You’ll probably run into Plaid when you connect your bank account to apps run by financial services like American Express, Venmo, or Upstart. Plaid authenticates your financial information, permitting companies to transfer sensitive information securely. But is Plaid safe? Yes, it's considered safe to use. That's because it employs advanced security and encryption protocols to protect your data during transmission. Plus, it never shares personal information unless it has permission to do so.
Plaid’s software sits as an intermediary between your bank or credit card accounts and other financial companies’ apps. One example would be a portfolio management site like Personal Capital or a budgeting app like Mint. For sites like these to work, they need to access your account information. You may be hesitant to share your sensitive financial information with another company.
That’s where Plaid comes in. Instead of giving Mint or Personal Capital all of your bank login information, Plaid sits in between. Plaid currently connects with a variety of large bank and credit card companies including Bank of America, Wells Fargo, American Express, and U.S. Bank.
- Plaid is a fintech company that facilitates communication between financial services apps and users’ banks and credit card providers.
- During a transaction, Plaid communicates with your bank to keep your login information private.
- Plaid claims to use best-in-class encryption protocols to protect users’ information.
How Does Plaid Work?
For example, you can use Plaid to connect to your Chime bank or credit card account. When you need to pass your bank credentials to another finance app, you’ll be prompted with a Plaid window.
You’ll enter your Chime username and password and submit the form. That information stays only with Plaid, which will contact Chime and verify your login information. If you have set up two-factor authentication (2FA), you will enter that information as well. Plaid also has the option to use its own 2FA if your bank doesn’t support that extra layer of security. According to its website, Plaid is certified in internationally recognized security standards, like ISO 27001, ISO 27701, and is SSAE18 SOC2 compliant.
Once you have used Plaid to authenticate your bank information, the connection is in place and can be used to transfer the financial information that you authorize. This could be information like transaction history, balance, or other information. Installment payment platform Sezzle is one finance company that recently announced that it is using Plaid for financial authorization. Through the partnership, Sezzle customers will be able to connect their financial accounts via Plaid. This will allow them to pay more efficiently using Automated Clearing House (ACH) instead of a credit or debit card.
Plaid Class Action
Plaid recently settled a class action in which it agreed to pay $58 million to individuals who had used its interface, including Venmo, Robinhood, and Coinbase users. The lawsuit was based on Plaid acquiring more data than it needed and storing the user's bank account login credentials on Plaid's systems.
Is Plaid Safe to Use?
As with most companies that transfer financial information, Plaid says it takes the security of its customers’ data very seriously. Plaid uses encryption protocols like the Advanced Encryption Standard (AES 256) and Transport Layer Security (TLS) when transmitting financial data. Knowing that your data is transmitted using these security settings may give you an extra layer of confidence.
In addition to following best-in-class security protocols when handling data, Plaid follows a number of other security best practices to make sure that your information remains safe. Plaid’s Trust and Safety page details that it:
- Uses multifactor authentication (MFA) to further secure your account if your financial institution doesn’t offer it;
- Operates a bug bounty program to get even more eyes on security at Plaid;
- Promises to never share your data without your permission, and to never sell or rent your information to other companies;
- Allows you control over which companies have access to your data and what data is shared with each company.
What Is Plaid?
Plaid software operates between your financial information and financial sites that you want to receive your data. Using a service like Plaid prevents financial sites from having access to all of your banking and other data. Instead, you only share the specific information that you indicate.
How Does Plaid Work?
Many financial companies have a valid reason to have access to some of your financial information. This could include a portfolio aggregator needing access to your investments or a budget site accessing your bank and credit card transactions. Using Plaid allows these sites to access this information without giving them your bank or credit card login credentials.
Is Plaid Safe?
Plaid uses some of the highest encryption protocols available when sending your financial data. This includes the Advanced Encryption Standard (AES 256) and Transport Layer Security (TLS). Plaid also uses multifactor authentication (MFA), which gives an added layer of security to the transmission of your financial data.
Why Did My Chase Account Stop Linking to Plaid?
Plaid used to link to Chase accounts, but it is no longer listed on their website as a supported institution. Plaid has not made any announcement about their agreement with Chase ending.
The Bottom Line
Plaid is a fintech company used by more than 4,500 companies to connect users to other third-party financial applications. This includes Venmo, Acorns, Betterment, and many other fintech companies. When you use Plaid with a third-party application, you authenticate using your login credentials directly with your bank. The third-party application never sees your username or password—instead, it only receives notice that the login was successful and then whatever information you allow it to see.
While you may be hesitant to trust an outside company with your sensitive financial account information, Plaid claims to take security seriously. It doesn’t sell or rent users’ financial information, and it gives users complete control over what data is shared with each company.