Plaid and Finicity do this in the USA for some linking of banking to other financial products. Feels SO insecure. Connecting my credit union checking account through Plaid even ironically brought me to a login page which explicitly states I should never give my banking password to any other entity.

If I need to link my accounts and these services are the only choice then I change my banking passwords immediately after.

▲

chrisweekly 6 days ago | parent [-]

I thought Plaid used OAuth2. Hmm.

▲

karel-3d 6 days ago | parent | next [-]

Plaid whole business model is that it uses OAuth2 on banks that support it and export the data through APIs; and for the banks that don't, they ask for name/password and scrape it through "fake" web browser that mimick user behavior on the backend.

(I worked for a Plaid competitor. The long-term goal for all similar companies is of course to use OAuth and APIs, because it breaks less often; but since the banks don't offer that, scraping it is!)

	▲	_boffin_ 6 days ago \| parent [-]
		MX?

▲

cpburns2009 6 days ago | parent | prev [-]

Plaid asks for your raw bank credentials so that it can scrape up data. That's why I've always refused to use it.

	▲	WOTERMEON 6 days ago \| parent [-]
		I really hope to never be in the position where I have to use it