Oaken - is Flinks to be trusted?? | Page 2 | Oaken Financial | Discussion forum

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

No permission to create posts
sp_Feed Topic RSS sp_TopicIcon
Oaken - is Flinks to be trusted??
January 19, 2024
6:38 pm
Norman1
Member
Members
Forum Posts: 7191
Member Since:
April 6, 2013
sp_UserOfflineSmall Offline

Their Help Centre says you may link as many external accounts as you like:

Link to an external account

Can I link more than one external account to my Oaken Digital profile?

Yes, you can link as many external accounts as you like providing the external account is an eligible account.

  

January 20, 2024
3:49 am
cgouimet
Member
Members
Forum Posts: 1546
Member Since:
February 7, 2019
sp_UserOfflineSmall Offline

There have been a lot of concerns expressed in these forums about Flinks and Plaid and possible security issues that could arise from their use.

However, I do not recall anyone reporting any actual security breach. Am I wrong?

CGO
January 20, 2024
7:20 am
Wrayzor
GTA
Member
Members
Forum Posts: 91
Member Since:
March 14, 2023
sp_UserOfflineSmall Offline

I'm one who has expressed concern. To my knowledge (and aided by Mr. Google), no security breaches have been publicly reported.

Plaid did settle a class action lawsuit in the US for violating users' privacy by scraping and selling their data. Not exactly confidence building behaviour.

January 20, 2024
7:28 am
cgouimet
Member
Members
Forum Posts: 1546
Member Since:
February 7, 2019
sp_UserOfflineSmall Offline

Wrayzor said
I'm one who has expressed concern. To my knowledge (and aided by Mr. Google), no security breaches have been publicly reported.

Plaid did settle a class action lawsuit in the US for violating users' privacy by scraping and selling their data. Not exactly confidence building behaviour.  

I'm OK with Flinks because the use of your login credentials is simply for the the initial linkage setup so, one can change that password once the link is established.

Plaid with "permanent" login credentials retention is not something I would want to enable.

CGO
January 20, 2024
1:47 pm
iotama
Member
Members
Forum Posts: 65
Member Since:
March 3, 2022
sp_UserOfflineSmall Offline

Flinks/Plaid/Zum etc etc and such third party API solutions are all essentially hacks themselves.

And just because there haven't been any reports of breahes, does not mean breaches are the only concern. The very access they get are shadowy, and we do not know what are they able to scrape, to what extent, once they are granted an API handshake with our data.

I have not, and would not, use any of these. Until we have Open Banking working in Canada, these are all risk prone workarounds at best, in the hands of probably & largely unregulated fintechs. In my other posts, here I think, I've raised concerns too.

From FCAC

One of the most common methods fintech apps use to access financial data is called screen scraping.

Screen scraping is different from open banking because you have to share your online banking username and password. This is a problem because sharing your username and password could break your electronic access agreement with your bank and put you at risk.

Fintech apps that use screen scraping might allow you to access similar products and services as those available with open banking. However, they present security, liability, and privacy risks for you.

June 17, 2024
7:17 am
Lodown
Member
Members
Forum Posts: 250
Member Since:
January 10, 2017
sp_UserOfflineSmall Offline

Ok with using FLINKS? Here is what you need to know - taken from their "Privacy Statement".....talk about a misnomer!

Types of Personal Information We Process
Flinks processes three types of personal information when it provides its services to its clients:

Information you provide. When you connect your financial account(s), you will provide your login information required by your financial institution to access your account. Typically, this consists of a username and password, but it could also include answers to challenge questions (e.g., a family member's name or maiden name, street you grew up on), or a security token (e.g., multi-factor authentication code or one-time pad (OTP)). Information you provide may also consist of digital copies of bank statements, cheques, or other financial documents where you are sharing these types of documents through Flinks Connectivity with one of our clients.

Information obtained from your financial institution. When Flinks connects to your financial account for the purposes of our clients' services, we retrieve information from such financial institution that maintains the account(s). The information we retrieve may vary depending on:

The information required by our client in order to power their service; and
The information made available by your financial institution.
Information from your payroll or paystub provider. In addition to the ability to connect to your financial institution through our Connectivity Service, Flinks also has the ability to connect to your payroll or paystub provider. This allows Flinks to provide its clients with an up-to-date picture of your sources of income in addition to what is available from your financial institution.

Regardless of the types of information our clients require, the types of information we collect from your financial institutions will include, without limitation:

Account information (e.g., financial institution name, account name, account type, and account and routing number);
Information about an account balance (e.g., current and available balance);
Information about credit accounts, (e.g., statement due dates and balances owed, payment amounts and dates, transaction history, and interest);
Information about loan accounts (e.g., including due dates, balances, payment amounts and dates, interest, loan type, payment plan, and term);
Information about the account owner(s) (e.g., name, email address, phone number, and address information); and
Information about account transactions (e.g., amount, date, type, and a description of the transaction).

Information from your devices. Our technology is integrated into our clients' applications. Thus, when you use one of your devices to connect with a client service, we may receive information about this device, including without limitation the IP address, hardware model, operating system, and other technical information about the device. We may also use cookies or similar tracking technologies to collect usage statistics and to help us improve our services.

June 17, 2024
7:43 am
Lodown
Member
Members
Forum Posts: 250
Member Since:
January 10, 2017
sp_UserOfflineSmall Offline

And this is what the banks that use FLINKS have to say about their responsibilities. Note, they wrote 'form' instead of 'from' ...so maybe they can still be sued sf-wink

I/We understand that by linking my Account and Other Accounts through this portal, I had been directed to an external site operated by Flinks Technology Inc. I/We understand and agree that the Bank is not responsible for any information that is stored and/or processed by Flinks. I/We hold harmless the Bank from and against any and all claims, damages or liability arising form or related to the use of Flinks.

No permission to create posts

Please write your comments in the forum.