Consumers could soon see which Plaid apps access their account

This app mockup illustrates the kind of data privacy portal that banks can build to show customers which apps use Plaid to access their account information and allow them to revoke that access. Banks can build these apps as long as they use Plaid's API.
Plaid

More consumers will soon get to see which companies have access to their financial data rather than needing to memorize which apps they previously granted access to their accounts.

The financial data aggregator Plaid announced on Wednesday it is launching Permissions Manager, which will allow financial institutions that work directly with Plaid to build their own privacy portals so consumers can see or shrink the list of apps that have access to their account information.

Before the announcement, fewer financial institutions had the ability to show consumers which other companies had access to their financial information. Some larger institutions such as U.S. Bank and Capital One provided such interfaces to consumers, but only because they reached an agreement with Plaid to gain that ability. Permissions Manager will extend the capability to institutions that share data with Plaid through an API and that have the development expertise to build their own portals.

The move reflects Plaid's commitment to trust, according to Sheila Jambekar, Plaid's chief privacy officer, which she described as "the backbone of everything" the company does.

"Plaid believes it should be easy for consumers to be in control of their own financial data," Jambekar said. "Our newest data privacy innovation can now help our data partners put consumers in the driver's seat — by enabling people to access and manage their own data and that strengthens the ecosystem for all."

Plaid had previously violated consumers' trust by allegedly harvesting and selling detailed financial information without users' consent, according to a class-action lawsuit the company settled last year. Since the episode, the data aggregator has rolled out another product, Plaid Portal, to give consumers greater control over what entities can access their financial data.

Whereas Plaid primarily builds tools for app developers and fintechs to use, the company built Plaid Portal for consumers to use. U.S. consumers can provide their phone number — a common piece of information Plaid uses to link multiple accounts together — to access the portal and see which apps can access their financial information, and which of their bank accounts those apps can access.

According to Jambekar, Plaid Portal is one example of how Plaid "has evolved from a company focused on building developer infrastructure to a company that also builds tools that consumers interact with directly," an evolution she said ensures "consumers can securely and confidently navigate an ecosystem rapidly growing in scale and complexity."

Permissions Manager lets banks create their own version of Plaid Portal for their customers — a place where customers can go to see and modify the list of apps they have approved to look at their bank account.

At least, the institutions that integrate with the Plaid API and are otherwise able to build such a portal can do so. The London-based fintech Wise is one of them.

Direct connectivity between the cross-border payment company and the data aggregator will let Wise's 13 million customers use the 6,000 fintech apps in Plaid's network without the need for a bank account.

August 10

The transfer-focused company launched an interface within its app that uses Plaid's Permissions Manager to give Wise customers "the control and transparency they need over their data," according to Ankita D'Mello, a senior product manager for the company.

"With Permissions Manager, our customers can easily make changes to which apps are linked to their Wise account," D'Mello said. "When customers can see the changes in their data permissions in real time, it builds a layer of trust."

While Plaid says it is an "API-majority company," it still accesses many consumer financial accounts using screen scraping, a highly contentious practice that contributed to the lawsuits Plaid settled.

Financial institutions that do not reach data-sharing agreements with Plaid to access its API cannot show their customers which Plaid-enabled apps have access to their financial data.

For reprint and licensing requests for this article, click here.
Data privacy Data security Technology
MORE FROM AMERICAN BANKER