undefined | Better HN

0 pointskevincox1y ago0 comments

I ran into this. I'm trying to set up an account on wise.com. The way they want me to set up my bank for direct deposit is to type my banks password into their site! I asked support if there was any other way to do this (for example the regular institution, branch, account numbers) and they said no. But they reassured me that despite me typing the password into their site that they don't have access to it! (Ok, it was actually a Plaid iframe, but still not my bank. Clickjacking would also be very easy to implement and there is no way for the average user to understand this.)

Then banks wonder why their customers get phished.

0 comments

yencabulator1y ago

Plaid is a cancer of the payment system. It's amazing how they're trying to normalize entering your banking credentials into their third-party site.

kevincoxOP1y ago

It's not even their site as far as the user can tell. It is a full-screen iframe. At least if it was their site a bank could say "plaid.com is fine". Still bad to make acceptable domains more than one but at least it isn't infinite.

j / k navigate · click thread line to collapse

0 comments

yencabulator1y ago

Plaid is a cancer of the payment system. It's amazing how they're trying to normalize entering your banking credentials into their third-party site.

kevincoxOP1y ago

j / k navigate · click thread line to collapse