[HN Gopher] Stripe Financial Connections ___________________________________________________________________ Stripe Financial Connections Author : ianhawes Score : 284 points Date : 2022-05-04 16:05 UTC (6 hours ago) (HTM) web link (stripe.com) (TXT) w3m dump (stripe.com) | [deleted] | nope1234 wrote: | I honestly can't believe that there's enough people dumb enough | to give their bank username/password combo to strangers to make | services like this work. | | Nope nope nope. | | As a user, I'd never use any service that is plaid based, I don't | even care that "they have proper api access now". Even though | I've been fan of other stripe offerings I'd never use this | either. It's beyond shady. | | Friends don't let friends give out their banking creds. | lambda_lord wrote: | That's not how the service works. You don't give Stripe your | banking credentials, you log into your bank directly: | https://stripe.com/docs/financial-connections/fundamentals#a... | wmf wrote: | No, it looks like you're logging in to your bank but you're | actually giving your credentials to Stripe. | lambda_lord wrote: | If your bank supports Oauth it won't share your | credentials: | | >Stripe generally defaults the authentication flow to OAuth | if available at the financial institution....OAuth is an | open standard authorization protocol that allows users to | let applications (for example, Stripe) access their | information within other applications (for example, bank | apps) without having to share their login credentials. | | But for banks without Oauth you DO give your credentials to | Stripe: | | > For these banks, end users provide credentials to Stripe | or one of our trusted partners. | jasonhoch wrote: | By clicking "Start Now", I try to visit | https://dashboard.stripe.com/financial-connections/applicati... | and it redirects me to | https://dashboard.stripe.com/test/dashboard. Would love to see | more! | | Although, from reading the docs, a lot of the products that I'm | interested are still "Coming Soon" (confusingly a different | verbiage but identical in meaning to "Private Beta"?): - | Transactions - Other data-powered products | edwinwee wrote: | Ah, is your Stripe account live (i.e. in livemode with payments | activated)? We'll look into make this smoother, but right now | you'll have to leave testmode to continue. | pbreit wrote: | I keep getting "An unexpected error occurred when trying to | use instant verification." | [deleted] | nitsky wrote: | Is this good news or bad news for Plaid? | kadomony wrote: | Competition is healthy. Whether it's good or bad, we'll see. No | one can divine that, but I get the sense that Plaid's product | team is a bit worried right now. | FintechRisen wrote: | I think this is the biggest thing here. User credentials need | to be protected and hopefully this type of open-market | approach brings about more democratization of data. | nitsky wrote: | I wonder why it took so many years for Stripe to start | competing in this area. | cj wrote: | One possible reason is that ACH payments are MUCH more user | friendly if they can be initiated by an end-user | authorizing their bank account (compared to digging up | their account #, routing #, etc and entering the info | manually). | | ACH payments are essentially free to process (or a very | small flat fee). This is very different from credit card | transactions that charge a % of the entire transaction. | | If ACH / direct payments from bank accounts became more | common through services like Plaid and Stripe's new | service, it could mean less fees (less revenue) for Stripe | to collect. Which could explain why it's not something | Stripe jumped into earlier. | | TLDR: if I had to guess, there's more money in processing | credit card payments, and much less money in facilitating | ACH transactions. | axg11 wrote: | This is bad. Stripe doesn't have to provide the best service | here. A lot of companies already use Stripe making the barrier | to trying this out very low. Likewise for startups, if you're | already trying out Stripe billing for your MVP you're more | likely to use another Stripe product than to try out Plaid. | kadomony wrote: | I'd agree. A startup looking to use Stripe Atlas now has | access to this for standing up their services? Plaid is | basically disqualified from the start, given how cohesive the | Stripe platform is. | astlouis44 wrote: | Yeah exactly this, Plaid is probably in for a rough ride long | term. Stripe will likely steamroll them. | zinekeller wrote: | Question: are US banking really this dysfunctional? Where I'm | from, a bank consortium already provided unified login services | (while banks still have their own websites, as a merchant you | only need to integrate the consortium-provided APIs rather than | using Plaid) simplifying things. | danielmarkbruce wrote: | Banking is less concentrated in the US than other countries. | There are thousands of banks here. So it's harder for industry | protocols to move forward. | pbreit wrote: | The US has 10,000 financial institutions. Wherever you are from | maybe has 20. | chrisseaton wrote: | In the US your public bank account number is effectively a | password to debit your account! There's literally no | authorisation at all! | lxgr wrote: | That is the case in most of Europe as well (under SEPA Direct | Debit), and has been for many years now. | | I've not had to dispute an ACH debit yet, but at least at | most German banks, it's literally a single click and the | money is back in your account - up to 8 weeks after the | payment (any reason, no questions asked), and up to 13 months | in case of fraud ("no mandate"). | IG_Semmelweiss wrote: | Can you elaborate? | | I believe you need a specific bank authorization to do ACH | withdrawal using only routing and Account#. Plus, your | beneficiary bank does screen for such services given out to | clients very closely. No random joe schmo can do auto ach | debit | | Unless you are referring to passing forged checks, I'm not | sure what you mean by this. | pbreit wrote: | "I believe you need a specific bank authorization to do ACH | withdrawal using only routing and Account#" | | No. All you need is an account number and routing number | (which are printed on paper checks). The ACH originator is | responsible for ensuring the numbers are owned by the | payer. | chrisseaton wrote: | My understanding is that in the US to pay your rent you | either send a literal paper check, which had no serious | authorisation at all, or your land lord reaches into your | account using your bank account number and debits it, | without you having to approve. | | If not - why do people protect their bank account numbers | in the US? In the UK mine is printed on my bank card - | anyone can read it off. | | It's like social security numbers in the US - they became | passwords when they weren't supposed to be. | lxgr wrote: | > your land lord reaches into your account using your | bank account number and debits it, without you having to | approve. | | This is how many people pay for rent in Germany (and I | strongly suspect elsewhere) as well. | | If they take too much, you can get it back with a single | click in your bank account. | isbvhodnvemrwvn wrote: | Quite interesting. In Poland a lot of places have their | bank number just on their website if you want to donate | something, I don't think you can place a debit like that. | lxgr wrote: | Bank accounts like that often have outgoing direct debits | blocked to prevent fraud, as far as I know. | | (I don't think there is a registry - this would simply be | a bank-side setting to auto-decline all requested direct | debits.) | vageli wrote: | > In the US your public bank account number is effectively a | password to debit your account! There's literally no | authorisation at all! | | Don't you also need the routing number? How does this differ | in other countries or anywhere that checks are used? | the_svd_doctor wrote: | The routing number of each bank is public :-) | vageli wrote: | Yes but banks can have several routing numbers. | pbreit wrote: | The routing and account numbers are printed on every paper | check in the US. Those are all that you need to process an | ACH. The onus is on the ACH originator to make sure the | numbers are not stolen. | bzxcvbn wrote: | A check needs a signature and has some security feature | built-in. You might argue that it's not sufficient, but | it's the same deal as paper money for example. The | cost/benefit ratio is too low for counterfeiting checks to | be useful, most of the time. | [deleted] | [deleted] | chrisseaton wrote: | Yes the public account number and routing number. Which are | printed on my card, statements, might be read out loud, | etc. | | My bank in the UK would not let you debit my account with | just the numbers. I'd need to authorise it. | | How do you stop people debiting your account with whatever | they want? | xur17 wrote: | > How do you stop people debiting your account with | whatever they want? | | Short answer: you don't. Long answer: robust "fraud" | controls. It's a shit-show. | rglover wrote: | Yes. Some banks still run COBOL behind the scenes here. | zinekeller wrote: | ... and I'm pretty sure a majority of banks here still runs | COBOL, but it didn't stop them creating a consortium and | simplifying things! | [deleted] | paxys wrote: | What they run on their backend doesn't really matter. If they | can provide a website with username/password login, they can | have an OAuth layer as well. It isn't a technical problem but | a business/priorities one. | yohannparis wrote: | running COBOL behind the scenes have nothing to do with an | easy API access and a consortium for interbanking. | rmbyrro wrote: | Maybe they pointed out as an indication that some financial | institutions in the US are not _modern_ technologically | speaking, and that may be a cause for lacking better APIs? | ericmay wrote: | That was probably the intention but I think that isn't a | core reason. It's more about business/tech incentives | around these APIs. The industry is more risk-averse, and | frankly there isn't necessarily a great business case for | doing integrations if you're a big bank because you don't | want to be commoditized into "pipes" and then have to | compete on low-margin products all the while the middle | companies have better margins and skim off the top of | you. At least on the consumer side. There's this meme | that banks are technologically backwards and all that, | and I don't think that is true or a good frame of | reference to have. The scale, complexity, regulatory | environment, and risk-aversion when something bad happens | are far and away more relevant factors than technology | is. | rmbyrro wrote: | I agree, but don't think the original comment deserves | down voting. It's an acceptable argument. Might not hold | water, though. | haswell wrote: | For some systems, this is arguably a feature. Banks are | rightly cautious about touching core transaction processing | systems, systems that cost millions per minute when down. | | But the use of COBOL generally doesn't extend to the consumer | facing product, or the APIs that support those consumer | facing experiences. | | Banks may be backwards, but the use of older languages is not | one of the primary reasons. | quadcore wrote: | It makes me trust them more when they use old software that | I never got to complain about. | animal_spirits wrote: | I remember about 4 years ago I read online that most bank | passwords did not even check for upper case or lowercase | characters. I didn't believe it, but to my surprise I entered | my password with RaNDoM cASe letters and it unbelievably logged | me in. This was Chase bank, and I believe it has been fixed | since then. But just goes to show how far behind banking | systems have been. | codegeek wrote: | "are US banking really this dysfunctional?" | | Yes very much. A lot of banks don't even have 2FA and most that | do only offer SMS based. APIs, forget about them. Walk before | we can run. | boringg wrote: | Is this logic right or wrong: All of these fintech companies | allow for more convenient movement of money and integration with | applications etc however they are adding additional costs to all | transactions. I.e. were trading convenience for cost? | mwt wrote: | Are they adding costs? The baseline of ~3% to wire money seems | already high. | pbreit wrote: | This potentially lowers payment processing costs by making ACH | a viable alternative to cards. | mrlase wrote: | The pricing here seems asinine. $0.10/successful API call? | wmf wrote: | This data is worth far more than 10 cents. | tomatowurst wrote: | guessing this doesn't work with Canada | cercatrova wrote: | I wonder how this compares to Column, since the founder of Column | also cofounded Plaid. I see both founders' comments in this | thread it looks like but the Column founder doesn't seem too | happy about it [0]. | | There also seems to be some vindication by the Bolt founder, | based on his Twitter thread about how Stripe handles corporate | development [1][2], it really reminds me of Paul Graham's essay | not to talk to them, lest the same thing happen to you [3]. | | [0] https://twitter.com/pitdesi/status/1521915016668090368 | | [1] https://twitter.com/theryanking/status/1485784823641755648 | | [2] https://twitter.com/pitdesi/status/1521906115914526721 | | [3] http://www.paulgraham.com/corpdev.html | healthbjk wrote: | Column is a bank. They've bought a bank charter and are aiming | to cut out Banking as a Service middlemen | philip1209 wrote: | Yeah - my impression is that Column is depth-first for the US | banking system, whereas Stripe is breadth-first for multiple | markets | whockey wrote: | [] | nightpool wrote: | It's interesting to compare this comment with one of the other | top comments on HN right now, an explanation of how Google's | culture of promoting users for solving "hard problems" is | ultimately a terrible, terrible strategy for their users and | their company. https://news.ycombinator.com/item?id=31262428 | | As engineers, we should to step away from our egos and our | desire to do something "interesting" and focus on where our | solutions actually solve real problems, like Stripe's products | (often, not always!) do. Whether something is "middleware" or | "not interesting" has nothing to do with how _useful_ or | _valuable_ it is. | | I'm sure there are plenty of people working at Plaid who are | really interested and dedicated in working on the kind of | middleware that their co-founder is denigrating here. It's a | shame they have to work for a company where that kind of polish | is pushed aside in favor of ambiguous "innovation". As an | engineer and a customer, I know which kinds of companies and | engineers I want on the other side of the table when | considering business partners, and--going solely from your | comment--it sounds like Plaid isn't one of those companies. | sicromoft wrote: | For those wondering, this was originally a salty comment by one | of Plaid's founders calling out Stripe for being "so damn | boring". | 88913527 wrote: | It's probably financially optimal to put a nice veneer on an | existing solution than to make something whole-cloth. They're | running a business, not a charity, and besides -- as the | consumer, why would you care? All you see is the facade | anyways; unless you're making a point that the API's are | actually leaky abstractions and the facade isn't that good (and | I would respect that argument, if it were the case). | whatshisface wrote: | If Stripe knows how to pay developers appropriate salaries | (this is the under-discussed reason for SV companies being the | only ones who can make good APIs - BoA is never going to pay | their web team more than they pay their web team's department | head, that is not possible for their culture) to develop | appropriate interfaces on things, then more power to them if | they can do very simple things to profit in the context of the | oversights of other companies. | PragmaticPulp wrote: | Screenshot of deleted comment: | https://twitter.com/pitdesi/status/1521915016668090368/photo... | reducesuffering wrote: | GP clearly retracted his statement. Regardless of whether | it's right or wrong, what I'm much more sure of is people | will be far too careful in expressing thoughts if the moment | it's out there it will be forever imprinted into the internet | and associated with themselves. I wonder if it's possible for | truly ephemeral messaging wiped-clean when you would like, | given the issues with someone just writing it down | physically. | lambda_lord wrote: | This kind of comment throwing shade on your competitors does | not reflect well on you or your companies. | | People want alternatives to Plaid. How do you know they are | simply wrapping 3rd parties instead of building these deep | integrations themselves? | stu2b50 wrote: | Yeah, have to say, the level of knee jerk defensiveness here | and on Twitter from cofounder level figures from Plaid does | not exactly evoke confidence in their ability to outcompete. | kbyatnal wrote: | lots of respect for what you and the team have built at Plaid, | but this is exactly the opportunity. As a developer who's | worked at multiple fintechs and integrated with Plaid more | times than I care to remember, it's an incredibly frustrating | experience. | | Ask any fintech and they'll tell you - Plaid is simultaneously | the best and worst vendor they use. Best because there's no | real alternative, but worst because it causes so, so, so many | headaches with how unreliable the product is. The time spent | building product workarounds at every company to account for | Plaid issues is tremendous. | | If Stripe thinks they can build something better, then I'd | really love them to try. | | Edit: William (co-founder of Plaid) seems to have deleted his | comment, but it was basically accusing Stripe of repeatedly | copying other companies. | metadat wrote: | See also: https://news.ycombinator.com/item?id=31263288 | | "Stripe releases Plaid-like project, Plaid CEO objects to | process" | | Different day, same old stripe. Beware. | Brystephor wrote: | not a different day. that post is from 3 hours ago. | metadat wrote: | I meant that _today_ is a different day from yesterday, and | the day before.. | | It's a common English idiom. | | I don't have the reference links handy but the TL;DR is that | Stripe has played dirty lots of times before. The formula is: | | 1. Pretend they want to acquire a company with a product they | like | | 2. Then, once they waste enough of the competitors time | (buying buffer enabling them to figure out the secret sauce) | | 3. Clone stamp the competitors product, fucking them over | royally. Also leverage the tremendous public reach, | visibility, and clout of Stripe itself to promote their | clone. | | It's a very ugly and distasteful way of doing business. It | aligns with the values of the Farenghi on Star Trek. | | It's naiive on the victims part, sure, but Stripe is | dishonest and shan't be trusted. | iamcreasy wrote: | I do not know about other instance. Could you please share? | metadat wrote: | "Stripe hiring issues make some lose job offers" | | https://news.ycombinator.com/item?id=29403976 | | I think I was confused, and I apologize. There was some | prior drama with the Bolt founder claiming Stripe was | colluding against them. | | It seems an error on my part, an honest one but still | incorrect. Sorry, again. | yohannparis wrote: | My question is does this use banks own API, or works like Plaid | by doing web-scrapping? I'll prefer the former. | illnewsthat wrote: | From https://stripe.com/docs/financial- | connections/fundamentals#h... | | > With the authentication flow, your user logs into their bank | either through an OAuth (bank-hosted) or non-OAuth flow to | authenticate access to their accounts. | | > Stripe generally defaults the authentication flow to OAuth if | available at the financial institution. Your integration | doesn't need to treat OAuth accounts differently than non-OAuth | accounts. | naiwenwt wrote: | Plaid moved away from scraping years ago, most integrations | these days are through APIs. | amonroe369 wrote: | No they didn't. November 2021 was not that long ago. | | "You may be a Class Member if you are a United States | resident and you connected a financial account to an app | between January 1, 2013 and November 19, 2021.... | | "This class action alleges Plaid took certain improper | actions in connection with this process. The allegations | include that Plaid: (1) obtained more financial data than was | needed by a user's app" | naiwenwt wrote: | Hence "most integrations", not all. | | Citing a settlement date range with language like "may be a | class member if you connected a financial account to an | app" doesn't really refute my point. | aristidb wrote: | Curious that they translated it to German based on my phone | settings for a product that only supports US banks? (I don't mind | that it is US banks, just... why did they pay a human to | translate it?) | slugiscool99 wrote: | How much longer are we just going to keep eating up whatever the | Stripe PR machine churns out? They did a great job with payments | but a lot of their auxiliary products are just worse versions of | other businesses. | kaiuhl wrote: | I work at one of the companies that integrated Financial | Connections during its beta, moving from Plaid Auth. We use the | link to bank accounts for instant account verification and as a | fraud signal for ACH payments. However, we definitely can't do a | better job than Stripe could at risk analysis, provided they had | access to metadata on the bank account when processing the | payment and could provide insights from their entire platform. | Now they do. | | I'd guess the big benefit here, besides taking some of Plaid's | existing customers, is what's possible now that Connections lives | alongside the other things Stripe offers like ACH, loans, and | identity verification. | propogandist wrote: | if you've ever used Yodlee or a similar "verify your bank" | service, change your bank account password and you'll start | seeing a surge in "suspicious login attempts" alerts (if your | bank notifies you of such things) as these data scraping services | are constantly trying to check-in on your personal financial | activity | a13n wrote: | Does it collect your bank username and password, or work directly | with banking APIs? Every time I see some service trying to do | this via Plaid I cringe. | bm5k wrote: | Yeah, giving out my banking authentication info is a hard nope | for me & I discourage everyone I know from using or | implementing anything using plaid. | lambda_lord wrote: | https://stripe.com/docs/financial-connections/fundamentals#a... | | You log into your bank directly and then grant access to | Stripe. | | I presume, behind the scenes, your bank gives Stripe a single | application token (not your credentials) to pull read-only | data. | | (edit) But this is only for banks supporting Oauth, it seems | for others it DOES give Stripe your credentials. | jollyjellie wrote: | I have been an advocate of Stripe but today I am quite | disappointed with Stripe. Is this what happens when a company | becomes big with thousands of employees? Copying smaller | companies' product(s) while having a "partnership" with them? I | wish they released an actual competing product, not a copy. | | This discourages SO MANY startups. | wmf wrote: | _an actual competing product, not a copy_ | | How many ways are there to do this? | kintalo wrote: | The limit to only daily pulls and up to 180 days of historical | data is pretty disappointing. Would expect Stripe to push the | envelope here and move down to near-instant updates and full | historical data. This is basically a knockoff of existing | solutions done at par or worse which is surprising to see from a | company like Stripe. Maybe they've lost a bit of their magic or | focus. Will be interesting to see how everyone adapts and | improves to this announcement. | kadomony wrote: | Plaid has left the chat. | dylan604 wrote: | What was the phrasing for the server kicking someone out? | | Plaid was booted from the chat? | minimaxir wrote: | Plaid slaps Stripe around a bit with a large trout | peter_l_downs wrote: | Very excited for this. One of the major issues with Plaid is | their poor support for commercial banks -- for instance, SVB. If | Stripe can provide more reliable connections to commercial banks, | this will be an extremely valuable alternative. | sergiotapia wrote: | https://twitter.com/pitdesi/status/1521906115914526721 | cagr wrote: | Not a good look, the lawsuit is going to be interesting for | sure. | vincentmarle wrote: | Plaid CEO has some words for Stripe: | https://twitter.com/zachperret/status/1521898404061716480 | cagr wrote: | Ryan Breslow vindicated again... | tomatowurst wrote: | I'm genuinely worried for that guy. He's exposing powerful | connected people and I can't really see that end well. It's | not like people retweeting and liking his tweets have any | sort of power like what is alleged. | PragmaticPulp wrote: | EDIT: The accused person has denied these allegations, claiming | that Plaid reached out to Stripe (not the other way around) and | that the RFPs were because Stripe invited Plaid to be part of | the product: | https://pbs.twimg.com/media/FR8FjJ9VsAAMY_k?format=jpg&name=... | | > Wow! Jay, you took interviews with Plaid & asked probing | questions multiple times over the past few years, and your team | sent repeated RFP's (under NDA!) to us asking for tons of | detailed data. I wish y'all the best with these products, but | surprising to see the methods. | | I don't know. Talking with a company shouldn't disqualify you | from ever working on a competing product. Sending an RFP | doesn't mean you can never build your own product. | | The Plaid CEO is trying to anchor the conversation around | malicious intent, but it's not hard to imagine a scenario where | this product-minded person legitimately explored working with | Plaid, legitimately explored partnership opportunities at | Stripe, and walked away believing it would be better for Strip | and for himself to build a competing solution at Stripe. | | Plaid's product isn't entirely novel. In my experience _as a | consumer_ it has failed at least 3 /4 times I've tried to use | it with my financial institutions. I'm frankly more surprised | that it took this long for anyone to enter their space to | compete against Plaid. | lambda_lord wrote: | They are not describing a job interview. They are describing | a product interview between businesses for some sort of | partnership. | PragmaticPulp wrote: | Right, but that doesn't imply malicious intent and it | doesn't disqualify them from building their own. | | Talking to companies about their product and then later | deciding you'd rather build your own isn't really | surprising. Plaid was definitely aware that Stripe was a | potential competitor going into those meetings. | mritchie712 wrote: | yeah, Stripe has a totally reasonable defense for this: | | 1. Obviously this is a product we'd want to build because our | customers want it | | 2. We contacted Plaid to see if they wanted to be part of it | | 3. Plaids pricing didn't work for us so we built it ourselves | / went with other providers | | Not sure what you'd even get from talking to the team at | Plaid that couldn't be learned in an afternoon or two using | product that use Plaid and hacking on banking API's. | msoad wrote: | In case tweet disappears: | | > Wow! Jay, you took interviews with Plaid & asked probing | questions multiple times over the past few years, and your team | sent repeated RFP's (under NDA!) to us asking for tons of | detailed data. I wish y'all the best with these products, but | surprising to see the methods. | xtracto wrote: | Darn, if this is true. | | I'm going to do the low-effort comment and link to a Silicon | Valley series video someone posted here not long ago (Brain | Rape): https://www.youtube.com/watch?v=JlwwVuSUUfc | PragmaticPulp wrote: | And a rebuttal from Jay Shah (the accused) claiming that this | isn't true: https://pbs.twimg.com/media/FR8FjJ9VsAAMY_k?forma | t=jpg&name=... | | > Zach, sorry you feel this way, but this isn't true and I | think you know that. You reached out to me repeatedly--I | never reached out to you for information. Stripe did an RFP | because we work with partners for this product, and we had | hoped to include Plaid. | stu2b50 wrote: | I'm surprised they had this information so easily at hand. | How did they even know that? They saw the tweet and the first | thing that comes to mind is to query all the people they've | interviewed? | lambda_lord wrote: | It wasn't some IC interviewing for a job, it was a | representative of Stripe and Plaid doing a product | interview for a possible partnership. | stu2b50 wrote: | Interesting. I'm much less sympathetic, then. I would | imagine that kind of situation would be far more formal, | with lawyers from both sides present, and, to be frank, | this kind of information gathering an expectation. It | would be pure naivety for it not to be - these are | multibillion dollar companies talking to each other! | | On the other hand, if I, a random hypothetical engineer, | were interviewing someone for a team, in a 1-1 situation, | and they asked about what I worked I'm, I'm naturally | going to be less guarded nor really prepared to | sufficiently redact my answers. | sergiomattei wrote: | Reminds me of the HN thread full of anon $XB Fintech CEOs | bashing Stripe. | barleyworth wrote: | https://news.ycombinator.com/item?id=29388310 | psanford wrote: | So could I use this to build a personal tool to track account | balances over time? | ianstormtaylor wrote: | If Stripe can leverage their banking relationships to leapfrog | Plaid by integrating directly with bank's APIs instead of doing | screen scraping... that would be massive! It seems like Plaid's | biggest weakness is the flakiness of their connections, which | creates so much frustration/churn downstream. | | Plaid's other weakness is their opaque, enterprise-style pricing, | which is seems like Stripe is doing away with. Hopefully they can | bring the price down, because lots of consumer-facing use cases | aren't viable due to the high monthly price per connection. | | I hope they add support for investment account holdings--it seems | like Plaid is the only one that does this well. | | -- | | Edit: digging deeper, it looks like Stripe proxies to Plaid-like | "service providers" under the covers--at least for institutions | without OAuth flows. [1][2][3] Presumably they'll build in-house | connections over time, but it dents my hope that their | connectivity will be better than Plaid's. Either way, transparent | pricing and more competition in the space is still welcome! | | [1]: https://support.stripe.com/questions/what-is-the- | relationshi... | | [2]: https://support.stripe.com/questions/how-does-stripe- | limit-d... | | [3]: https://support.stripe.com/questions/who-will-obtain-my- | fina... | tootie wrote: | Hasn't Yodlee been doing this way longer than Plaid? They are | (or at least were) the backbone for mint.com | zht wrote: | It's unlikely Stripe has access to any APIs that Plaid doesn't | also have access to. | sz429961 wrote: | it's also unlikely Stripe doesn't have access to any APIs | that Plaid has access to | zht wrote: | sorry what? no one was saying Plaid had access to more APIs | than Stripe | sz429961 wrote: | right, which makes it easy to clone the whole set of APIs | FintechRisen wrote: | We've found that Plaid only leverages around 3-4 Direct API | connections for some reason, why other aggregators like MX, | Finicity, Yodlee all have 10+. It seems suspect to me because | Plaid doesn't seem to be prioritizing the protection of user | credentials the same way others are. | lucasmullens wrote: | In this thread you've accused the founder of Plaid multiple | times of lying, without evidence, and most importantly, | your account was made only 1 hour ago. | | You've said "Stop lying bro.", "hella sus", "This is 100% a | lie", "seems suspect", all without evidence. | | You seem to have some ulterior motive here that you haven't | disclosed. Maybe you're right about everything, but it | comes across poorly. | fintechguy1234 wrote: | This is false. Hundreds of banks have built out api's on | plaid exchange: https://plaid.com/plaid-exchange/ | phoenixy1 wrote: | Yeah, at this point the majority of API requests that | Plaid fulfills are filled with data provisioned from | institutions via an API. I assume that OP was only | looking at named banks who we did press releases with | (e.g. Chase, Wells Fargo, Capital One) but there are many | more financial institutions we have API integrations with | beyond that, either via Plaid Exchange or via their own | APIs. [I work at Plaid] | gigatexal wrote: | If they do this it would indeed be huge. Screen scraping and | the like to get around a proper API sucks. In the EU we have | PSD2 but the APIs aren't all amazing. | andy_ppp wrote: | Also every 90 days you have to do some weird dance to keep | the apps receiving your data, it never seems to work right | and you forget. I would think building a business on such | flakey APIs is dubious at best! | dylan604 wrote: | To fight that flakey situation of bad APIs, one decides to | build a business based on flakey screen scraping instead? | With financial information? What could possibly go wrong? | gigatexal wrote: | This is still a ton better than asking the client for | credentials and then scraping their logged in bank accounts | which is hella creepy. | jbverschoor wrote: | The APIs aren't amazing, and you need to be a financial | service provider to access production environment. Aka | useless for any startup or person | gigatexal wrote: | Yeah getting a license with bafin is tough but a VC backed | fintech can do it or partner or use the api of a fintech | that already has a license and build off of that. | zachperret wrote: | Plaid founder here. Stripe does not integrate with any bank | API's directly (AFAICT). They wrap two aggregators, MX and | Finicity to build this product. (Also, not sure what MX | products they are using, but MX itself is an aggregator of | aggregators, including others such as Yodlee.) | | On pricing, Stripe's listed rates are 30-200% higher than Plaid | rates (perhaps due to high vendor costs). That said, if anyone | does have feedback on where Plaid pricing is prohibiting new | use cases, we'd love to hear! I'm zach at plaid if folks would | like to discuss. | amonroe369 wrote: | You seem pretty clueless about your competitors and you are | talking poorly, very openly about them here Zach. That is not | a good look in any way and reflective of a poor corporate | culture. | | If MX and Finicity are aggregators of aggregators, that would | still mean Plaid would benefit, right? Maybe you (and your | sales team) do not know your competition. | | Publicly airing grievances as well against Stripe, who you | could potentially partner with in the future, reflects an | underlying toxic corporate culture at Plaid. I do not think | Stripe will likely ever want to do business with you after | this and prevent others from doing the same. I have never | worked at Plaid, but I am not inclined to want to work with | you based on what we are seeing here. Plaidsettlment.com | pc86 wrote: | Creating a throwaway for this (potentially valid) criticism | destroys any credibility you may have. | amonroe369 wrote: | fair criticism. My points remain. Having talked to | Plaid's sales team, not bad people. I just don't trust | providers that openly talk poorly of competitors and | plaids sales team did that and the CEO of the company is | doing it in public. | [deleted] | theyknowitsxmas wrote: | Zach has responded to a Stripe product manager on Twitter. | | https://twitter.com/zachperret/status/1521898404061716480 | | I think Zach knows his product very well & this could be | espionage on Stripe's part, but I'm not dissatisfied with | Stripe's product nonetheless. | | Disclaimer: I've never used Plaid. | amonroe369 wrote: | Plaid and their lawyers should have hashed it out with | Stripe then in RFP. I work for a big bank. If we send out | RFP's for a project there's language in there that most | providers never look at. It basically says "I can do | whatever I want with information in the RFP except give | it to your company's competitors." | | So if I am working for a top 10 bank, and I see value in | a solution, if I cannot get it cheaper than it would cost | me to develop it and time is not that big of a factor, I | build it myself. If there are no time constraints and | vendor can deliver solution at roughly the same cost I | can build it for, I built it myself. | | My guess as not being part of the stripe/plaid | conversations or RFP. Zach's lawyers did not redline or | challenge language around processes or IP with Stripe in | RFP Agreements and that was likely the biggest downfall. | | Plaid does have great litigation attorney's, I mean their | class action settlement was only $58 million. So likely, | Plaid might get something if there is IP that was | protected. It will come out in discovery if a lawsuit | gets legs. | lukeramsden wrote: | > MX itself is an aggregator of aggregators | | Aggregators all the way down... | | The US really needs its own PSD2. | thomaslord wrote: | It sounds like the issue noted above is less the actual | pricing, and more that it's difficult to find out what the | pricing is. | | This matches up with my personal experience - I had to get in | touch with an actual human and ask them for the pricing just | to see if a project would be viable. I did get a relatively | fast response that made the pricing very clear, but because | it didn't come with any caveats (e.g. volume-based pricing or | "we need to negotiate pricing on a per-client basis") it | almost made the experience more frustrating. | | Basically if your pricing is simple and universal enough that | you _could_ post it directly to the pricing page, you | _should_ post it to the pricing page. Especially for | developer-focused products, hiding the pricing can lead to a | serious reduction in conversion. | | My use case is transaction data so the pricing for Stripe's | competing product isn't posted yet, but if I was choosing | between the two products and only one had pricing clearly | posted on the website I'd immediately go with that one unless | the pricing was so ridiculous that it wasn't affordable. And | if the pricing was ridiculous, I'd probably assume that | Plaid's pricing was just as bad. | | Basically, I should be able to evaluate your product and its | pricing without engaging with any of your employees wherever | possible. I routinely remove companies from consideration | because I can't plug them into a spreadsheet of prices | without going back and forth with a sales team whose time | I'll just be wasting anyway. | emrekzd wrote: | Unlike Plaid, Finicity and Yodlee have direct integrations | with some banks. Example: Silicon Valley Bank has direct | integration with Finicity. SVB through Plaid breaks quickly | (because they require some weird 2fa policy). | | Let me know if I'm missing something but if Stripe is A) | providing reliable connection to common banks Plaid misses | and B) saving it's users from all the headaches of | integrating with old school services like Finicity/Yodlee, | then charging a premium sounds like fair game. | phoenixy1 wrote: | Plaid has direct integrations with many banks too -- | Silicon Valley Bank is actually a Plaid partner for ACH | processing (see https://www.svb.com/news/company- | news/silicon-valley-bank-an...). Not sure when your bad | experience with 2fa was but Plaid's connection to SVB has | improved over the past ~6 months as we've begun to work | together more closely and should continue to do so. [I work | at Plaid] | tjm5081 wrote: | Hate to argue, but I agree that Plaid's connection to SVB | is indeed unusuable. I've been trying to use them for | over a year and we ended up dropping SVB just this month. | Chase is on OAuth and WAY better if you need TXN data. | | A partnership for ACH is more related to importing stable | routing and account numbers, then enabling initiating ACH | transfers. Scraping transaction data is a completely | different integration that seems to have been forgotten. | | Sadly, I'd even wager SVB-Plaid data won't improve any | time soon. Remember that SVB doesn't even yet allow | external bank transfers on their own bank portal. | [deleted] | sicromoft wrote: | Plaid doesn't have publicly listed pricing at all. Might as | well be infinite. | | If a startup can use Stripe, who they're already integrating | with, or integrate with a new provider with hidden pricing | that requires them to contact a sales person, I wonder who | they're going to choose. Good luck. | ianstormtaylor wrote: | Thanks for the reply! I came to that same conclusion about | their use of "service providers" after reading through their | support docs (and added an edit above), definitely a bummer. | zachperret wrote: | We all wish more banks had API's! Our team is actively | working with many more banks to launch them soon, but alas | -- legacy infrastructure is slow to move! | FintechRisen wrote: | I'm very familiar with both Finicity and MX. I know that MX | isn't an aggregator of aggregators. Stop lying bro. Tell | people about how you abuse credentials and take some | responsibility rather than trying to constantly pass the buck | and blame others. | dang wrote: | Hey - can you please make your substantive points without | personal attacks or swipes? We ban accounts that do those | things--especially new accounts showing up to fight shit | out like this. Not cool, no matter how right you are or | feel you are. | | Also, it's not in your interest to post like this to HN | anyhow. The audience will only side against you if you | fulminate and call names. If you want to win readers over, | you should drop all that and instead provide specific, | concrete information and say what's important about it. | | (Before anyone misinterprets the above: I have no idea | which side you're on. I haven't looked at any of the | comments you've replied to. All I know is that, whichever | side you're arguing for, you're going about it in the wrong | way for HN. If you'd please review | https://news.ycombinator.com/newsguidelines.html and fix | that, we'd appreciate it.) | [deleted] | edwinwee wrote: | Edwin from Stripe here. Stripe does integrate directly with | banks. In our beta period, most volume we've seen has been | over bank APIs. Some banks do not have APIs--we use financial | partners to connect with them, and we're talking with many | banks in hopes that they will enable direct API access soon. | | Our pricing is upfront: https://stripe.com/en-us/financial- | connections#pricing. We've worked with a large beta group of | users to make sure the pricing is in line with what they see | in the market. | healthbjk wrote: | Your documentation says you use service providers, | specifically MX and Finicity. Is that correct or are you | integrating directly (or some mixture)? | bspear wrote: | Gotta love this spicy thread | iknowstuff wrote: | Which banks have OAuth APIs? I would love to switch to one | of those instead of exposing my password due to my bank's | incompetence. | thekyle wrote: | I know that Charles Schwab has some sort of OAuth flow | which I used when connecting my account to TurboTax this | year. | lbotos wrote: | So, I got very excited about this, but it seems that | banks are expecting "bank integrator" aka companies, and | not giving access to end users :( If any knows of a bank | that has API access in the US do share! | vineyardmike wrote: | You might find luck using companies targeting algo | trading. A lot of companies allow use of the account more | like a checking account (eg interactive brokers). They | have an API and also allow different logins to have | different authorizations. | [deleted] | withinboredom wrote: | I use Bunq here in the NL. I wish all banks would steal | their APIs. The abilities I have as a dev are simply | amazing. | | https://doc.bunq.com/ | Tijdreiziger wrote: | Bunq seems like a... suboptimal bank, though. They cost | ~5x more than other NL banks, and by all accounts, their | customer support is streets behind. | | Their API and app-centric approach seem to be the only | upshots, and even then, other banks have relatively good | apps these days. | conroy wrote: | WellsFargo has some form of OAuth | (https://developer.wellsfargo.com/). I know that YNAB | (https://www.youneedabudget.com/) uses it. | CincinnatiMan wrote: | Capital One | fjni wrote: | they deserve a lot of credit for how early they built | this and made it relatively broadly available! | FintechRisen wrote: | MX and Finicity both have OAuths to like 80+% of the top | 20 financial institutions. There's a reason Plaid doesn't | want people switching to them and it's hella sus | conradev wrote: | I believe Plaid was the one who got JPMorgan to build an | OAuth API in the first place: https://finovate.com/plaid- | signs-open-banking-agreement-with... | | Why can't the reason be "losing their only source of | revenue to a competitor"? That seems like a fine reason | to not want people to switch | amonroe369 wrote: | Edit: cannot assure, but rumor on the street from peers, | they were not the ones to get Chase to build OAuth. | | PR is a hell of a marketing tactic. | [deleted] | judge2020 wrote: | Plaid used oauth for Bank of America circa 2019 when I | tried, and currently uses Capital One's oauth when I try | to log into it. I'm sure they use it when it's | convenience (or maybe when the financial institution | mandates it). | jackson1442 wrote: | chase has an OAuth flow but not every integration uses | it. | matdehaast wrote: | @zach this is what I find very frustrating about the current | players. We recently got pricing from you and obviously being | under NDA won't share the figures but I'm not seeing the | discount you quote above compared to stripe. | | Further there are significant platform minimums and platform | fees that add large costs initially. | | How do you reconcile the above comments from our interaction? | xtracto wrote: | > That said, if anyone does have feedback on where Plaid | pricing is prohibiting new use cases, | | I remember in a previous company we migrated out of Plaid | into SynapseFI because Plaid started charging a high price on | a _per connection request_ service (like, requesting a new | bank connection for a new customer was quite expensive). | | It seemed Plaid was focusing on the Mint like use cases: low | number of users, allowing them to setup a Plaid connection | one time to be used extensively subsequently. While our use | case was more akin to: lots of users/authentications doing | one time connections that may not be reused. (kind of what | might be used for credit risk analysis, although the company | was not doing that). | kareemsabri wrote: | Pretty sure Plaid already has integrated directly with bank's | APIs and has been moving away from screen scraping for years. | | Plaid's flakiness / reliance on screen scraping is probably | that a lot of these banks don't expose APIs / OAuth etc. | zachperret wrote: | Indeed! Plaid is integrated with ~every bank that has an API, | and in many cases we've actually helped the banks build API's | themselves. | fossuser wrote: | Do you know why Fidelity Investments plaid connection | doesn't work most of the time? | | It's something I hit often and have to do the old | microdeposit thing (if I can even figure out how to trick | the service into allowing me to do that at all). | | Does fidelity just have some sort of broken setup? | aarohmankad wrote: | Not sure when you were testing, but we do call out some | instability on the Fidelity Institution Status page in | the Developer Dashboard. | | > To maintain system stability, Fidelity currently limits | access during high-volume windows. As a result, please | expect unavailability between 9-10:30am and 3-4:30pm ET. | We recommend end users link Fidelity accounts between 5pm | - 9am ET. | zachperret wrote: | Great question. I do not know off the top of my head, but | can look into it. | ethbr0 wrote: | This is a huge annoyance with integrations for me. | | The host knows when they break. Or if they don't, they | should, via automated tests. | | Tell me "It's down." Not some bullshit about experiencing | temporary difficulties. | FintechRisen wrote: | g-unit33 wrote: | Do banks not sue these companies for scraping? | wmf wrote: | No, because banks don't care about security. | g-unit33 wrote: | oyashius wrote: | Finicity has a subpar UX compared to Plaid, especially | considering reliability of the connections. Unless Stripe builds | its own screen scraping, this imo is a worse product. | [deleted] | transportgo wrote: | The currency and account names used in the demo seems to be | localized. I get kr and olanordman (johndoe in the US?) on my | Norwegian IP device | | If it gets peoples attention like it did mine maybe it's worth | the dev time to implement? | dylan604 wrote: | demo names as a service. you send your locale, we send you the | localized john/jane doe names and other info like 123 Main St | and 555-1212 type data. | zerocrates wrote: | Jane Diaz is the name in the US actually. | mooreds wrote: | Plaid gets its market validated! | theyknowitsxmas wrote: | Only available in the US. | willswire wrote: | Glad to see a Stripe alternative to Plaid. | jiripospisil wrote: | Let me just say Stripe's design team is doing an absolutely | amazing job. | rvz wrote: | Someone has been studying a great business leader on a | strategic level (as well as a design level). | Stripe: 'We have always been shameless about stealing great | ideas' ___________________________________________________________________ (page generated 2022-05-04 23:00 UTC)