If your bank doesn't use something like OAuth they do store your login credentials. If your bank does use OAuth or similar Plaid still has to store the access token, which hopefully your bank has given a read-only scope.
They can definitely encrypt the credentials, they just also have to make it simple for their backend to decrypt it when they need access to your bank, which defeats a lot of the security there. (It's still better than just storing it in plaintext).
> In other cases, when you link a financial institution to an app via Plaid, you provide your login credentials to us. We store those credentials and use them to collect the data to power the services you’ve chosen and, when requested, securely share it with the app you’re using and establish a secure connection that you control. We then help keep your data safe and private with best-in-class encryption protocols.
They can definitely encrypt the credentials, they just also have to make it simple for their backend to decrypt it when they need access to your bank, which defeats a lot of the security there. (It's still better than just storing it in plaintext).
https://support-my.plaid.com/hc/en-us/articles/4410324401047...
> In other cases, when you link a financial institution to an app via Plaid, you provide your login credentials to us. We store those credentials and use them to collect the data to power the services you’ve chosen and, when requested, securely share it with the app you’re using and establish a secure connection that you control. We then help keep your data safe and private with best-in-class encryption protocols.