PayPal now requiring us to give our bank logins to a third party

[Mempho]

It sounds like somehow, for some obscure reason, you got caught up in some actuarial table criteria which caused them to do this. It's unfortunate that they are unlikely to ever share why that is.

Most likely the reason the CSR can't say why the account got triggered is because he doesn't have the faintest idea. The computer raised a flag on the account and they'd have to find the programmer who wrote the code to find out why. And he's been assigned to another project, if he hasn't already left for another company. Been there. Behind the smiling faces, it's all chaos.

 

[StillShaving]

There is undoubtedly something fishy with their algorithm. It feels like they've flagged me but offer no explanation as to why. Not even a way to fix it. Those work arounds are doable if they do in fact work.

That was my issue with the parent company some years ago. While it was a different situation than you are highlighting now. I was attempting a money transfer to help a family member with a medical expense. We had gone back and forth a few days as they asked for more details about the purpose of transfer, my bank statements and so forth. I had been a customer for years and had done similar transactions for lesser amounts. In the end they not only denied the transaction they canceled my account. They refused to tell me why they denied the transaction or why they closed my account. I would have more respect for the company if they said something like: Sorry but we think you are a criminal, terrorist, narco head, foreign agent, or something. I lost valuable time before completing the transfer in a different way.

 

[Mr. Scruffy]

A class action lawsuit has been filed against Yodlee in US District Court of Northern California alleging (emphasis mine):

7. Moreover, to the extent Yodlee is mentioned, individuals are not given accurate
information about what Yodlee does or how it collects their data. For example, PayPal discloses to
individuals that Yodlee is involved in connecting their bank account to PayPal’s service for the
limited purpose of confirming the individual’s bank details, checking their balance, and transactions,
as needed. While this might be true for that initial log in, Yodlee’s involvement with the individual’s
data goes well beyond the limited consent provided to facilitate a connection between their bank
account and PayPal.

8. Yodlee, in fact, stores a copy of each individual’s bank log in information (i.e., her
username and password) on its own system after the connection is made between that individual’s
bank account and any other third party service (e.g., PayPal).

9. Yodlee then exploits this information to routinely extract data from that user’s
accounts without their consent.

10. This process continues even if, for example, an individual severs the connection
between its bank account and the third party service (e.g., PayPal) that Yodlee facilitated. In that
instance, Yodlee relies on its own stored copy of the individual’s credentials to extract financial data
from her accounts long after the access is revoked.

64. Yodlee’s privacy policy is not “clear and conspicuous.” Indeed, Yodlee has designed
its privacy policy to be wholly inapplicable to consumers like Plaintiff and Class members, who
access Yodlee’s services through a third party.

65. Nor does Yodlee make these necessary disclosures at the “point of collection.” For
example, as discussed above, when consumers connect their bank account to PayPal through
Yodlee, nowhere is it disclosed that Yodlee collects and sells consumers’ sensitive personal data.
All that is disclosed is that “[PayPal] uses Yodlee to confirm your bank details and to check your
balance and transaction as needed, which can help your PayPal payments go through.” This is
materially false and misleading in that it does not disclose: (1) that Yodlee collects and sells users’
sensitive personal data; (2) the categories of data that Yodlee collects and sells; or (3) the true
purpose for Yodlee’s conduct, i.e., to earn monetary compensation by selling Plaintiff’s and Class
members’ data to other entities. (Other apps that incorporate the Yodlee API, such as Personal
Capital, do not disclose their use of Yodlee whatsoever.)

74. Major financial institutions and their trade associations have also voiced concerns.
In April 2016, JPMorgan CEO Jamie Dimon said the bank is “extremely concerned” about “outside
parties,” including “aggregators” (like Yodlee), for three reasons: first, “[f]ar more information is
taken than the third party needs in order to do its job”; second, “[m]any third parties sell or trade
information in a way [users] may not understand, and the third parties, quite often, are doing it for
their own economic benefit – not for the customer’s benefit”; and third, “[o]ften this is being done
on a daily basis for years after the customer signed up for the services, which they may no longer
be using.”12 Dimon recommended that users not share their login credentials with third parties like
Yodlee, in part to avoid loss of important indemnification rights: “When [users] give out their bank
passcode, they may not realize that if a rogue employee at an aggregator uses this passcode to steal
money from the customer’s account, the customer, not the bank, is responsible for any loss. . . . This
lack of clarity and transparency isn’t fair or right.” JPMorgan hit the nail on the head in identifying
the egregious invasions of privacy that are not simply incidental to Defendants’ business, but lie at
the heart of it.

Whether these allegations are true or not, think long and hard before giving your banking login and password to ANYONE.

Remember, not even your bank will call you to ask for your password.

Wesch v. Yodlee, Inc. et al, 3:20-cv-05991, No. 1 (N.D.Cal. Aug. 25, 2020) (docketalarm.com)

 

[Toothpick]

Now that is extremely helpful information! Well done!

 

[Mr. Scruffy]

Plaid Inc. has been sued as well in a class action alleging similar conduct. They perform "account verification" services for Venmo.

In a legal twist, TD Bank filed a lawsuit against Plaid in 2020 accusing the company of trying to "dupe" its users by creating fraudulent login screens and using the TD logo on those screens without permission.

A well informed customer is a shyster's worst nightmare.

 

[ackvil]

Thanks for the info, Harry.

 

[Fen]

Sucks that this is happening to people. Main reason I got paypal years ago was exactly because I wouldn't have to reveal my bank info to a third party. Since it adds another layer of safety for purchases online. Only demand paypal had was to charge my account 1 NOK to confirm the card. Then return the currency.

Is this something that only affects people from the U.S? Because I havent gotten any message like that during my last purchase with paypal. And havent heard anything about it happening in my country.

 

[RayClem]

Sucks that this is happening to people. Main reason I got paypal years ago was exactly because I wouldn't have to reveal my bank info to a third party. Since it adds another layer of safety for purchases online. Only demand paypal had was to charge my account 1 NOK to confirm the card. Then return the currency.

Is this something that only affects people from the U.S? Because I havent gotten any message like that during my last purchase with paypal. And havent heard anything about it happening in my country.

I live in the USA and still have not gotten any demand to add my bank account to my account. Early in my relationship with PayPal I got lots of reminders to do that; I just ignored them. If you are using your account to collect money from others, then you would have to connect your bank account.

 

[Dalejr]

If you are a buyer you shouldn't be forced to use or have a bank account link but for anyone who sells its needed to move sale funds from your PayPal account.

 

[The Pontificator]

CoC prevents me from saying what I think of PayPal.

 

[Hachet]

Also, if you've been paying attention:

Blackrock now owns a significant stake in Envestnet (Yodlee).

Seems about right. This whole thing wreaks.

 

[alex1921]

I live in the USA and still have not gotten any demand to add my bank account to my account. Early in my relationship with PayPal I got lots of reminders to do that; I just ignored them. If you are using your account to collect money from others, then you would have to connect your bank account.

Same here. My PP is only linked to 1 credit card, no bank account.