Log In
Register
Topic RSS
Facebook
Twitter
Email this2:54 pm
March 14, 2023
Offline
canadian.100 said
I think CIBC is probably more interested in protecting CIBC from any liability. A systems/informatics expert who I know well told me a while ago that he doesn't consider online banking truly secure (and avoids it when possible). So perhaps Flinks may not hold any more risk than general use of online banking.
Absolutely, CIBC is using this to cover their liability. As would every other FI. If the banks don't trust the intermediaries, then I'm not going to (why some use them but disavow is another topic). Flinks may not be more risky than everyday online banking but my take is that using them is another potential point of enter for bad actors.
Anyway, to each their own risk assessment. I was merely trying to present my own grounds for not trusting a third party and I'd point out the hard evidence comes only after the fact.
8:31 am
February 7, 2019
Offline
canadian.100 said
I think CIBC is probably more interested in protecting CIBC from any liability. A systems/informatics expert who I know well told me a while ago that he doesn't consider online banking truly secure (and avoids it when possible). So perhaps Flinks may not hold any more risk than general use of online banking.
It's not uncommon for any business to say that anything you do with any other business you might consider to be extremely risky. The Big 5/6, I think because I have only dealt with TD and BMO, don't offer ETF's other than Interac from their online platforms because they don't like to make it easy for us to move our $ away from them ...
| CGO |
5:32 pm
December 12, 2009
Offline
Flinks is just fine. They are owned by National Bank of Canada. All banks are using either Plaid, Flinks, MX Technologies, so things like Mint are now implicitly legitimized by them authorizing such services. Nothing burger to see here. Move along. 
6:53 am
September 29, 2017
Offline
rather condescending much? 🙁
8:11 am
March 11, 2026
Offline
cgouimet said
I'm OK with Flinks because the use of your login credentials is simply for the the initial linkage setup so, one can change that password once the link is established.
Plaid with "permanent" login credentials retention is not something I would want to enable.
8:14 am
March 11, 2026
Offline
Well maybe though I got an email from them after getting the PDF of my void cheque asking for a compete monthly statement with all transactions. That is concerning to us as there is no valid reason for them to know where I spend my money and how much. I’m considering a privacy complaint. Each to their own risks but just because a breach not been reported does not mean it has not happen. The team at Oaken may not know.
9:05 am
January 12, 2019
Offline
Dean said
.
Like many others, I'm always a bit leery when using Flinks, but in the end I've never had a problem with it. So many FIs are using it now, it's almost an industry standard.So the question begs to be asked . . . Where is the 'Hard Documented Evidence' that Flinks is not secure, and dangerous to use❓
.
Dean
10 days later, and we're Still Waiting.
Come-on ... Cough It Up❗
- Dean
" Live Long, Healthy ... And Prosper! "
1:52 pm
December 12, 2009
Offline
Dean said
10 days later, and we're Still Waiting.
Come-on ... Cough It Up❗
Dean
Dean, you and I clearly agree on this.
In many ways, it's actually more secure than financial institutions still requiring paper-based forms sent via snail mail (i.e., Canada Post), where they are opened by one staff member, routed to another staff member for scanning, and potentially routed to yet another staff member for input. The form, and accompanying VOID cheque or VOID cheque form, are potentially scanned into and saved in my multiple digital areas, each time there is the possibility of some unscrupulous employee making illegal copies of the information.
I will take Flinks and Plaid any day.
2:43 pm
February 7, 2019
Offline
doug said
Dean, you and I clearly agree on this.
In many ways, it's actually more secure than financial institutions still requiring paper-based forms sent via snail mail (i.e., Canada Post), where they are opened by one staff member, routed to another staff member for scanning, and potentially routed to yet another staff member for input. The form, and accompanying VOID cheque or VOID cheque form, are potentially scanned into and saved in my multiple digital areas, each time there is the possibility of some unscrupulous employee making illegal copies of the information.
I will take Flinks and Plaid any day.
Me too.
Back in the 90's there was probably a lot of fear of online banking.
| CGO |
9:25 pm
September 29, 2017
Offline
Aren't people forgetting a few things?
1. official written bank policies explicitly contradict the usage of FLinks and Plaid. This seems to place the risk squarely on the customer.
2. Flink, Plaid, etc. have your data stored electronically, no different than a manual process where data is scanned, but likely in a more accessible format by automatic measures. What sounds more risky, a manual processes where employees are have set procedures, have supervision and oversight, and are accountable to follow their procedures, or FLink or Plaid where data is not directly supervised, and has greater chance of being hacked?
3. Anyone remember breaches with the likes of Equifax?
Caveat emptor. Let's not let convenience and commonplace overshadow actual risk, and let complacency set in, giving a false sense of security.
There is a general rule of thumb that increased convenience often comes at the price of increased risk.
P.S. I was just at a bank last week opening a new account, when a bank manager and I got talking about security and authentication, and he was expressing how they so dislike SMS 2FA because of the poor risk profile, but recognizes how difficult it is to change systems or behaviours (another example of how commonplace begets false sense of safety). His preference is authenticator keys, BTW.
