Connecting Your Bank Account To an App is Now a $3-Billion Business

When you link your checking account to Venmo or use it to buy bitcoin, a startup called Plaid is likely facilitating the connection with your bank. You punch in your user name and password; Plaid checks those credentials with the financial institution and, if they're accurate, passes banking information back to the app. That's it. From a report: This kind of software has been around for decades. But in the last year, Plaid has captured investors' attention. The San Francisco startup was the subject of a bidding war among venture capitalists and at least one tech company, ultimately resulting in a $250-million investment last month. That money will partly go toward the acquisition of one of its biggest competitors. Plaid announced Tuesday it was buying New York-based Quovo Inc. The deal could be worth about $200 million after performance bonuses, said three people familiar with the transaction, who asked not to be identified because terms of the deal were private.

Since starting Plaid in 2012, Zach Perret has sold the startup's nine lines of code to some of the most popular finance apps. Robo-advisor startup Betterment, cryptocurrency exchange Coinbase Inc., PayPal Holdings Inc.'s Venmo and stock-trading app Robinhood Markets Inc. have all used Plaid. Meanwhile, Quovo specializes in wealth management and brokerages. "This represents the merging of two complementary but both very important businesses," said Perret, Plaid's chief executive. Plaid is now valued at roughly $3 billion.

Paypal is enough

[DarkRookie2]

Its the only thing that is link to my bank account. It can stay that way.

Re:I would never....

[ichimunki]

I would. I'm probably being a bit rose-colored glasses about it, but if my bank puts out an app that I can load on my phone, I'm happy to use it. What I'm not remotely happy to do is give my username/password information to anyone other than the institution that issued the account. I mean, think about it... even my bank shouldn't actually know what my password is. They should have taken the password I gave them, salted it, hashed it 10-20 times, and stored the resulting hash in the database for future reference. This has been widely known as best practice for well over a decade now. They should have absolutely no way to recover the actual password I used based on their stored information. And so, as if to thumb my nose at security best practices, I'm going to simply hand not only my username, but actual password, over to some stranger? Just so I can use some dumb app on my phone? No way in hell.

We need to regulate this practice of giving third parties your username/password with your bank to use an app like Mint or whatever into oblivion-- with all the hackings of places like Target and Experian I'm actually sort of shocked that one of these third party backends hasn't been hacked (or more likely it has been, but keeping that fact secret is highly lucrative to the hackers, so we just haven't heard about it). Mostly what I understand these backends do with your login behind the scenes is a lot of screen-scraping to get your info. Last time I checked, it's not like there is an open format/API that financial companies are required to use to allow third party apps to access your data for you. I'm sure some banks have developed "relationships" with the Quickens of the world, but I'm guessing that many more have not, and it's probably still firmly in the pay-to-play realm, rather than an open standard that anyone can partake in.