Lawsuit Settlement Shows Who Really Controls Your CU

August 11, 2021 at 9:08 am Leave a comment

Earlier this week Plaid reached a $58 million settlement in a class action lawsuit alleging that the company’s business practices violated several state and federal laws related to the privacy of member account information and proper disclosures. The settlement is little more than a speeding ticket for Plaid and similar companies which specialize in helping third parties access the account information of your members.

Understanding what this company does is key to understanding just how obsolete technology is making traditional financial institutions. Increasingly, your institution does nothing more than hold information for the benefit of other financial intermediaries.

You may not have heard of this company but you have probably used its technology, your members certainly have. Plaid specializes in transferring member account information to third party app providers such as Venmo and Paypal. In 2016 Plaid developed a new technique. Let’s say you signed up for Venmo, in the early days of the company you’d be asked to login to your bank account. Doing so would provide Plaid a token with which they could access your account information. Starting in 2016 Plaid centralized the process even further. An individual applying for a Venmo account would select their financial institution but instead of being directed to go to their credit union’s website, they would instead be directed to a website controlled by Plaid which looked just like the credit union’s website.

In other words, Plaid was able to further centralize the data collection process by using illegal phishing techniques, or so the plaintiffs in this case argued.

In settling the lawsuit Plaid agreed to make better disclosures and to do a better job of only keeping the information it needs to do its job. It also is going to more prominently provide consumers disclosures about what it does and how it does it.

But in one form or another, the system is here to stay. Tucked away in the Dood-Frank Act is 12 USCA § 5533. It gives consumers the right to mandate that banks and credit unions share their account information with third parties of their choosing. One of the primary purposes of the provision was to make it easier for consumers to switch financial institutions by allowing a new bank or credit union to gather their account information.

Unfortunately while federal law has encouraged innovation in this area it has done little to update the consumer protection framework. Just about every major consumer protection law centers on the checking account and the loan provider. In fact, there are scores of companies accessing and using account information every day without any traditional consumer protection constraints.

Entry filed under: Compliance, Legal Watch, Technology. Tags: , , , .

When It Comes To Capitalizing Interest, Don’t Forget The Big Picture Hochul Prepares To Make Her Mark

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed

Authored By:

Henry Meier, Esq., Senior Vice President, General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association. In addition, although Henry strives to give his readers useful and accurate information on a broad range of subjects, many of which involve legal disputes, his views are not a substitute for legal advise from retained counsel.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 757 other followers


%d bloggers like this: