Plaid settles $58 million class action lawsuit

Gathering online banking creds via phishing backed by user consent is one thing but how the heck does Plaid do so without user consent?

On a side note, this is yet another gentle reminder that personal data is worth peanuts for the guy to whom it belongs and translates to big bucks only in the hands of the firm that uses it for targeted advertising and other pursuits.

This shows that Open Banking access methods are broken - especially if you still enable screen scraping. I know this open banking type implementation globally is very different per jurisdiction, but the consistent thing is users give up / provide a third party with access to bank account data. This is tragically and fundamentally wrong. Users should be sharing data from their own controlled repository which could be a copy of that banking data. This way the user is totally and always in control and banks / platforms like this cannot abuse access. 

Its basics. Time to force banks and all ecommerce to leverage Self-Sovereign Identity principles!

Well, 10 years ago, that's how some PFMs worked. But that posed too much friction and PFMs like KUBLAX et al who followed that approach died. And,  OTOH, PFMs like Mint and aggregators like Plaid that used phishing and screen scraping brazely flourished. 

More at my 2011 comment here.