I've also used Plaid for this (with youneedabudget.com, not Wise) and haven't been ripped off. I'm not going to claim to be any kind of smart about security, but in this particular instance, doing this thing did not bite me in the ass.
posted by nebulawindphone at 10:27 AM on December 20, 2021

I have been asked to do this before when signing up for reputable services — Mint, I believe, in my case. Plaid is a pretty widely-used service by major companies.

That’s not to say there aren’t security risks to doing this — you are of course trusting Plaid to store your login information securely, and there’s always the risk of a breach. But this isn’t a scam or sketchy as such, it’s fairly common practice.
posted by mekily at 10:30 AM on December 20, 2021

It's optional, and depends on how "automagically" you want them to do things. My bank isn't integrated in that way, and I still have access to the key features that I want.
posted by dum spiro spero at 10:32 AM on December 20, 2021

A couple of weeks ago a service wanted me to use Plaid to make an online payment, and I couldn't believe it was asking me for my bank account's username and password. I did a little online research and found this StackExchange question on their Security site. It's worth reading the replies, but I'll quote the first sentence of the first reply here:

I want to point out that despite Plaids apparently honest attempts at security, their approach is a privacy nightmare, as you give full access to Plaid, to all and every single information your bank has on you, including loans, funds, investment accounts, credit card statements, address, etc.

I decided not to use it, and paid an extra fee to use my credit card instead.
posted by dfan at 11:18 AM on December 20, 2021

It seems weird that just authenticating through Plaid will enable money movement between Wise and Citi. I've only done Plaid authentication for connecting accounts to view balance info only.

Perhaps they are trying to make it easier to connect your ACH (checking/savings) account to Wise by asking you to authenticate rather than input your account/routing info?

I've used Wise with an ACH (checking) account many times without any problems. I just tried adding another bank account in Wise and it's only asking for the usual info, not login details, but you may be in a different flow in their product.
posted by homesickness at 11:24 AM on December 20, 2021

I use Wise (Transferwise) monthly and have never provided this information. There is no reason to do so, in my opinion. Their support is quite helpful, I would reach out to them for an alternative method if you cannot find it yourself. Personally, I would never give any 3rd party this information, regardless of their security measures.
posted by wile e at 11:31 AM on December 20, 2021

In some situations, I was offered the Plaid option, but there was also an option to have the financial institution verify my account by making two small (less than a dollar) deposits into my bank account via ACH. In those situations, I took the option of the small deposits even though it took longer to verify my account. In the situations where I did not have another option, I decided to not use the service.
posted by dorab at 11:34 AM on December 20, 2021

I send international transfers often. I’m a computer guy, somewhat on the security side. (We always say it’s a balancing act between convenience and security.) I would never give a web site that kind of access to my bank account. I use the normal Wells Fargo flow — it’s a bit clunky but I can live with it, especially since this is actual cash money with no recourse if they (the website) get hacked and take out all my savings.
posted by phliar at 11:36 AM on December 20, 2021

My understanding is that Plaid makes their money selling your financial information. That makes me uncomfortable enough that I have avoided using products that use their service. Well at least until I came across a situation where I had no choice.
posted by phil at 12:09 PM on December 20, 2021

Venmo now uses Plaid to link to a bank account, and Plaid wants bank login credentials. I noped out of Venmo when I discovered this. It’s an abhorrent security practice.
posted by qxntpqbbbqxl at 12:10 PM on December 20, 2021

Even if the current management of Plaid is totally honest,

1) They could be hacked.

2) Even if the current management and employees are great about security,
- they might become distracted as security threats evolve;
- any person or group might be less diligent or have different priorities;
- who knows who might buy the company.

3) This is a terrible way to do business, and it shouldn't be reinforced, because
- if it becomes widely used, it could become normalized or necessary for convenience, and other companies certainly won't be as trustworthy or skilled;
- if this company makes it seem "normal", then true scammers won't seem as suspicious.

4) The fact that anyone is being asked to do this when they are already partly or all the way through a transaction is coercive and should not be rewarded.


Please do not do this, please stop if you are doing it, and list any and all companies who are encouraging this so that they can be avoided.
posted by amtho at 12:32 PM on December 20, 2021

This is the kind of question that answers itself. Once formulated and asked - how much of an ass would you feel if you experienced a major financial calamity due to giving your e-banking credentials to a third party? If it simply hadn't occurred to you that this could be some kind of risk, fine. But now, after having identified this act as potentially suicidally idiotic (to not mince words) - yeah, don't go there.
posted by labberdasher at 1:02 PM on December 20, 2021

I got past this requirement on Venmo by selecting ‘Having Trouble?’ (or some such) on the online banking credentials page & it let me enter my bank routing and account numbers instead.
posted by jenmakes at 6:38 PM on December 20, 2021

WTF routing numbers should be first. If people don't know about their routing numbers, yet, they can figure it out -- don't ask for passwords just because it's easier for users. You know what, you might lose some business because two people don't click on your "help" link to explain what a routing number is, and two people were too lazy to get the info. Too bad. Stop dissolving society because you're afraid the rest of your service isn't valuable enough to motivate people.
posted by amtho at 9:12 PM on December 20, 2021

Plaid is the standard middleman for banking connections these days. I use three different accounting platforms for my job and they all connect to banks through Plaid.
posted by Jacqueline at 10:35 PM on December 20, 2021

Another vote for Please Do Not Do This. I am a big Wise user and do not do this or would ever do this.

I don't know why banking is so broken in the US. Nobody should have access to your bank except you and all transactions should be push-based - you initiate the transaction from within your bank access. For Wise, this means you initiate a bank transfer to the bank account (routing number, account) that they provide you and then they push that into the other bank account that you provide the details of.
posted by vacapinta at 1:41 AM on December 21, 2021

You could consider setting up a new account at another bank or credit union, to be used just with this app. Deposit enough to do what you need to do, and no more. Kind of like a "burner account."
posted by yclipse at 4:18 AM on December 21, 2021

I work in IT. I would NEVER give my financial service logins to a 3rd party.
posted by LoveHam at 5:08 AM on December 21, 2021

FWIW, I use Plaid as it was used by many financial aggregators such as Mint to access your financial records from multiple sources.

Plaid claims to employ encryption, TLS, 24/7 monitoring, multi-factor authentication, and provide all its API for its partners to validate plus bug bounty program. It also lets you quickly enable / disable / purge any data you have on their cloud via their portal.

Obviously we MUCH prefer a different authentication method such as OAuth2 but no two banks use the same login, and it seems so far the only way for a third-party to pull your banking info is to get your login/password.

Maybe one day, the Feds or the Credit Bureaus can start some sort of a FinOAuth, where you can use something like OAuth across multiple financial institutions and share data more easily without login and password. But we're not there yet.

If you're not comfortable doing it, then don't do it. I personally don't have a problem with it, but my risk averseness is at a different threshold than yours.
posted by kschang at 8:06 AM on December 21, 2021

Plaid claims to employ encryption, TLS, 24/7 monitoring, multi-factor authentication, and provide all its API for its partners to validate plus bug bounty program. It also lets you quickly enable / disable / purge any data you have on their cloud via their portal.

For now. With that company.

it seems so far the only way for a third-party to pull your banking info

...without them going to ANY extra trouble or putting in 5 minutes for some accounts or banks that are non-uniform. Basically, this is providing convenience to financial institutions that really should be fine absorbing a little inconvenience. Yeah, not worth it.

I don't care about my personal risk aversion. I need everyone to be safe to avoid the disintegration of the financial infrastructure that basically makes society go. If you're OK accepting that risk for yourself, that doesn't matter as much as if this kind of "security" becomes popular, then inconvenient not to use, then impossible not to use -- then 8 years have gone by, hacking becomes refined, people are all doing stupid stuff with their passwords, and it's easy for an organized effort to screw everyone -- suddenly we've collectively built a system that's catastrophically bad. As we have in other areas, like ... I'm sure you can think of examples.
posted by amtho at 2:10 PM on December 21, 2021

This thread is closed to new comments.