alt Hacker NewsActually, it's deterministic -- our product doesn't move money, so when the user gives us access through Plaid, we're only getting read-level permissions. We actually don't even get full account numbers.
A company working with Plaid has to request separate product "scopes" through Plaid in order to be able to move money.
I'm not that familiar with Plaid, but if it works like Yodlee, users have to hand over their credentials so there's no real security, it's just that their scraper is designed to be look not touch.