I finally got around to opening an account at BlockFi where I can buy cryptocurrencies directly. Later I will discuss why I chose BlockFi and what I plan to do there. For now I’d like to mention one roadblock I hit in starting it up.
Signing up for the BlockFi account itself was pretty straightforward. But when it came to actually funding it, I was required to use Plaid to handle transfers of funds to and from my bank accounts – – and Plaid wanted me to tell them my full username and password that I use to log into my bank account. “No,” I said to myself, “they can’t really mean that.” But yes, they do mean that.
Armed with these credentials Plaid is able to not only pull money out of my account (like, for instance, PayPal does), but they can also login as me and have access to every financial transaction I have ever done, every check I have ever written. It’s not that I have anything interesting to hide, but this level of privacy invasion creeps me out. Also, the sad truth is that any company, including Plaid and its partners, are vulnerable to hacking, so I am not thrilled at having my bank login information floating out there in cyberspace.
On their website, Plaid is nice enough to disclose the scope of its snooping:
We collect the following types of identifiers, commercial information, and other personal information from your financial product and service providers:
- Account information, including financial institution name, account name, account type, account ownership, branch number, IBAN, BIC, account number, routing number, and sort code;
- Information about an account balance, including current and available balance;
- Information about credit accounts, including due dates, balances owed, payment amounts and dates, transaction history, credit limit, repayment status, and interest rate;
- Information about loan accounts, including due dates, repayment status, balances, payment amounts and dates, interest rate, guarantor, loan type, payment plan, and terms;
- Information about investment accounts, including transaction information, type of asset, identifying details about the asset, quantity, price, fees, and cost basis;
- Identifiers and information about the account owner(s), including name, email address, phone number, date of birth, and address information;
- Information about account transactions, including amount, date, payee, type, quantity, price, location, involved securities, and a description of the transaction; and
- Professional information, including information about your employer, in limited cases where you’ve connected your payroll accounts or provided us with your pay stub information.
The data collected from your financial accounts includes information from all accounts (e.g., checking, savings, and credit card) accessible through a single set of account credentials.
Plaid promises not to sell or rent this personal data. Fine. But even if they don’t formally sell it, they may simply give it away widely. In their words:
We share your End User Information for a number of business purposes:
- With the developer of the application you are using and as directed by that developer (such as with another third party if directed by you);
- To enforce any contract with you;
- With our data processors and other service providers, partners, or contractors in connection with the services they perform for us or developers;
- With your connected financial institution(s) to help establish or maintain a connection you’ve chosen to make;
- If we believe in good faith that disclosure is appropriate to comply with applicable law, regulation, or legal process (such as a court order or subpoena);
- In connection with a change in ownership or control of all or a part of our business (such as a merger, acquisition, reorganization, or bankruptcy);
- Between and among Plaid and our current and future parents, affiliates, subsidiaries and other companies under common control or ownership;
- [etc., etc.]
I’m sure Plaid means well, but I just didn’t like the sound of all that. So, I came up with a plan: I would start up a second account at my bank, with a slightly different name and a different account number, and just give Plaid access to that one account. The only thing I would do with that account is to fund my BlockFi account, so it would not have years and years of my other financial transactions embedded in it.
In the end, that worked, but it took a more time and phone calls than I expected. Opening the new account was a surprising pain, for reasons I won’t go into here. Then, it turns out that the bank doesn’t have a category for one person having two accounts with two different logins. There was nothing I could do about it online, so I had to talk to someone at the bank who had the power to limit my login authority to my new account. This meant that I now have to use my wife’s login to access my/our old account, which is OK. But it probably would have been cleaner simply to start my new account at some different (online) bank.
Anyway, just in time for the current crypto meltdown (Bitcoin is down more than 20% from its high a month ago), my account is active and funded. More on that in future installments.