Is Plaid a Scam?

If you’re thinking of using Plaid, you need to know whether it’s safe. Is Plaid a scam? 

Below, we explain whether Plaid is a scam and discuss some steps you can take to improve your safety while using this financial tech company. 

What Is Plaid?

Plaid is a financial technology company that connects your bank account to the financial apps (such as budgeting, money transfers, savings, etc.) you use. 

For example, when you connect your bank to an app like Venmo or Coinbase, it’s usually Plaid that powers that connection behind the scenes. Plaid verifies your account and lets apps access your transaction data, balances, and account details with your permission. 

The company now also offers Plaid IDV (Identity Verification) that uses AI to detect deepfakes and synthetic IDs. If you’re asked to upload a photo of your ID or take a “liveness” selfie, it’s often Plaid handling your biometric data for identity verification purposes. 

Plaid was founded in 2013. In 2020, Visa tried to acquire Plaid for $5.3 billion, but the deal fell through as a result of antitrust concerns.

Is Plaid a Scam?

No, Plaid is not a scam. It’s a legitimate fintech company. 

According to Plaid’s own website, it is used by more than 100 million global users, including 1 in 2 adults in the US, and more than 12,000 financial institutions across 20 countries. 

Several third-party publications have written about Plaid (and how it works), including CNET, Comparitech, and  Nerdwallet.

User reviews of Plaid are mixed as of this writing:

• 1.2 out of 5.0 stars (from over 150 reviews) on Trustpilot.
• 4.4 out of 5.0 stars (from over 70 reviews) on Capterra.
• 1.0 out of 5.0 stars (from over 20 reviews) on Better Business Bureau.
• 4.2 out of 5.0 stars (from over 40 reviews) on G2.  

Positive reviews praise easy and fast bank connections, compatibility with many popular apps, and strong security. 

Negative reviews report endless login and 2FA loops, rejected bank logins (when they work on the bank’s website), broken connections, and poor customer support. 

Plaid is not a Better Business Bureau accredited business as of this writing, but holds an “A-” rating. BBB ratings reflect how the BBB thinks a company interacts with its customers. 

At the time of writing, Plaid has received a total of 53 complaints in the last three years, 19 of which have been closed in the past 12 months. 

People complain about transfers failing or going to the wrong bank, errors when linking accounts, and no real customer support (i.e., no way to reach a real human). 

Plaid privacy and data use lawsuits

Plaid has faced several lawsuits over the years. 

From 2020 onward, multiple class actions were filed, alleging that Plaid collected bank login credentials and years of transaction data from users of apps like Venmo, Coinbase, Stripe, and Cash App without adequate notice or consent.

Plaintiffs claimed Plaid exceeded what was needed for the specific app use, amassed one of the largest transactional datasets in the world, and then used it for its own commercial purposes.

Complaints alleged Plaid’s interface was deliberately designed to mimic banks’ login pages, which led users to believe that they were sharing credentials directly with their bank rather than through a third-party data aggregator.

In 2021, Plaid agreed to a nationwide settlement of about $58 million covering roughly 98 million affected consumers, without admitting wrongdoing.

Plaid also agreed to make certain changes, like more prominent disclosures, data minimization, deletion of certain stored transaction data, and tools for consumers to view and manage app–account connections through Plaid.

Plaid security 

In its privacy policy, Plaid briefly explains its security measures.

It says it has security controls and access restrictions and internal policies limiting employee access.

On its FAQs page, Plaid says that its access to your credentials depends on your bank’s integration. Usually, you’re redirected to your bank’s site or app to log in, and Plaid never sees your credentials. 

In some cases, Plaid may ask for your login details and use them to access your account directly. 

All data is stored securely with strong encryption, access controls, and continuous monitoring.

Plaid privacy  

Plaid describes the kind of data it collects, why, and with whom it shares it in its privacy policy.

Depending on the service you use, Plaid may collect:

• Name, email, phone number, date of birth, and address.
• Social Security number. 
• Login credentials: usernames, passwords, and security tokens.
• Security questions, answers, and one-time passwords. 
• Account details: institution name, account name/type/ownership, and branch number. 
• Account and routing numbers, IBAN, BIC, and sort code. 
• Account balances (current and available). 
• Transaction history: amounts, dates, payees, types, locations, and descriptions. 
• Credit account data: due dates, balances owed, payment history, credit limits, interest rates, and repayment status. 
• Loan data: balances, payment schedules, interest rates, loan type, terms, and guarantor. 
• Investment data: transactions, asset types, quantities, prices, fees, and cost basis. 
• Documents: bank statements, pay stubs, and tax forms. 
• Payroll and tax data: income and employer information. 
• Photos or videos for identity verification (may include biometric data). 
• IP address.
• Device location and timezone.
• Hardware model and operating system.
• Browser and network data.
• Technical settings and preferences.
• Service usage: features used, timestamps, and connected institutions and apps.
• Derived data: inferred geolocation, annual income, and account types. 

The company collects this data directly from you, financial institutions, your device, app developers, affiliates, and third parties. Plus, it may derive certain information from other data. 

It may use your data to provide and operate its services, connect your financial accounts to apps, improve existing services, build new products (including AI systems), detect and prevent fraud, verify your identity, protect security and privacy, provide customer support, communicate with you (e.g., security alerts and updates), and meet legal and regulatory requirements. 

Plaid may also use aggregated or anonymized data for research and product development.

The company may share your data with the app you are using, your financial institutions, service providers, law enforcement or regulators (when legally required), business partners, affiliates, and buyers if Plaid is merged or acquired. 

Plaid says it only shares financial data to power the services you requested and does not sell your financial data. 

It states that it keeps your data only as long as needed to provide services, meet legal and regulatory obligations, prevent fraud, ensure security, and provide support. 

If you disconnect an app, Plaid’s systems are designed to automatically delete your data, though some data may be retained for legal, security, or fraud reasons. 

Plaid operates globally, so your data may be stored in the US and other countries. 

Regardless of where you live, you can:

• Access your data.
• Request a copy of your data.
• Correct inaccurate data.
• Request deletion or restriction.
• Object to processing.
• Withdraw consent.
• Request data portability.

You can submit requests through Plaid’s online form or by contacting them.

If you reside in the US, you can use Plaid Portal to see which apps are connected to your accounts and what data is being shared, as well as disconnect apps and delete stored data.

So, Should You Use Plaid?

Depends.

In practice, tens of millions of people use Plaid every day without issues, and most major fintech apps depend on it.

That said, you should only use it if you’re comfortable sharing your bank data with a third party in exchange for convenience.

How to Use Plaid Safely and Privately 

• Use apps you trust. Before connecting an app, read the app’s privacy policy (Plaid does not control what apps do with your data). Avoid unknown or poorly reviewed apps.
• Use the Plaid Portal to monitor and control access. Plaid provides a built-in privacy dashboard through which you can see what apps are connected to your accounts and what data is being shared. You can also disconnect apps you no longer use and request deletion of stored data.
• Disconnect apps you no longer use. When you remove a connection, Plaid’s systems are designed to delete your data automatically (with limited legal/fraud exceptions). It’s good practice to review your connected apps every few months and remove any you no longer use. 
• Secure your device. Keep your phone/computer updated and use a strong device passcode. 
• Exercise your privacy rights. In its privacy policy, Plaid says anyone can request access to and deletion of their data, withdraw consent, and request a copy of their data.