397
you are viewing a single comment's thread
view the rest of the comments
[-] FuglyDuck@lemmy.world 19 points 3 months ago

You shouldn’t trust Plaid either.

Especially if all they’re doing is looking for the routing and account number. Because that’s just as easy to give.

[-] OsrsNeedsF2P@lemmy.ml 17 points 3 months ago

I know someone who works in software security at Plaid. I can't give too many details because there's only like 20 of them - but no, you REALLY should not trust Plaid. (Allegedly) phones intercepting 2FA in their server rooms, (allegedly) bank connection issues that have led to people getting access to the wrong accounts, (allegedly) using browser bots to handle login on the backend for banks without API access, (allegedly) customer info leaks that weren't reported.. Now that I think if it, I should tell my friend about the whistleblower programs

[-] echodot@feddit.uk 1 points 3 months ago

I don't know how it works in the US but under European law if he knows about these things and isn't reporting them he's liable if and when it all comes to light.

If you know that the company you work for is committing crimes, and you do not report it, you are as liable as the company.

[-] Chozo@fedia.io 6 points 3 months ago

It's also risky to give. Banks will generally approve all transactions between two accounts if one of them is a business account, because the assumption is that those are business transactions and are legitimate 99.99% of the time, so there's very little scrutiny involved for those transfers. Giving the merchant your routing/account number gives them access to make withdraws from your account at will and at any time and can't be revoked, and giving that access to somebody you may not fully trust the reputation of is a dangerous move.

A trusted financial institution as a middleman can be useful for those situations, because they'll tokenize your details to expose as little as possible to the merchant, directly. These services are typically insured, so even if something did happen to your account, you're more likely to get your money back than if you gave a merchant direct ACH access to your bank account. It's basically a modernized version of Western Union.

[-] FuglyDuck@lemmy.world 9 points 3 months ago

You do realize that if the bank authorizes a transfer, that you did not… it’s wire fraud and they’re obligated to refund that cash, regardless if they recoup the cash or not.

Their fuck up, their loss.

On the other hand, if you give your credentials to a 3rd party, that’s against the ToS none of us actually read, and if something happens to your account; they’re going to deem it as your fuck up.

As for whatever technobabble Plaid wants to use, even if they’re insured… you’re not, unless you can prove in court that they were the source of the breach. Their lawyers are probably better than yours.

[-] Chozo@fedia.io 1 points 3 months ago

You do realize that if the bank authorizes a transfer, that you did not… it’s wire fraud and they’re obligated to refund that cash, regardless if they recoup the cash or not.

You do realize that not every transaction happens in countries where these protections exist, right? Not everybody can rely on something like the FDIC to protect their funds.

On the other hand, if you give your credentials to a 3rd party, that’s against the ToS none of us actually read, and if something happens to your account; they’re going to deem it as your fuck up.

You're not providing your bank credentials directly to the third-party, either. They use OAuth-like systems to log you in, typically. I'm not familiar with Ozow, specifically, but from what I can tell about their company, they appear to be doing mostly the same things as Plaid.

[-] FuglyDuck@lemmy.world 5 points 3 months ago

You’re not providing your bank credentials directly to the third-party, either. They use OAuth-like systems to log you in, typically. I’m not familiar with Ozow, specifically, but from what I can tell about their company, they appear to be doing mostly the same things as Plaid.

Plaid or Ozow is the third party. You're using their system, which they control, to provide your credentials.

You're trusting that a) they're not malicious and b) they have their shit together and c) even though they do have their shit together someone doesn't find a random exploit anyhow.

As for the first. yeah. that's a problem. At that point it really doesn't matter, does it? why would you trust Ozow or anyone else in that sort of environment with your banking credentials? or even the bank with your money?

[-] Chozo@fedia.io 2 points 3 months ago

You're trusting that a) they're not malicious and b) they have their shit together and c) even though they do have their shit together someone doesn't find a random exploit anyhow.

You could say this about literally any solution short of hand-delivering cash in person.

[-] bss03@infosec.pub 2 points 3 months ago

Plaid effectively admitted to stealing your transaction history and selling it to the highest bidder in the past. There was a settlement and they agreed to not to that in the future

Just don't ever share your password, and certainly not your banking password, and definitely not with Plaid.

this post was submitted on 24 Sep 2024
397 points (98.5% liked)

Mildly Infuriating

35771 readers
204 users here now

Home to all things "Mildly Infuriating" Not infuriating, not enraging. Mildly Infuriating. All posts should reflect that.

I want my day mildly ruined, not completely ruined. Please remember to refrain from reposting old content. If you post a post from reddit it is good practice to include a link and credit the OP. I'm not about stealing content!

It's just good to get something in this website for casual viewing whilst refreshing original content is added overtime.


Rules:

1. Be Respectful


Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.

Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.

...


2. No Illegal Content


Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.

That means: -No promoting violence/threats against any individuals

-No CSA content or Revenge Porn

-No sharing private/personal information (Doxxing)

...


3. No Spam


Posting the same post, no matter the intent is against the rules.

-If you have posted content, please refrain from re-posting said content within this community.

-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.

-No posting Scams/Advertisements/Phishing Links/IP Grabbers

-No Bots, Bots will be banned from the community.

...


4. No Porn/ExplicitContent


-Do not post explicit content. Lemmy.World is not the instance for NSFW content.

-Do not post Gore or Shock Content.

...


5. No Enciting Harassment,Brigading, Doxxing or Witch Hunts


-Do not Brigade other Communities

-No calls to action against other communities/users within Lemmy or outside of Lemmy.

-No Witch Hunts against users/communities.

-No content that harasses members within or outside of the community.

...


6. NSFW should be behind NSFW tags.


-Content that is NSFW should be behind NSFW tags.

-Content that might be distressing should be kept behind NSFW tags.

...


7. Content should match the theme of this community.


-Content should be Mildly infuriating.

-At this time we permit content that is infuriating until an infuriating community is made available.

...


8. Reposting of Reddit content is permitted, try to credit the OC.


-Please consider crediting the OC when reposting content. A name of the user or a link to the original post is sufficient.

...

...


Also check out:

Partnered Communities:

1.Lemmy Review

2.Lemmy Be Wholesome

3.Lemmy Shitpost

4.No Stupid Questions

5.You Should Know

6.Credible Defense


Reach out to LillianVS for inclusion on the sidebar.

All communities included on the sidebar are to be made in compliance with the instance rules.

founded 2 years ago
MODERATORS