UPDATE: Oct. 19, 2020: “We were surprised by TD Bank’s decision to file suit in the midst of our good-faith discussions, which are still ongoing,” Plaid told American Banker in a statement Friday. “Plaid is not using TD Bank’s trademarks in an unfair way.”
The data aggregator defended its user experience, saying its "flow helps consumers ensure they select the right account to link to their apps."
“We have been working with TD for quite some time, and are disappointed that they resorted to litigation and false allegations," the company told the publication. "Plaid is publicly known for never selling or renting consumers’ personal information."
- TD Bank accused Plaid of trademark infringement and false advertising Wednesday in a lawsuit filed in the U.S. District Court for the District of New Jersey.
- The bank said in a court filing the data aggregator knowingly created a user interface that features TD's trademark, logos and green color scheme and mimics the bank's login page in an effort to "dupe" TD customers who are linking their bank accounts to payment apps "into believing they are entering their sensitive personal and financial information in the bank's trusted and secure platform," American Banker and The Canadian Press reported. "In reality, however, consumers are unwittingly giving their login credentials to the defendant, who takes the information, stores it on its servers, and uses it to mine consumers' bank records for valuable data (e.g., transaction histories, loans, etc.), which the defendant monetizes by selling to third parties."
- TD seeks up to $2 million in statutory damages for "each type of service sold, offered for sale or distributed by [Plaid] under the TD marks"; no less than $75,000 in actual damages; and a yet-to-be-determined amount in punitive damages. A TD spokesman did not give American Banker an estimate of the total damages, or clarify how many types of services are involved.
Wednesday's suit follows an April letter TD sent Plaid, demanding the company stop using the bank's logo and branding, and accusing the aggregator of unfair competition. Plaid responded two weeks later, denying liability and refusing to change its practices, the bank said.
"After repeated attempts to work through these issues with Plaid, TD is taking legal action to protect our customers and our brand," Greg Braca, the bank's president and CEO, said in a release posted on its website Wednesday. "Plaid's intentional, unauthorized use of TD's name, trademarks and logos is deceptive. By mimicking TD's login screen, Plaid creates the false impression that consumers are engaging directly with TD Bank or entering their banking credentials into TD's secure digital and mobile app platforms or a platform authorized by TD, when that is not the case."
Plaid did not immediately respond to requests for comment.
TD's action Wednesday is hardly the first legal dust-up between Plaid and a bank — or its customers. Four plaintiffs filed a class-action lawsuit in July against the data aggregator, alleging it illegally collected information on more than 200 million separate financial accounts belonging to users of Venmo, Stripe, Coinbase and Square's Cash App, and sold or "otherwise highly misus[ed]" it without telling customers. The suit accuses Plaid of showing users login screens that look identical to those of their banks, under the guise of helping customers access easy online banking. Another suit, filed a month earlier, alleged Plaid was "data plumbing" Venmo, Robinhood, Stripe and Cash App accounts.
A number of big banks have derided Plaid's use of screen scraping — a practice that allows aggregators to take bank customers' user names and passwords, log in on their behalf, and copy and paste their account information into a third party's software — as insecure, and have taken measures to prevent it.
Wells Fargo, for example, largely avoids screen scraping by forcing aggregators such as Plaid and Yodlee to route the customer data they pull from the bank's server through an application programming interface, giving the customer greater control. Customers can allow or revoke third-party access to account information through the bank's Control Tower app.
PNC last December said it started blocking Plaid, Venmo and other companies from gaining access to customers' account numbers and routing numbers after it identified "multiple different aggregators" attempting to circumvent the bank's security protocol.
"When aggregators access account numbers, many store them indefinitely, often unbeknownst to customers," Karen Larrimer, head of retail banking and chief customer officer at PNC, told The Wall Street Journal in December. "This puts customers and their money at risk. We want to make sure we know who is setting up the account."
JPMorgan Chase gave fintechs until July to sign new data access agreements with the bank and agree to a plan to stop using customer passwords to gather data.
"Transparency is vital when consumers are using Plaid's product and third-party financial apps," Braca said in TD's statement Wednesday. "TD's customers have a right to know who they are sharing their account and financial information with, and how their personal information will be used."
Visa agreed in January to buy Plaid for $5.3 billion — a deal that has yet to receive regulator sign-off.