While Plaid enables you to share your data with the apps and services you want, the contact details (e.g. phone numbers and/or email addresses) that are surfaced during the multi-factor authentication (MFA) step are likely coming directly from your bank.
Banks sometimes display fake phone numbers at the MFA step as a form of security designed to confuse malicious attackers that might be trying to gain access to your online banking account. This security measure is most commonly triggered when:
- The username or user ID is entered incorrectly. This is especially common on mobile devices where automatic capitalization and auto-correct features can interfere.
- The wrong financial institution is selected from our search. There are many financial institutions with similar names and, for some institutions, we have multiple options based on the account type you have (e.g. Personal banking vs Business banking).
If you're seeing a phone number for MFA that does not belong to you, here’s what we recommend:
- Log into your bank account directly from their website (as opposed to a mobile app) and check that you have the correct capitalization and entry for your username or user ID.
- Go back a step and utilize our search tool to find all available institutions associated with your keyword(s).
- When viewing the list, take note of any state codes (e.g. CA for California), logos, or any website URLs that help distinguish one institution from another.
- Additionally, take note of any options that specify an account type (e.g. Personal banking vs Business banking), so you can make sure you’re selecting the correct one.
If you're still having issues, please reach out to your financial institution to confirm your login details and that your online account can be accessed.
As a reminder, Plaid does not create an account about you when you connect or attempt to connect your financial accounts to an app or service.