Reverb site rant

[GlennO]

Regarding Plaid, I sent a request to Reverb asking if using Plaid, and therefore giving out personal information, is necessary to get payouts from Reverb. Here's the reply I received:

This is Alyssa at Reverb Customer Experience -- I’ll be helping you out today.

We now require sellers to add their bank account via Plaid for security and verification purposes.

Plaid ensures the bank account that is being entered is correct and can successfully received payouts.

To read more about this, you can visit this Help Center article for more information:

• How to Sync a Bank Account with Reverb Payments

 

[pedalbuilder]

VISA purchased, and now effectively owns, Plaid. VISA gave a $5.3 billion purchase to its developers.

My hunch is Plaid is gonna be around for a while.

Although Visa and Plaid announced plans to merge, they abandoned the merger in January 2021 after the Department of Justice filed a lawsuit alleging that the proposed merger was anticompetitive.

 

[la szum]

OMG! Kind of glad I am grandfathered in and don't need to use Played.

 

[fcs101]

Yup. If you are overseas they give you the option of a "manual entry." No such
thing presented for those in the USA or Canada.

Makes me wonder if Reverb/Etsy has entered with some kind of mutually beneficial ($$$)
agreement with Plaid.

Yeah, that's what I was thinking. You never know what sort of back room financial arrangements exist.

 

[Dave Merrill]

Do you need to use it to BUY on Reverb now?
Please tell me you don't.

 

[la szum]

Nope.

 

[Dave Merrill]

Yay.

 

[MSS]

Wow. I am done with Reverb selling. No way in hell I would ever use Plaid either. They collect your user name and password and you agree to let them act on your behalf. They collect your account balance information, investments, transaction history and more….

https://plaid.com/legal/#end-user-privacy-policy

 

[la szum]

I think it is for sellers and how Reverb links to a person's bank account to transfer money
for a sold item.

 

[vetteboy79]

You know how when you see a certain word used way more often than it should be, it starts to look weird and you question the pronunciation?

Plaid is now on that list for me.

 

[DaveO]

I have had direct deposits into my bank from Reverb sales and no issues for about 5 years.

I hope I didn't just jinx myself.

+1, but since 2019.... to be fair payout is slow imo but you do get it...

 

[TSJMajesty]

You know how when you see a certain word used way more often than it should be, it starts to look weird and you question the pronunciation?

Wow. I just thought I was weird when I'd do this with words. Turns out, there's someone else who thinks of crazy meaningless shit.

 

[Dave Merrill]

You know how when you see a certain word used way more often than it should be, it starts to look weird and you question the pronunciation?

Plaid is now on that list for me.

That was my daughter's first word, oddly.
Pronounced it "plah".
It's been a family touchpoint ever since.

 

[HerrSquid]

I'm not interested in defending Reverb, I just want information that makes sense and that fits the experience I, and others, have had and that fits into what I know about how their systems need to work.


Plaid is trying to provide a simple interface for companies who need to talk to user's bank accounts. There are thousands of banks, credit-unions, financial institutions, etc. in the U.S., all with different ways of connecting. Companies that need to move money have to write and maintain APIs, and they break every time the user's "bank" changes their method of connecting. It's hugely expensive and frustrating for the company, and for their users. Plaid has a simple API and they handle the work of managing that connection. "Why is Plaid involved?" discusses it. As an IT-kinda guy, this is a MAJOR improvement for the companies, and lets them focus on their core tasks. I'd do it if I was a CIO/CTO/CFO if the offering company had the credentials to prove they were responsible for their data and the data connections. "How we handle your data" is also useful.

Let me lead off by saying as a long-time Reverb user, I'm watching this thread out of interest for what payment methods Reverb may be using going forward. Thanks for the legwork and background information!

Now.

That model and API may be simpler for the businesses, but who the holy hell decided it was OK to ask for user's bank accounts and passwords!? I've got 30+ years in IT, and I think that's a crucifixion-level offense.

There are some things you just should never do: Never give your password to anyone. Never ignore a web site that doesn't have the right X509 certificate. Never put your private keys on any shared filesystem. Never just say "yes" and connect when ssh warns you that a host's keys have changed.

Yet we do those things all the time, and every time it reinforces the habit that it's OK to ignore the warnings and everything will be fine... Until it's not and you suddenly discover your life has been stolen -- because the fabric of trust that has to be there has slowly been eroded by all the accumulated bad security habits that seem OK.

Everybody needs to think about this stuff. Think Plaid won't misuse your username/password for financial gain? Think again. Think Plaid won't lose your password to somebody else because they got sloppy and left it unprotected, or because contracted its safekeeping out and that subcontractor screwed the pooch? Thnk again. Those things happen. All The Damn Time. My wife has had all her identity information stolen twice from databases holding information about US government subcontractors.

Plaid is going to be a huge, HUGE target for cyber attacks because they hold the keys to so many peoples' money. The bad guys have all the time in the world to try and get those very valuable usernames and passwords, and they only have to succeed once to get the keys to the kingdom(s). The Plaid cyber security people (and they'd damn well better have them) have to win the ongoing duel every. damn. time.

I hope I've scared the shit out of people. This Plaid scheme is utter madness.

 

[HerrSquid]

Wow. I just thought I was weird when I'd do this with words. Turns out, there's someone else who thinks of crazy meaningless shit.

Oh yeah. Words go all weird when you look at them for too long!

 

[Greg Ferguson]

Let me lead off by saying as a long-time Reverb user, I'm watching this thread out of interest for what payment methods Reverb may be using going forward. Thanks for the legwork and background information!

Now.

That model and API may be simpler for the businesses, but who the holy hell decided it was OK to ask for user's bank accounts and passwords!? I've got 30+ years in IT, and I think that's a crucifixion-level offense.

There are some things you just should never do: Never give your password to anyone. Never ignore a web site that doesn't have the right X509 certificate. Never put your private keys on any shared filesystem. Never just say "yes" and connect when ssh warns you that a host's keys have changed.

Yet we do those things all the time, and every time it reinforces the habit that it's OK to ignore the warnings and everything will be fine... Until it's not and you suddenly discover your life has been stolen.

Everybody needs to think about this stuff. Think Plaid won't misuse your username/password for financial gain? Think again. Think Plaid won't lose your password to somebody else because they got sloppy and left it unprotected, or because contracted its safekeeping out and that subcontractor screwed the pooch? Thnk again. Those things happen. All The Damn Time. My wife has had all her identity information stolen twice from databases holding information about US government subcontractors.

Plaid is going to be a huge, HUGE target for cyber attacks because they hold the keys to so many peoples' money. The bad guys have all the time in the world to try and get those very valuable usernames and passwords, and they only have to succeed once to get the keys to the kingdom(s). The Plaid cyber security people (and they'd damn well better have them) have to win the ongoing duel every. damn. time.

I hope I've scared the shit out of people. This Plaid scheme is utter madness.

Plaid makes sense business-wise but they just lost a court case brought by users that’s going to hurt. Others will probably follow unless they implement a better system.

I know there are a lot of big companies working on other solutions in this area. I think Plaid might be an also-ran if they don’t get it improved fast.

I sent them some comments directly and referred them to this thread because there are a lot of good comments and suggestions here.

 

[la szum]

Thanks to @Tahoebrian5 for bringing this to everyone's attention.

I also want to apologize if I ever came off as dismissive in any of my comments.
I guess being grandfathered in as a long-time Reverb seller something like what
you experienced was never an issue for me.

 

[skolacki]

Don’t recall needing pw and login. That would have been a deal killer for me too. Was using PayPal and closed that. So added my bank. I was disgruntled at Reverb for awhile due to them canceling Mike Fuller (Fulltone) over a rant during the George Floyd riots. It was a reasonable and honest rant. I’m not a fan of canceling. But I now have positive thoughts about reverb and the safe shipping. Had a guitar get damaged on the way to my place. And they promptly gave me a partial refund making that guitar a very good deal. F that Fuller dude lol. Just kidding nothing but respect Mike!