[HN Gopher] Stripe Financial Connections
___________________________________________________________________
Stripe Financial Connections
Author : ianhawes
Score : 284 points
Date : 2022-05-04 16:05 UTC (6 hours ago)
(HTM) web link (stripe.com)
(TXT) w3m dump (stripe.com)
| [deleted]
| nope1234 wrote:
| I honestly can't believe that there's enough people dumb enough
| to give their bank username/password combo to strangers to make
| services like this work.
|
| Nope nope nope.
|
| As a user, I'd never use any service that is plaid based, I don't
| even care that "they have proper api access now". Even though
| I've been fan of other stripe offerings I'd never use this
| either. It's beyond shady.
|
| Friends don't let friends give out their banking creds.
| lambda_lord wrote:
| That's not how the service works. You don't give Stripe your
| banking credentials, you log into your bank directly:
| https://stripe.com/docs/financial-connections/fundamentals#a...
| wmf wrote:
| No, it looks like you're logging in to your bank but you're
| actually giving your credentials to Stripe.
| lambda_lord wrote:
| If your bank supports Oauth it won't share your
| credentials:
|
| >Stripe generally defaults the authentication flow to OAuth
| if available at the financial institution....OAuth is an
| open standard authorization protocol that allows users to
| let applications (for example, Stripe) access their
| information within other applications (for example, bank
| apps) without having to share their login credentials.
|
| But for banks without Oauth you DO give your credentials to
| Stripe:
|
| > For these banks, end users provide credentials to Stripe
| or one of our trusted partners.
| jasonhoch wrote:
| By clicking "Start Now", I try to visit
| https://dashboard.stripe.com/financial-connections/applicati...
| and it redirects me to
| https://dashboard.stripe.com/test/dashboard. Would love to see
| more!
|
| Although, from reading the docs, a lot of the products that I'm
| interested are still "Coming Soon" (confusingly a different
| verbiage but identical in meaning to "Private Beta"?): -
| Transactions - Other data-powered products
| edwinwee wrote:
| Ah, is your Stripe account live (i.e. in livemode with payments
| activated)? We'll look into make this smoother, but right now
| you'll have to leave testmode to continue.
| pbreit wrote:
| I keep getting "An unexpected error occurred when trying to
| use instant verification."
| [deleted]
| nitsky wrote:
| Is this good news or bad news for Plaid?
| kadomony wrote:
| Competition is healthy. Whether it's good or bad, we'll see. No
| one can divine that, but I get the sense that Plaid's product
| team is a bit worried right now.
| FintechRisen wrote:
| I think this is the biggest thing here. User credentials need
| to be protected and hopefully this type of open-market
| approach brings about more democratization of data.
| nitsky wrote:
| I wonder why it took so many years for Stripe to start
| competing in this area.
| cj wrote:
| One possible reason is that ACH payments are MUCH more user
| friendly if they can be initiated by an end-user
| authorizing their bank account (compared to digging up
| their account #, routing #, etc and entering the info
| manually).
|
| ACH payments are essentially free to process (or a very
| small flat fee). This is very different from credit card
| transactions that charge a % of the entire transaction.
|
| If ACH / direct payments from bank accounts became more
| common through services like Plaid and Stripe's new
| service, it could mean less fees (less revenue) for Stripe
| to collect. Which could explain why it's not something
| Stripe jumped into earlier.
|
| TLDR: if I had to guess, there's more money in processing
| credit card payments, and much less money in facilitating
| ACH transactions.
| axg11 wrote:
| This is bad. Stripe doesn't have to provide the best service
| here. A lot of companies already use Stripe making the barrier
| to trying this out very low. Likewise for startups, if you're
| already trying out Stripe billing for your MVP you're more
| likely to use another Stripe product than to try out Plaid.
| kadomony wrote:
| I'd agree. A startup looking to use Stripe Atlas now has
| access to this for standing up their services? Plaid is
| basically disqualified from the start, given how cohesive the
| Stripe platform is.
| astlouis44 wrote:
| Yeah exactly this, Plaid is probably in for a rough ride long
| term. Stripe will likely steamroll them.
| zinekeller wrote:
| Question: are US banking really this dysfunctional? Where I'm
| from, a bank consortium already provided unified login services
| (while banks still have their own websites, as a merchant you
| only need to integrate the consortium-provided APIs rather than
| using Plaid) simplifying things.
| danielmarkbruce wrote:
| Banking is less concentrated in the US than other countries.
| There are thousands of banks here. So it's harder for industry
| protocols to move forward.
| pbreit wrote:
| The US has 10,000 financial institutions. Wherever you are from
| maybe has 20.
| chrisseaton wrote:
| In the US your public bank account number is effectively a
| password to debit your account! There's literally no
| authorisation at all!
| lxgr wrote:
| That is the case in most of Europe as well (under SEPA Direct
| Debit), and has been for many years now.
|
| I've not had to dispute an ACH debit yet, but at least at
| most German banks, it's literally a single click and the
| money is back in your account - up to 8 weeks after the
| payment (any reason, no questions asked), and up to 13 months
| in case of fraud ("no mandate").
| IG_Semmelweiss wrote:
| Can you elaborate?
|
| I believe you need a specific bank authorization to do ACH
| withdrawal using only routing and Account#. Plus, your
| beneficiary bank does screen for such services given out to
| clients very closely. No random joe schmo can do auto ach
| debit
|
| Unless you are referring to passing forged checks, I'm not
| sure what you mean by this.
| pbreit wrote:
| "I believe you need a specific bank authorization to do ACH
| withdrawal using only routing and Account#"
|
| No. All you need is an account number and routing number
| (which are printed on paper checks). The ACH originator is
| responsible for ensuring the numbers are owned by the
| payer.
| chrisseaton wrote:
| My understanding is that in the US to pay your rent you
| either send a literal paper check, which had no serious
| authorisation at all, or your land lord reaches into your
| account using your bank account number and debits it,
| without you having to approve.
|
| If not - why do people protect their bank account numbers
| in the US? In the UK mine is printed on my bank card -
| anyone can read it off.
|
| It's like social security numbers in the US - they became
| passwords when they weren't supposed to be.
| lxgr wrote:
| > your land lord reaches into your account using your
| bank account number and debits it, without you having to
| approve.
|
| This is how many people pay for rent in Germany (and I
| strongly suspect elsewhere) as well.
|
| If they take too much, you can get it back with a single
| click in your bank account.
| isbvhodnvemrwvn wrote:
| Quite interesting. In Poland a lot of places have their
| bank number just on their website if you want to donate
| something, I don't think you can place a debit like that.
| lxgr wrote:
| Bank accounts like that often have outgoing direct debits
| blocked to prevent fraud, as far as I know.
|
| (I don't think there is a registry - this would simply be
| a bank-side setting to auto-decline all requested direct
| debits.)
| vageli wrote:
| > In the US your public bank account number is effectively a
| password to debit your account! There's literally no
| authorisation at all!
|
| Don't you also need the routing number? How does this differ
| in other countries or anywhere that checks are used?
| the_svd_doctor wrote:
| The routing number of each bank is public :-)
| vageli wrote:
| Yes but banks can have several routing numbers.
| pbreit wrote:
| The routing and account numbers are printed on every paper
| check in the US. Those are all that you need to process an
| ACH. The onus is on the ACH originator to make sure the
| numbers are not stolen.
| bzxcvbn wrote:
| A check needs a signature and has some security feature
| built-in. You might argue that it's not sufficient, but
| it's the same deal as paper money for example. The
| cost/benefit ratio is too low for counterfeiting checks to
| be useful, most of the time.
| [deleted]
| [deleted]
| chrisseaton wrote:
| Yes the public account number and routing number. Which are
| printed on my card, statements, might be read out loud,
| etc.
|
| My bank in the UK would not let you debit my account with
| just the numbers. I'd need to authorise it.
|
| How do you stop people debiting your account with whatever
| they want?
| xur17 wrote:
| > How do you stop people debiting your account with
| whatever they want?
|
| Short answer: you don't. Long answer: robust "fraud"
| controls. It's a shit-show.
| rglover wrote:
| Yes. Some banks still run COBOL behind the scenes here.
| zinekeller wrote:
| ... and I'm pretty sure a majority of banks here still runs
| COBOL, but it didn't stop them creating a consortium and
| simplifying things!
| [deleted]
| paxys wrote:
| What they run on their backend doesn't really matter. If they
| can provide a website with username/password login, they can
| have an OAuth layer as well. It isn't a technical problem but
| a business/priorities one.
| yohannparis wrote:
| running COBOL behind the scenes have nothing to do with an
| easy API access and a consortium for interbanking.
| rmbyrro wrote:
| Maybe they pointed out as an indication that some financial
| institutions in the US are not _modern_ technologically
| speaking, and that may be a cause for lacking better APIs?
| ericmay wrote:
| That was probably the intention but I think that isn't a
| core reason. It's more about business/tech incentives
| around these APIs. The industry is more risk-averse, and
| frankly there isn't necessarily a great business case for
| doing integrations if you're a big bank because you don't
| want to be commoditized into "pipes" and then have to
| compete on low-margin products all the while the middle
| companies have better margins and skim off the top of
| you. At least on the consumer side. There's this meme
| that banks are technologically backwards and all that,
| and I don't think that is true or a good frame of
| reference to have. The scale, complexity, regulatory
| environment, and risk-aversion when something bad happens
| are far and away more relevant factors than technology
| is.
| rmbyrro wrote:
| I agree, but don't think the original comment deserves
| down voting. It's an acceptable argument. Might not hold
| water, though.
| haswell wrote:
| For some systems, this is arguably a feature. Banks are
| rightly cautious about touching core transaction processing
| systems, systems that cost millions per minute when down.
|
| But the use of COBOL generally doesn't extend to the consumer
| facing product, or the APIs that support those consumer
| facing experiences.
|
| Banks may be backwards, but the use of older languages is not
| one of the primary reasons.
| quadcore wrote:
| It makes me trust them more when they use old software that
| I never got to complain about.
| animal_spirits wrote:
| I remember about 4 years ago I read online that most bank
| passwords did not even check for upper case or lowercase
| characters. I didn't believe it, but to my surprise I entered
| my password with RaNDoM cASe letters and it unbelievably logged
| me in. This was Chase bank, and I believe it has been fixed
| since then. But just goes to show how far behind banking
| systems have been.
| codegeek wrote:
| "are US banking really this dysfunctional?"
|
| Yes very much. A lot of banks don't even have 2FA and most that
| do only offer SMS based. APIs, forget about them. Walk before
| we can run.
| boringg wrote:
| Is this logic right or wrong: All of these fintech companies
| allow for more convenient movement of money and integration with
| applications etc however they are adding additional costs to all
| transactions. I.e. were trading convenience for cost?
| mwt wrote:
| Are they adding costs? The baseline of ~3% to wire money seems
| already high.
| pbreit wrote:
| This potentially lowers payment processing costs by making ACH
| a viable alternative to cards.
| mrlase wrote:
| The pricing here seems asinine. $0.10/successful API call?
| wmf wrote:
| This data is worth far more than 10 cents.
| tomatowurst wrote:
| guessing this doesn't work with Canada
| cercatrova wrote:
| I wonder how this compares to Column, since the founder of Column
| also cofounded Plaid. I see both founders' comments in this
| thread it looks like but the Column founder doesn't seem too
| happy about it [0].
|
| There also seems to be some vindication by the Bolt founder,
| based on his Twitter thread about how Stripe handles corporate
| development [1][2], it really reminds me of Paul Graham's essay
| not to talk to them, lest the same thing happen to you [3].
|
| [0] https://twitter.com/pitdesi/status/1521915016668090368
|
| [1] https://twitter.com/theryanking/status/1485784823641755648
|
| [2] https://twitter.com/pitdesi/status/1521906115914526721
|
| [3] http://www.paulgraham.com/corpdev.html
| healthbjk wrote:
| Column is a bank. They've bought a bank charter and are aiming
| to cut out Banking as a Service middlemen
| philip1209 wrote:
| Yeah - my impression is that Column is depth-first for the US
| banking system, whereas Stripe is breadth-first for multiple
| markets
| whockey wrote:
| []
| nightpool wrote:
| It's interesting to compare this comment with one of the other
| top comments on HN right now, an explanation of how Google's
| culture of promoting users for solving "hard problems" is
| ultimately a terrible, terrible strategy for their users and
| their company. https://news.ycombinator.com/item?id=31262428
|
| As engineers, we should to step away from our egos and our
| desire to do something "interesting" and focus on where our
| solutions actually solve real problems, like Stripe's products
| (often, not always!) do. Whether something is "middleware" or
| "not interesting" has nothing to do with how _useful_ or
| _valuable_ it is.
|
| I'm sure there are plenty of people working at Plaid who are
| really interested and dedicated in working on the kind of
| middleware that their co-founder is denigrating here. It's a
| shame they have to work for a company where that kind of polish
| is pushed aside in favor of ambiguous "innovation". As an
| engineer and a customer, I know which kinds of companies and
| engineers I want on the other side of the table when
| considering business partners, and--going solely from your
| comment--it sounds like Plaid isn't one of those companies.
| sicromoft wrote:
| For those wondering, this was originally a salty comment by one
| of Plaid's founders calling out Stripe for being "so damn
| boring".
| 88913527 wrote:
| It's probably financially optimal to put a nice veneer on an
| existing solution than to make something whole-cloth. They're
| running a business, not a charity, and besides -- as the
| consumer, why would you care? All you see is the facade
| anyways; unless you're making a point that the API's are
| actually leaky abstractions and the facade isn't that good (and
| I would respect that argument, if it were the case).
| whatshisface wrote:
| If Stripe knows how to pay developers appropriate salaries
| (this is the under-discussed reason for SV companies being the
| only ones who can make good APIs - BoA is never going to pay
| their web team more than they pay their web team's department
| head, that is not possible for their culture) to develop
| appropriate interfaces on things, then more power to them if
| they can do very simple things to profit in the context of the
| oversights of other companies.
| PragmaticPulp wrote:
| Screenshot of deleted comment:
| https://twitter.com/pitdesi/status/1521915016668090368/photo...
| reducesuffering wrote:
| GP clearly retracted his statement. Regardless of whether
| it's right or wrong, what I'm much more sure of is people
| will be far too careful in expressing thoughts if the moment
| it's out there it will be forever imprinted into the internet
| and associated with themselves. I wonder if it's possible for
| truly ephemeral messaging wiped-clean when you would like,
| given the issues with someone just writing it down
| physically.
| lambda_lord wrote:
| This kind of comment throwing shade on your competitors does
| not reflect well on you or your companies.
|
| People want alternatives to Plaid. How do you know they are
| simply wrapping 3rd parties instead of building these deep
| integrations themselves?
| stu2b50 wrote:
| Yeah, have to say, the level of knee jerk defensiveness here
| and on Twitter from cofounder level figures from Plaid does
| not exactly evoke confidence in their ability to outcompete.
| kbyatnal wrote:
| lots of respect for what you and the team have built at Plaid,
| but this is exactly the opportunity. As a developer who's
| worked at multiple fintechs and integrated with Plaid more
| times than I care to remember, it's an incredibly frustrating
| experience.
|
| Ask any fintech and they'll tell you - Plaid is simultaneously
| the best and worst vendor they use. Best because there's no
| real alternative, but worst because it causes so, so, so many
| headaches with how unreliable the product is. The time spent
| building product workarounds at every company to account for
| Plaid issues is tremendous.
|
| If Stripe thinks they can build something better, then I'd
| really love them to try.
|
| Edit: William (co-founder of Plaid) seems to have deleted his
| comment, but it was basically accusing Stripe of repeatedly
| copying other companies.
| metadat wrote:
| See also: https://news.ycombinator.com/item?id=31263288
|
| "Stripe releases Plaid-like project, Plaid CEO objects to
| process"
|
| Different day, same old stripe. Beware.
| Brystephor wrote:
| not a different day. that post is from 3 hours ago.
| metadat wrote:
| I meant that _today_ is a different day from yesterday, and
| the day before..
|
| It's a common English idiom.
|
| I don't have the reference links handy but the TL;DR is that
| Stripe has played dirty lots of times before. The formula is:
|
| 1. Pretend they want to acquire a company with a product they
| like
|
| 2. Then, once they waste enough of the competitors time
| (buying buffer enabling them to figure out the secret sauce)
|
| 3. Clone stamp the competitors product, fucking them over
| royally. Also leverage the tremendous public reach,
| visibility, and clout of Stripe itself to promote their
| clone.
|
| It's a very ugly and distasteful way of doing business. It
| aligns with the values of the Farenghi on Star Trek.
|
| It's naiive on the victims part, sure, but Stripe is
| dishonest and shan't be trusted.
| iamcreasy wrote:
| I do not know about other instance. Could you please share?
| metadat wrote:
| "Stripe hiring issues make some lose job offers"
|
| https://news.ycombinator.com/item?id=29403976
|
| I think I was confused, and I apologize. There was some
| prior drama with the Bolt founder claiming Stripe was
| colluding against them.
|
| It seems an error on my part, an honest one but still
| incorrect. Sorry, again.
| yohannparis wrote:
| My question is does this use banks own API, or works like Plaid
| by doing web-scrapping? I'll prefer the former.
| illnewsthat wrote:
| From https://stripe.com/docs/financial-
| connections/fundamentals#h...
|
| > With the authentication flow, your user logs into their bank
| either through an OAuth (bank-hosted) or non-OAuth flow to
| authenticate access to their accounts.
|
| > Stripe generally defaults the authentication flow to OAuth if
| available at the financial institution. Your integration
| doesn't need to treat OAuth accounts differently than non-OAuth
| accounts.
| naiwenwt wrote:
| Plaid moved away from scraping years ago, most integrations
| these days are through APIs.
| amonroe369 wrote:
| No they didn't. November 2021 was not that long ago.
|
| "You may be a Class Member if you are a United States
| resident and you connected a financial account to an app
| between January 1, 2013 and November 19, 2021....
|
| "This class action alleges Plaid took certain improper
| actions in connection with this process. The allegations
| include that Plaid: (1) obtained more financial data than was
| needed by a user's app"
| naiwenwt wrote:
| Hence "most integrations", not all.
|
| Citing a settlement date range with language like "may be a
| class member if you connected a financial account to an
| app" doesn't really refute my point.
| aristidb wrote:
| Curious that they translated it to German based on my phone
| settings for a product that only supports US banks? (I don't mind
| that it is US banks, just... why did they pay a human to
| translate it?)
| slugiscool99 wrote:
| How much longer are we just going to keep eating up whatever the
| Stripe PR machine churns out? They did a great job with payments
| but a lot of their auxiliary products are just worse versions of
| other businesses.
| kaiuhl wrote:
| I work at one of the companies that integrated Financial
| Connections during its beta, moving from Plaid Auth. We use the
| link to bank accounts for instant account verification and as a
| fraud signal for ACH payments. However, we definitely can't do a
| better job than Stripe could at risk analysis, provided they had
| access to metadata on the bank account when processing the
| payment and could provide insights from their entire platform.
| Now they do.
|
| I'd guess the big benefit here, besides taking some of Plaid's
| existing customers, is what's possible now that Connections lives
| alongside the other things Stripe offers like ACH, loans, and
| identity verification.
| propogandist wrote:
| if you've ever used Yodlee or a similar "verify your bank"
| service, change your bank account password and you'll start
| seeing a surge in "suspicious login attempts" alerts (if your
| bank notifies you of such things) as these data scraping services
| are constantly trying to check-in on your personal financial
| activity
| a13n wrote:
| Does it collect your bank username and password, or work directly
| with banking APIs? Every time I see some service trying to do
| this via Plaid I cringe.
| bm5k wrote:
| Yeah, giving out my banking authentication info is a hard nope
| for me & I discourage everyone I know from using or
| implementing anything using plaid.
| lambda_lord wrote:
| https://stripe.com/docs/financial-connections/fundamentals#a...
|
| You log into your bank directly and then grant access to
| Stripe.
|
| I presume, behind the scenes, your bank gives Stripe a single
| application token (not your credentials) to pull read-only
| data.
|
| (edit) But this is only for banks supporting Oauth, it seems
| for others it DOES give Stripe your credentials.
| jollyjellie wrote:
| I have been an advocate of Stripe but today I am quite
| disappointed with Stripe. Is this what happens when a company
| becomes big with thousands of employees? Copying smaller
| companies' product(s) while having a "partnership" with them? I
| wish they released an actual competing product, not a copy.
|
| This discourages SO MANY startups.
| wmf wrote:
| _an actual competing product, not a copy_
|
| How many ways are there to do this?
| kintalo wrote:
| The limit to only daily pulls and up to 180 days of historical
| data is pretty disappointing. Would expect Stripe to push the
| envelope here and move down to near-instant updates and full
| historical data. This is basically a knockoff of existing
| solutions done at par or worse which is surprising to see from a
| company like Stripe. Maybe they've lost a bit of their magic or
| focus. Will be interesting to see how everyone adapts and
| improves to this announcement.
| kadomony wrote:
| Plaid has left the chat.
| dylan604 wrote:
| What was the phrasing for the server kicking someone out?
|
| Plaid was booted from the chat?
| minimaxir wrote:
| Plaid slaps Stripe around a bit with a large trout
| peter_l_downs wrote:
| Very excited for this. One of the major issues with Plaid is
| their poor support for commercial banks -- for instance, SVB. If
| Stripe can provide more reliable connections to commercial banks,
| this will be an extremely valuable alternative.
| sergiotapia wrote:
| https://twitter.com/pitdesi/status/1521906115914526721
| cagr wrote:
| Not a good look, the lawsuit is going to be interesting for
| sure.
| vincentmarle wrote:
| Plaid CEO has some words for Stripe:
| https://twitter.com/zachperret/status/1521898404061716480
| cagr wrote:
| Ryan Breslow vindicated again...
| tomatowurst wrote:
| I'm genuinely worried for that guy. He's exposing powerful
| connected people and I can't really see that end well. It's
| not like people retweeting and liking his tweets have any
| sort of power like what is alleged.
| PragmaticPulp wrote:
| EDIT: The accused person has denied these allegations, claiming
| that Plaid reached out to Stripe (not the other way around) and
| that the RFPs were because Stripe invited Plaid to be part of
| the product:
| https://pbs.twimg.com/media/FR8FjJ9VsAAMY_k?format=jpg&name=...
|
| > Wow! Jay, you took interviews with Plaid & asked probing
| questions multiple times over the past few years, and your team
| sent repeated RFP's (under NDA!) to us asking for tons of
| detailed data. I wish y'all the best with these products, but
| surprising to see the methods.
|
| I don't know. Talking with a company shouldn't disqualify you
| from ever working on a competing product. Sending an RFP
| doesn't mean you can never build your own product.
|
| The Plaid CEO is trying to anchor the conversation around
| malicious intent, but it's not hard to imagine a scenario where
| this product-minded person legitimately explored working with
| Plaid, legitimately explored partnership opportunities at
| Stripe, and walked away believing it would be better for Strip
| and for himself to build a competing solution at Stripe.
|
| Plaid's product isn't entirely novel. In my experience _as a
| consumer_ it has failed at least 3 /4 times I've tried to use
| it with my financial institutions. I'm frankly more surprised
| that it took this long for anyone to enter their space to
| compete against Plaid.
| lambda_lord wrote:
| They are not describing a job interview. They are describing
| a product interview between businesses for some sort of
| partnership.
| PragmaticPulp wrote:
| Right, but that doesn't imply malicious intent and it
| doesn't disqualify them from building their own.
|
| Talking to companies about their product and then later
| deciding you'd rather build your own isn't really
| surprising. Plaid was definitely aware that Stripe was a
| potential competitor going into those meetings.
| mritchie712 wrote:
| yeah, Stripe has a totally reasonable defense for this:
|
| 1. Obviously this is a product we'd want to build because our
| customers want it
|
| 2. We contacted Plaid to see if they wanted to be part of it
|
| 3. Plaids pricing didn't work for us so we built it ourselves
| / went with other providers
|
| Not sure what you'd even get from talking to the team at
| Plaid that couldn't be learned in an afternoon or two using
| product that use Plaid and hacking on banking API's.
| msoad wrote:
| In case tweet disappears:
|
| > Wow! Jay, you took interviews with Plaid & asked probing
| questions multiple times over the past few years, and your team
| sent repeated RFP's (under NDA!) to us asking for tons of
| detailed data. I wish y'all the best with these products, but
| surprising to see the methods.
| xtracto wrote:
| Darn, if this is true.
|
| I'm going to do the low-effort comment and link to a Silicon
| Valley series video someone posted here not long ago (Brain
| Rape): https://www.youtube.com/watch?v=JlwwVuSUUfc
| PragmaticPulp wrote:
| And a rebuttal from Jay Shah (the accused) claiming that this
| isn't true: https://pbs.twimg.com/media/FR8FjJ9VsAAMY_k?forma
| t=jpg&name=...
|
| > Zach, sorry you feel this way, but this isn't true and I
| think you know that. You reached out to me repeatedly--I
| never reached out to you for information. Stripe did an RFP
| because we work with partners for this product, and we had
| hoped to include Plaid.
| stu2b50 wrote:
| I'm surprised they had this information so easily at hand.
| How did they even know that? They saw the tweet and the first
| thing that comes to mind is to query all the people they've
| interviewed?
| lambda_lord wrote:
| It wasn't some IC interviewing for a job, it was a
| representative of Stripe and Plaid doing a product
| interview for a possible partnership.
| stu2b50 wrote:
| Interesting. I'm much less sympathetic, then. I would
| imagine that kind of situation would be far more formal,
| with lawyers from both sides present, and, to be frank,
| this kind of information gathering an expectation. It
| would be pure naivety for it not to be - these are
| multibillion dollar companies talking to each other!
|
| On the other hand, if I, a random hypothetical engineer,
| were interviewing someone for a team, in a 1-1 situation,
| and they asked about what I worked I'm, I'm naturally
| going to be less guarded nor really prepared to
| sufficiently redact my answers.
| sergiomattei wrote:
| Reminds me of the HN thread full of anon $XB Fintech CEOs
| bashing Stripe.
| barleyworth wrote:
| https://news.ycombinator.com/item?id=29388310
| psanford wrote:
| So could I use this to build a personal tool to track account
| balances over time?
| ianstormtaylor wrote:
| If Stripe can leverage their banking relationships to leapfrog
| Plaid by integrating directly with bank's APIs instead of doing
| screen scraping... that would be massive! It seems like Plaid's
| biggest weakness is the flakiness of their connections, which
| creates so much frustration/churn downstream.
|
| Plaid's other weakness is their opaque, enterprise-style pricing,
| which is seems like Stripe is doing away with. Hopefully they can
| bring the price down, because lots of consumer-facing use cases
| aren't viable due to the high monthly price per connection.
|
| I hope they add support for investment account holdings--it seems
| like Plaid is the only one that does this well.
|
| --
|
| Edit: digging deeper, it looks like Stripe proxies to Plaid-like
| "service providers" under the covers--at least for institutions
| without OAuth flows. [1][2][3] Presumably they'll build in-house
| connections over time, but it dents my hope that their
| connectivity will be better than Plaid's. Either way, transparent
| pricing and more competition in the space is still welcome!
|
| [1]: https://support.stripe.com/questions/what-is-the-
| relationshi...
|
| [2]: https://support.stripe.com/questions/how-does-stripe-
| limit-d...
|
| [3]: https://support.stripe.com/questions/who-will-obtain-my-
| fina...
| tootie wrote:
| Hasn't Yodlee been doing this way longer than Plaid? They are
| (or at least were) the backbone for mint.com
| zht wrote:
| It's unlikely Stripe has access to any APIs that Plaid doesn't
| also have access to.
| sz429961 wrote:
| it's also unlikely Stripe doesn't have access to any APIs
| that Plaid has access to
| zht wrote:
| sorry what? no one was saying Plaid had access to more APIs
| than Stripe
| sz429961 wrote:
| right, which makes it easy to clone the whole set of APIs
| FintechRisen wrote:
| We've found that Plaid only leverages around 3-4 Direct API
| connections for some reason, why other aggregators like MX,
| Finicity, Yodlee all have 10+. It seems suspect to me because
| Plaid doesn't seem to be prioritizing the protection of user
| credentials the same way others are.
| lucasmullens wrote:
| In this thread you've accused the founder of Plaid multiple
| times of lying, without evidence, and most importantly,
| your account was made only 1 hour ago.
|
| You've said "Stop lying bro.", "hella sus", "This is 100% a
| lie", "seems suspect", all without evidence.
|
| You seem to have some ulterior motive here that you haven't
| disclosed. Maybe you're right about everything, but it
| comes across poorly.
| fintechguy1234 wrote:
| This is false. Hundreds of banks have built out api's on
| plaid exchange: https://plaid.com/plaid-exchange/
| phoenixy1 wrote:
| Yeah, at this point the majority of API requests that
| Plaid fulfills are filled with data provisioned from
| institutions via an API. I assume that OP was only
| looking at named banks who we did press releases with
| (e.g. Chase, Wells Fargo, Capital One) but there are many
| more financial institutions we have API integrations with
| beyond that, either via Plaid Exchange or via their own
| APIs. [I work at Plaid]
| gigatexal wrote:
| If they do this it would indeed be huge. Screen scraping and
| the like to get around a proper API sucks. In the EU we have
| PSD2 but the APIs aren't all amazing.
| andy_ppp wrote:
| Also every 90 days you have to do some weird dance to keep
| the apps receiving your data, it never seems to work right
| and you forget. I would think building a business on such
| flakey APIs is dubious at best!
| dylan604 wrote:
| To fight that flakey situation of bad APIs, one decides to
| build a business based on flakey screen scraping instead?
| With financial information? What could possibly go wrong?
| gigatexal wrote:
| This is still a ton better than asking the client for
| credentials and then scraping their logged in bank accounts
| which is hella creepy.
| jbverschoor wrote:
| The APIs aren't amazing, and you need to be a financial
| service provider to access production environment. Aka
| useless for any startup or person
| gigatexal wrote:
| Yeah getting a license with bafin is tough but a VC backed
| fintech can do it or partner or use the api of a fintech
| that already has a license and build off of that.
| zachperret wrote:
| Plaid founder here. Stripe does not integrate with any bank
| API's directly (AFAICT). They wrap two aggregators, MX and
| Finicity to build this product. (Also, not sure what MX
| products they are using, but MX itself is an aggregator of
| aggregators, including others such as Yodlee.)
|
| On pricing, Stripe's listed rates are 30-200% higher than Plaid
| rates (perhaps due to high vendor costs). That said, if anyone
| does have feedback on where Plaid pricing is prohibiting new
| use cases, we'd love to hear! I'm zach at plaid if folks would
| like to discuss.
| amonroe369 wrote:
| You seem pretty clueless about your competitors and you are
| talking poorly, very openly about them here Zach. That is not
| a good look in any way and reflective of a poor corporate
| culture.
|
| If MX and Finicity are aggregators of aggregators, that would
| still mean Plaid would benefit, right? Maybe you (and your
| sales team) do not know your competition.
|
| Publicly airing grievances as well against Stripe, who you
| could potentially partner with in the future, reflects an
| underlying toxic corporate culture at Plaid. I do not think
| Stripe will likely ever want to do business with you after
| this and prevent others from doing the same. I have never
| worked at Plaid, but I am not inclined to want to work with
| you based on what we are seeing here. Plaidsettlment.com
| pc86 wrote:
| Creating a throwaway for this (potentially valid) criticism
| destroys any credibility you may have.
| amonroe369 wrote:
| fair criticism. My points remain. Having talked to
| Plaid's sales team, not bad people. I just don't trust
| providers that openly talk poorly of competitors and
| plaids sales team did that and the CEO of the company is
| doing it in public.
| [deleted]
| theyknowitsxmas wrote:
| Zach has responded to a Stripe product manager on Twitter.
|
| https://twitter.com/zachperret/status/1521898404061716480
|
| I think Zach knows his product very well & this could be
| espionage on Stripe's part, but I'm not dissatisfied with
| Stripe's product nonetheless.
|
| Disclaimer: I've never used Plaid.
| amonroe369 wrote:
| Plaid and their lawyers should have hashed it out with
| Stripe then in RFP. I work for a big bank. If we send out
| RFP's for a project there's language in there that most
| providers never look at. It basically says "I can do
| whatever I want with information in the RFP except give
| it to your company's competitors."
|
| So if I am working for a top 10 bank, and I see value in
| a solution, if I cannot get it cheaper than it would cost
| me to develop it and time is not that big of a factor, I
| build it myself. If there are no time constraints and
| vendor can deliver solution at roughly the same cost I
| can build it for, I built it myself.
|
| My guess as not being part of the stripe/plaid
| conversations or RFP. Zach's lawyers did not redline or
| challenge language around processes or IP with Stripe in
| RFP Agreements and that was likely the biggest downfall.
|
| Plaid does have great litigation attorney's, I mean their
| class action settlement was only $58 million. So likely,
| Plaid might get something if there is IP that was
| protected. It will come out in discovery if a lawsuit
| gets legs.
| lukeramsden wrote:
| > MX itself is an aggregator of aggregators
|
| Aggregators all the way down...
|
| The US really needs its own PSD2.
| thomaslord wrote:
| It sounds like the issue noted above is less the actual
| pricing, and more that it's difficult to find out what the
| pricing is.
|
| This matches up with my personal experience - I had to get in
| touch with an actual human and ask them for the pricing just
| to see if a project would be viable. I did get a relatively
| fast response that made the pricing very clear, but because
| it didn't come with any caveats (e.g. volume-based pricing or
| "we need to negotiate pricing on a per-client basis") it
| almost made the experience more frustrating.
|
| Basically if your pricing is simple and universal enough that
| you _could_ post it directly to the pricing page, you
| _should_ post it to the pricing page. Especially for
| developer-focused products, hiding the pricing can lead to a
| serious reduction in conversion.
|
| My use case is transaction data so the pricing for Stripe's
| competing product isn't posted yet, but if I was choosing
| between the two products and only one had pricing clearly
| posted on the website I'd immediately go with that one unless
| the pricing was so ridiculous that it wasn't affordable. And
| if the pricing was ridiculous, I'd probably assume that
| Plaid's pricing was just as bad.
|
| Basically, I should be able to evaluate your product and its
| pricing without engaging with any of your employees wherever
| possible. I routinely remove companies from consideration
| because I can't plug them into a spreadsheet of prices
| without going back and forth with a sales team whose time
| I'll just be wasting anyway.
| emrekzd wrote:
| Unlike Plaid, Finicity and Yodlee have direct integrations
| with some banks. Example: Silicon Valley Bank has direct
| integration with Finicity. SVB through Plaid breaks quickly
| (because they require some weird 2fa policy).
|
| Let me know if I'm missing something but if Stripe is A)
| providing reliable connection to common banks Plaid misses
| and B) saving it's users from all the headaches of
| integrating with old school services like Finicity/Yodlee,
| then charging a premium sounds like fair game.
| phoenixy1 wrote:
| Plaid has direct integrations with many banks too --
| Silicon Valley Bank is actually a Plaid partner for ACH
| processing (see https://www.svb.com/news/company-
| news/silicon-valley-bank-an...). Not sure when your bad
| experience with 2fa was but Plaid's connection to SVB has
| improved over the past ~6 months as we've begun to work
| together more closely and should continue to do so. [I work
| at Plaid]
| tjm5081 wrote:
| Hate to argue, but I agree that Plaid's connection to SVB
| is indeed unusuable. I've been trying to use them for
| over a year and we ended up dropping SVB just this month.
| Chase is on OAuth and WAY better if you need TXN data.
|
| A partnership for ACH is more related to importing stable
| routing and account numbers, then enabling initiating ACH
| transfers. Scraping transaction data is a completely
| different integration that seems to have been forgotten.
|
| Sadly, I'd even wager SVB-Plaid data won't improve any
| time soon. Remember that SVB doesn't even yet allow
| external bank transfers on their own bank portal.
| [deleted]
| sicromoft wrote:
| Plaid doesn't have publicly listed pricing at all. Might as
| well be infinite.
|
| If a startup can use Stripe, who they're already integrating
| with, or integrate with a new provider with hidden pricing
| that requires them to contact a sales person, I wonder who
| they're going to choose. Good luck.
| ianstormtaylor wrote:
| Thanks for the reply! I came to that same conclusion about
| their use of "service providers" after reading through their
| support docs (and added an edit above), definitely a bummer.
| zachperret wrote:
| We all wish more banks had API's! Our team is actively
| working with many more banks to launch them soon, but alas
| -- legacy infrastructure is slow to move!
| FintechRisen wrote:
| I'm very familiar with both Finicity and MX. I know that MX
| isn't an aggregator of aggregators. Stop lying bro. Tell
| people about how you abuse credentials and take some
| responsibility rather than trying to constantly pass the buck
| and blame others.
| dang wrote:
| Hey - can you please make your substantive points without
| personal attacks or swipes? We ban accounts that do those
| things--especially new accounts showing up to fight shit
| out like this. Not cool, no matter how right you are or
| feel you are.
|
| Also, it's not in your interest to post like this to HN
| anyhow. The audience will only side against you if you
| fulminate and call names. If you want to win readers over,
| you should drop all that and instead provide specific,
| concrete information and say what's important about it.
|
| (Before anyone misinterprets the above: I have no idea
| which side you're on. I haven't looked at any of the
| comments you've replied to. All I know is that, whichever
| side you're arguing for, you're going about it in the wrong
| way for HN. If you'd please review
| https://news.ycombinator.com/newsguidelines.html and fix
| that, we'd appreciate it.)
| [deleted]
| edwinwee wrote:
| Edwin from Stripe here. Stripe does integrate directly with
| banks. In our beta period, most volume we've seen has been
| over bank APIs. Some banks do not have APIs--we use financial
| partners to connect with them, and we're talking with many
| banks in hopes that they will enable direct API access soon.
|
| Our pricing is upfront: https://stripe.com/en-us/financial-
| connections#pricing. We've worked with a large beta group of
| users to make sure the pricing is in line with what they see
| in the market.
| healthbjk wrote:
| Your documentation says you use service providers,
| specifically MX and Finicity. Is that correct or are you
| integrating directly (or some mixture)?
| bspear wrote:
| Gotta love this spicy thread
| iknowstuff wrote:
| Which banks have OAuth APIs? I would love to switch to one
| of those instead of exposing my password due to my bank's
| incompetence.
| thekyle wrote:
| I know that Charles Schwab has some sort of OAuth flow
| which I used when connecting my account to TurboTax this
| year.
| lbotos wrote:
| So, I got very excited about this, but it seems that
| banks are expecting "bank integrator" aka companies, and
| not giving access to end users :( If any knows of a bank
| that has API access in the US do share!
| vineyardmike wrote:
| You might find luck using companies targeting algo
| trading. A lot of companies allow use of the account more
| like a checking account (eg interactive brokers). They
| have an API and also allow different logins to have
| different authorizations.
| [deleted]
| withinboredom wrote:
| I use Bunq here in the NL. I wish all banks would steal
| their APIs. The abilities I have as a dev are simply
| amazing.
|
| https://doc.bunq.com/
| Tijdreiziger wrote:
| Bunq seems like a... suboptimal bank, though. They cost
| ~5x more than other NL banks, and by all accounts, their
| customer support is streets behind.
|
| Their API and app-centric approach seem to be the only
| upshots, and even then, other banks have relatively good
| apps these days.
| conroy wrote:
| WellsFargo has some form of OAuth
| (https://developer.wellsfargo.com/). I know that YNAB
| (https://www.youneedabudget.com/) uses it.
| CincinnatiMan wrote:
| Capital One
| fjni wrote:
| they deserve a lot of credit for how early they built
| this and made it relatively broadly available!
| FintechRisen wrote:
| MX and Finicity both have OAuths to like 80+% of the top
| 20 financial institutions. There's a reason Plaid doesn't
| want people switching to them and it's hella sus
| conradev wrote:
| I believe Plaid was the one who got JPMorgan to build an
| OAuth API in the first place: https://finovate.com/plaid-
| signs-open-banking-agreement-with...
|
| Why can't the reason be "losing their only source of
| revenue to a competitor"? That seems like a fine reason
| to not want people to switch
| amonroe369 wrote:
| Edit: cannot assure, but rumor on the street from peers,
| they were not the ones to get Chase to build OAuth.
|
| PR is a hell of a marketing tactic.
| [deleted]
| judge2020 wrote:
| Plaid used oauth for Bank of America circa 2019 when I
| tried, and currently uses Capital One's oauth when I try
| to log into it. I'm sure they use it when it's
| convenience (or maybe when the financial institution
| mandates it).
| jackson1442 wrote:
| chase has an OAuth flow but not every integration uses
| it.
| matdehaast wrote:
| @zach this is what I find very frustrating about the current
| players. We recently got pricing from you and obviously being
| under NDA won't share the figures but I'm not seeing the
| discount you quote above compared to stripe.
|
| Further there are significant platform minimums and platform
| fees that add large costs initially.
|
| How do you reconcile the above comments from our interaction?
| xtracto wrote:
| > That said, if anyone does have feedback on where Plaid
| pricing is prohibiting new use cases,
|
| I remember in a previous company we migrated out of Plaid
| into SynapseFI because Plaid started charging a high price on
| a _per connection request_ service (like, requesting a new
| bank connection for a new customer was quite expensive).
|
| It seemed Plaid was focusing on the Mint like use cases: low
| number of users, allowing them to setup a Plaid connection
| one time to be used extensively subsequently. While our use
| case was more akin to: lots of users/authentications doing
| one time connections that may not be reused. (kind of what
| might be used for credit risk analysis, although the company
| was not doing that).
| kareemsabri wrote:
| Pretty sure Plaid already has integrated directly with bank's
| APIs and has been moving away from screen scraping for years.
|
| Plaid's flakiness / reliance on screen scraping is probably
| that a lot of these banks don't expose APIs / OAuth etc.
| zachperret wrote:
| Indeed! Plaid is integrated with ~every bank that has an API,
| and in many cases we've actually helped the banks build API's
| themselves.
| fossuser wrote:
| Do you know why Fidelity Investments plaid connection
| doesn't work most of the time?
|
| It's something I hit often and have to do the old
| microdeposit thing (if I can even figure out how to trick
| the service into allowing me to do that at all).
|
| Does fidelity just have some sort of broken setup?
| aarohmankad wrote:
| Not sure when you were testing, but we do call out some
| instability on the Fidelity Institution Status page in
| the Developer Dashboard.
|
| > To maintain system stability, Fidelity currently limits
| access during high-volume windows. As a result, please
| expect unavailability between 9-10:30am and 3-4:30pm ET.
| We recommend end users link Fidelity accounts between 5pm
| - 9am ET.
| zachperret wrote:
| Great question. I do not know off the top of my head, but
| can look into it.
| ethbr0 wrote:
| This is a huge annoyance with integrations for me.
|
| The host knows when they break. Or if they don't, they
| should, via automated tests.
|
| Tell me "It's down." Not some bullshit about experiencing
| temporary difficulties.
| FintechRisen wrote:
| g-unit33 wrote:
| Do banks not sue these companies for scraping?
| wmf wrote:
| No, because banks don't care about security.
| g-unit33 wrote:
| oyashius wrote:
| Finicity has a subpar UX compared to Plaid, especially
| considering reliability of the connections. Unless Stripe builds
| its own screen scraping, this imo is a worse product.
| [deleted]
| transportgo wrote:
| The currency and account names used in the demo seems to be
| localized. I get kr and olanordman (johndoe in the US?) on my
| Norwegian IP device
|
| If it gets peoples attention like it did mine maybe it's worth
| the dev time to implement?
| dylan604 wrote:
| demo names as a service. you send your locale, we send you the
| localized john/jane doe names and other info like 123 Main St
| and 555-1212 type data.
| zerocrates wrote:
| Jane Diaz is the name in the US actually.
| mooreds wrote:
| Plaid gets its market validated!
| theyknowitsxmas wrote:
| Only available in the US.
| willswire wrote:
| Glad to see a Stripe alternative to Plaid.
| jiripospisil wrote:
| Let me just say Stripe's design team is doing an absolutely
| amazing job.
| rvz wrote:
| Someone has been studying a great business leader on a
| strategic level (as well as a design level).
| Stripe: 'We have always been shameless about stealing great
| ideas'
___________________________________________________________________
(page generated 2022-05-04 23:00 UTC)