Plaid Integration

This recipe will track the progress of the Plaid integration.

Status as of November 2022: Our development and QC work is on track to be completed by end of December 2022. We will then hand off to Plaid, although we are not privy to their plans for where/when to implement the changes on their end.

Background

In late 2022, CU*Answers concluded a very lengthy process to complete an agreement with Plaid. This agreement (CoreX Plaid Access Agreement) includes the rules for building an integration directly with the Plaid Instantly Authenticate Data system.

This engagement is the first time that CU*Answers has built a direct connection with a 3rd party aggregator that will create a secure and direct relationship to member data. Plaid, one of the industry leaders in this realm, will use this connection to allow access to financial account data so that it can be delivered to various applications used by members such as RobinHood, Gusto, TransferWise, American Express and QuickBooks.

Our thanks to Honor CU for championing this project via the DHD.

Authentication

More than just the value of connecting member data to a wide range of applications, the Plaid integration changes the way the authentication process happens. Currently aggregators must store a member’s user name, password, and answers to challenge questions. When a member requests access to their data through a supported application, the aggregators must provide those credentials.

This approach typically requires the aggregators to screen-scrape the data and then attempt to interpret it. If the online banking interface is changed at any point, that process might be interrupted until the aggregator updates their screen-scrape settings. Once this integration project is complete, future changes we might make to our online banking platform would not cause this interruption for aggregators that use Plaid, since we’re sending specific data to their API, independent of our user interface.

One additional challenge for aggregators is the introduction of multi-factor authentication (MFA) technology. The model of storing credentials and screen scraping won’t work then, because an aggregator has no way to respond to the MFA verification. An integration with Plaid uses a much more trusted per-membership token approach for sending financial data, and that means Plaid can support MFA when added to the login process (see the separate Kitchen page for more on MFA when logging in to online banking).

Network Traffic

Part of the configuration includes new mechanisms for handling network traffic bursts. Aggregators have previously flooded our network with traffic due to misconfigurations on their side, and that can affect everyone using the online banking system. We are developing an automated response to shunt overflow traffic and allow members to connect. We negotiated throttling language into the Plaid agreement and are building both monitoring and active throttling into our web networks that can detect, report and block traffic from specific IP addresses if maximum thresholds are hit. In other words, we’re doing our due diligence to ensure that our online banking system keeps running smoothly even after this new integration is implemented.

 

Your chef for this recipe:  Dawn Moore and Brian Mauer

Updated
December 1, 2022

Check Out the New Recipes We’re Cooking in the Kitchen!

Check Out the New Recipes We’re Cooking in the Kitchen!

Have you visited the Kitchen lately?  If not, take a look at our newest projects: Card Activity Optics Credit Card Statement Enhancements Introducing Biz Watch for ACH: ACH Controls for Business Memberships Max Earnings Sweeps for Business Members Positive Pay Cashier Services (for Inhouse Checks) RDC Enrollment via CU*BASE Summary Statements for Business Credit Cards… Read more »

Sep 29, 2020

Check Out the New Recipes We’re Cooking in the Kitchen!

Check Out the New Recipes We’re Cooking in the Kitchen!

Have you visited the Kitchen lately?  If not, take a look at our newest projects: Accounts Payable Enhancements Creating an Engine for Predictive Retailing (aka “Nostradamus”) Deposit Hold Enhancements Escrow Analysis Enhancements Expanding Screen Sizes for CU*BASE GOLD Mobile First Transaction Limits for Express Tellers Each of these recipes includes a place to provide comments,… Read more »

Jul 14, 2020