Is Plaid safe? What you need to know about the fintech data connector

What is Plaid and why do apps use it?

Plaid is a fintech company that acts as a bridge between your bank account and financial apps. When the latter need access to your balance, transactions, or other information, they don’t connect to the bank directly—they get the data via Plaid. You don’t need to create an account or pay a fee—Plaid is sort of built into the apps. Here’s how it works:

Let’s say you need to link your bank account to Venmo. Once you click the Connect button, Venmo will redirect you to Plaid’s interface. There, you enter your login credentials, giving Plaid access to your bank account. After that, all financial requests that Venmo might have, like checking balance or verifying your identity, will be processed by Plaid. This way, Venmo doesn’t have direct access to your bank account and Plaid ensures that the app gets only the information it needs—often showing you a permissions screen so that you control what’s shared. Importantly, you can revoke Plaid’s access to your bank account at any time.

Depending on the app type (money transfers, investments, budgeting, etc.), Plaid can help with the following operations:

• Linking accounts
• Checking balance
• Monitoring transactions
• Identity verification
• Income verification
• Detecting recurring payments
• Facilitating transfers

Plaid makes data retrieval fast and secure—while also helping you avoid linking your bank account directly to numerous apps. It is widely used in the industry, including by such trusted companies as Venmo, Robinhood, Coinbase, PayPal, and SoFi.

How secure is Plaid?

Not only is Plaid safe to use, but it is also considered better than manual bank logins for both users and apps. It is faster, safer, and more reliable because it encrypts information and eliminates the need to upload documents or manually enter sensitive account details. It helps apps access up-to-date information quickly without compromising users’ security.

Key security features in place include:

• End-to-end encryption: All data in transit and at rest is encrypted using industry-standard protocols like TLS and AES-256. This ensures your financial information is protected from unauthorized access at all stages.
• Multi-factor authentication (MFA): When you connect your bank account through Plaid, your bank’s MFA is triggered. This ensures that the connection is authorized by you and isn’t performed in the background.
• Data tokenization: Plaid never shares your login credentials with apps. Instead, it shares short-lived, encrypted access tokens to allow retrieval only of the specific financial details you’ve authorized.
• Data minimization: Plaid reduces overexposure by providing apps only with the specific information they request and you approve. For example, it can share your balance only without the whole transaction history.

In addition to that, Plaid complies with major privacy regulations and undergoes regular independent security audits. As of now, the company holds such certifications as SOC 2 Type II and ISO 27001.

Access to your data

Plaid’s access to your data is limited and permission-based. Though it can access financial information from your bank account, it’s only possible with your explicit consent. The exact details Plaid retrieves depend on the app that requests them (and what you agree to). Importantly, it doesn’t access all your data by default after connecting with your account. Additionally, you can often choose which accounts to share during the setup process instead of sharing all of them at once.

The information that you’ve permitted Plaid to access is stored encrypted and in accordance with security standards. However, the company doesn’t store your bank login credentials—they are used only once to establish the connection. Plaid retains your data only as long as needed to support the services you have authorized. If it’s no longer needed by the app, Plaid will stop collecting updates from the bank account and begin the process of securely removing it.

Additionally, you can revoke access manually at any time through the Plaid Portal at my.plaid.com. You can also review a list of connected apps and what data was shared. Some banks let you view and manage third-party connections directly from your online banking dashboard.

Transparency issues and controversies

Despite implementing robust security measures and being widely trusted in the fintech world, Plaid has faced scrutiny over the transparency of its data practices.

The most notable case is the class-action lawsuit Plaid was hit with in 2020. The lawsuit alleged that the company collected more data than necessary and Plaid’s interface misled users into thinking they were entering credentials directly into their bank’s system (not into Plaid). The company denied any wrongdoing but agreed to a $58 million settlement, without admitting liability. Affected users who filed valid claims typically received around $13.50 each. Plaid also agreed to change how it discloses its role to users, making it clearer during the bank linking process.

The same year as the class-action lawsuit was filed, the Electronic Frontier Foundation (EFF), a digital rights nonprofit, criticised Plaid for the lack of granular permissions and information about what Plaid is, what data it collects, and how it stores it. Though Plaid didn’t respond to the EFF’s accusations directly, it has responded to the public criticism with the launch of Plaid Portal, where users can view and manage their connected apps and data access. It has also redesigned its interface to provide more clarity on when you’re interacting with the company (and not your bank).

Plaid vs. other fintech payment connectors

Though Plaid is one of the most well-known financial data aggregators, it’s not the only one. As a consumer, you don’t get to choose which service an app uses to connect to your bank, but it’s still helpful to know what options are out there.

Most commonly used Plaid alternatives are:

• Yodlee: One of the oldest data aggregators, Yodlee has broad bank coverage, including international markets (while Plaid is U.S.-focused). It’s often used by larger financial institutions and investment tools. However, Yodlee has been criticized in the past for sharing anonymized user data with third parties, which is something to be aware of as a consumer. 
• MX: While its bank coverage is narrower than that of Plaid or Yodlee, it’s popular with personal finance and budgeting apps. It can categorize your spending better and present clearer insights.
• Finicity: Owned by Mastercard, Finicity is mostly used in lending and credit applications, like verifying your income or account balances for a mortgage or personal loan. It’s not usually used in day-to-day spending or budgeting apps.

Some apps skip third-party aggregators and connect directly to your bank—you’re redirected to your bank’s own site or app to log in. This is generally considered to be the most secure method because the app (or the aggregator) never sees your login credentials at all. However, not all banks offer this yet, and not all apps support it.

Plaid advantages and limitations

How to protect your financial data

Even if you only use the apps that follow the strictest security protocols and most transparent data policies, you’re still responsible for how you use these apps and how you handle your own data. When it comes to financial information, it’s especially important to stay vigilant and take the following steps to protect your money and minimize risk: 

Review app permissions regularly

Make it a habit to regularly review which apps are connected to your bank accounts. In case of Plaid, you can do that via the Plaid Portal or via the online banking account. Revoke access to any services or apps you no longer use. 

Examine what you’re agreeing to

Don’t automatically click the Agree button when it comes to sharing your financial information. Carefully read what data will be shared as some apps request access to more than they actually need. If possible, look for options to limit what information is shared or how long it’s shared (e.g., during session only instead of full-time access).

Use strong passwords and MFA on banking apps

Safeguard all the accounts that hold financial and other sensitive information with complex passwords containing lowercase and uppercase letters, numbers and special characters. For another layer of security, enable multi-factor authentication to prevent unauthorized access in case your login credentials get compromised.

Enable banking alerts

Set up alerts for every transaction (or the ones that exceed a certain amount). This way, you’ll be able to notice unauthorised activity early on and take quick action. You can also set up alerts for new logins into your accounts, changes to your profile information, or account access from unfamiliar locations. 

Monitor your bank accounts

Even with alerts enabled, it’s still a good practice to review your accounts and statements manually. Look for unfamiliar transactions, forgotten subscriptions, or anything else that seems suspicious.

Set up a limited-permissions account

Consider opening a separate account with limited funds to use for app connections, budgeting tools, and minor payments or subscriptions. This will protect your main account if your data is misused.

How Onerep helps you reduce exposure outside the fintech ecosystem

Reliable fintech companies will do their best to protect your data and prevent any compromise. However, there are platforms that do the opposite and make your personal information easily available online.

One of such platforms is data brokers AKA people-search sites. They collect your information from various sources, combine it into personal reports, and make the reports available on their sites. Anyone can look you up and learn your full name, DOB, address, net worth, properties, income, legal records, and much more. Having such sensitive details openly published online makes you an easy target for phishing, account takeover, financial scams, and identity theft. 

Onerep protects your personal information by removing it from 214 people-search websites. The service scans the sites to find your profiles and sends opt-out requests on your behalf. As data brokers frequently update their databases and republish new information, continuous monitoring is key—Onerep runs regular scans to detect new exposures and deal with them promptly. This way, you not only regain your privacy but also reduce the risks of having your money and identity stolen. 

FAQs

Is it safe to give Plaid my bank login?

Yes, it’s safe to give Plaid your bank login because it’s a secure platform. Importantly, it doesn’t store your login credentials, nor does it share them with apps. Plaid encrypts your data and gives apps access only to the financial details they need to operate (and you agree to share).

Does Plaid store my credentials?

No, Plaid doesn’t store your credentials. When you connect your bank account via Plaid, your credentials are encrypted and used only once to establish a secure connection with your bank. They are also never shared with apps.

Can I disconnect Plaid from my bank or apps?

Yes, you can disconnect Plaid at any time. One option is to access the Plaid Portal (my.plaid.com), where you can view all the apps connected to your bank account via Plaid and revoke their access. Alternatively, you can disconnect through the app that initially requested the connection or directly through your online bank account’s security settings (though not all banks provide this option).

What happens if Plaid gets hacked?

If Plaid gets hacked, the potential impact will depend on the nature and extent of the breach—but the company has several safeguards in place to minimize risk. Most importantly, Plaid doesn’t store your bank login credentials, so hackers wouldn’t access those. Additionally, Plaid uses strong encryption, tokenization, and security controls to protect sensitive information like account numbers, balances, and transactions. 

Is Plaid a payment processor or just a data connector?

Plaid is primarily a data connector whose main role is to securely link your bank account to financial apps and share details like balances, transactions, and identity info. Plaid does offer limited payment capabilities—such as enabling ACH transfers—through services like Plaid Transfer, but it doesn’t process payments directly like PayPal or Stripe.

Is Plaid legit?

Yes, Plaid is a legitimate fintech company that helps financial apps connect to your bank account and gather the data necessary for their operation securely. It powers many popular apps, including Venmo, SoFi, Robinhood, and Coinbase.

Is Plaid trustworthy? 

Yes, Plaid is generally considered trustworthy and it is commonly relied on by major financial institutions and apps. It uses end-to-end encryption, doesn’t store your bank account login credentials, and undergoes regular independent audits to maintain a secure infrastructure. Plaid has faced scrutiny over how it handled user data, but the platform has since introduced more controls and improved clarity on its role when you connect your bank accounts.

Is Plaid secure?

Yes, Plaid is secure due to bank-grade encryption and tokenization of data. It also lets users review what apps are connected to their bank account and revoke access at any time via the Plaid Portal.