmo uses Plaid, that data isn’t sent directly to Venmo. Instead, Plaid only shares the information Venmo requires to function, such as account balances and transactions, while the username and password you used to connect your bank account are never shared with the app.
Is using Plaid safe?
Plaid claims that its platform safely connects consumers’ financial accounts to other apps and services using the highest security standards. Here are some of the measures Plaid uses to keep consumer data secure:
End-to-end data encryption
End-to-end encryption, also known as E2EE, is a method of secure communication that prevents third parties from accessing or “hacking” data while it is being transferred from one endpoint to another. This is accomplished using cryptographic keys stored at each endpoint. This means that in order to unlock the data, you need to be on the sending or receiving end of the data transfer; at any point in between, the data will be impossible to crack, thus limiting the incentive for third parties to hack or steal that information.
Many companies use multi-factor authentication to reduce fraud, and Plaid is no exception. Plaid introduced multi-factor authentication to their dashboard in 2017 as an extra security step. Whenever the service needs to verify your identity, Plaid will send an SMS code to your phone, thus preventing any third-party access to your account.
The Plaid API is hosted using modern cloud technologies. According to the company’s website, this allows Plaid to better protect data by leveraging years of safety enhancements embedded in cloud infrastructure.
Robust monitoring and independent reviews
Plaid also has real human beings constantly monitoring the service. They have a 24/7 on-call team trained to help you should you run into any issues with the platform.
Furthermore, Plaid conducts third-party reviews to ensure its safety standards are met. Plaid’s API and security controls are regularly audited by trusted security researchers, app developers, and financial institutions, and the company even offers a “bug bounty” program that rewards “hackers” for finding and reporting bugs that might otherwise be exploited.
Encryption with Plaid
While Plaid incorporates multiple data security practices in their platform, the most important by far is the use of the best encryption methods to keep user data safe. Encryption, after all, is paramount to security on the internet. Here are the encryption methods Plaid uses in their service:
Advanced Encryption Standard (AES 256)
Advanced Encryption Standard is a standard form of encryption currently preferred and utilized by the U.S. government. It uses a 256-bit key length to encrypt and decrypt messages. Plaid uses AES 256 to encrypt sensitive stored data at rest, which protects sensitive data even if the database is compromised.
Transport Layer Security (TLS)
Transport Layer Security is a cryptographic protocol that allows the secure transfer of data from one point to another. TLS is used by a wide variety of modern web and mobile applications to protect sensitive information in transit, and according to their information security page, Plaid “uses TLS for all information exchanges between the Plaid API, financial institutions, and Plaid customers.”
Information that Plaid shares with other apps
Services like Plaid help ensure that you are only ever providing necessary information to the various financial institutions, apps, and services you use. In order to protect more sensitive data like your username and password, Plaid typically only shares the following information with other apps:
Bank account holder information
This is the same information you would find on your identification documents, such as your passport, and includes your full name and date of birth.
Financial apps like Chime and Venmo need access to your transaction history to let you send and receive money. They also need to know if you have money in your account. Plaid is able to send only the basic information about your transactions that these apps need to know in order to function.
Account routing information
If a friend sends you $20 through Venmo, you probably want it to go into your bank account. In order to transfer the money to your financial institution, Venmo needs to know your routing number and your account number. Through Plaid’s secure service, Venmo can access only the specific information necessary to complete the transfer.
Square and Plaid partnership
In early 2021, Plaid entered into a partnership with the payment processing company Square to ensure ease of payment with the utmost security. According to a statement on Plaid’s website:
“Plaid and Square have partnered together to offer businesses and developers an easier way to accept ACH payments. Square leverages Plaid Link to instantly authenticate a customer’s bank account. Plaid ensures businesses will not need to collect or provide any banking information on their own.”
In a modern financial world dominated by mobile payments and online money transfers, services like Plaid will inevitably play a significant role in keeping those transactions secure. Just as online bank accounts have become standard for checking your account balance and paying bills, digital payment services like Square will likely come to dominate the mobile payment space — much like how WeChat Pay and Alipay became the dominant payment methods in China, according to a 2018 survey.
Class action lawsuit against Plaid
It’s worth bringing to attention that Plaid settled a class-action lawsuit in 2021. The lawsuit alleged that Plaid violated user privacy by collecting more data than they should have from the financial, peer-to-peer, and investment apps connected to their Plaid Link platform. Plaid agreed to settle the litigation for $58 million.
Under the terms of the settlement, U.S. residents who connected their bank accounts or other financial accounts to apps that use Plaid, like Stripe and Venmo, between January 1, 2013, and November 19, 2021, were eligible to receive compensation from Plaid’s $58 million settlement fund.
It’s important to note that the lawsuit had nothing to do with a third party hacking Plaid and absconding with users’ money and financial data. The class-action lawsuit pertained only to Plaid’s data management practices, claiming that the company stored and shared more data than agreed to under their terms and conditions and without user consent. In any case, following the settlement, Plaid agreed to minimize data storage, delete some of its previously stored data and improve Plaid Link going forward.
Can I trust Plaid?
If you trust your online bank account to protect your data whenever you log in, you can also trust Plaid’s systems. This is because Plaid uses the same secure connection implemented by most financial institutions.
What exactly does Plaid do?
Plaid acts as an intermediary that sends financial information, such as bank account information, between a consumer and another financial service or application.
Do all banking apps or accounts use Plaid?
Not all accounts or apps use Plaid, but many do. Some examples of popular apps that use Plaid are Venmo and Chime.
How does Cash App use Plaid?
Cash App uses Plaid to make sure that your bank information remains safe whenever you make peer-to-peer payments through the app.
- Plaid is a fintech company that acts as a buffer for transmitting financial data between a consumer and another app or service.
- The company uses top-of-the-line encryption and multi-factor authentication to ensure the safe transfer of financial data.
- Plaid only shares limited information with other financial services and apps, such as your transaction history and routing information, while safeguarding sensitive data like your username and password.
- Plaid is used by a wide variety of financial accounts and apps. The company also has a partnership with Square to ensure easy and safe mobile payments.
View Article Sources
- Plaid powers the apps in your financial life – Plaid
- Two-factor authentication for the Dashboard – Plaid
- Information security – Plaid
- Is Plaid Safe to Use? – National Council on Identity Theft Protection
- Payment methods in China: How China became a mobile-first nation – Daxue Consulting
- Issue 172: The Plaid Financial App Settlement Site Is Now Live – ClassAction.org