Varo isn't the only fintech that uses borrowed credentials (via Plaid) to access third-party accounts - I allow my HSA fintech to access my brokerage in this manner.
Varo, however, is a different story altogether.
First, Varo uses Bancorp as their back office (transaction processing), so there are actually three potential security targets. Three! Varo claims that they are moving to have their own banking charter (so they don't have to rely on Bancorp), but in the meantime...
Second, I have never experienced such a level of incompetence/dereliction in staff and systems in a financial institution. For example, one day I received an automated email that I would begin to earn the lesser rate because I failed to meet the requirements of the higher rate. After I inquired as to which requirement, I received the normal automated email congratulating me on earning the higher rate. Two days later, a rep responded to my email, saying that my earned rate will be lower because I had kept my savings account balance under $10K. Can you believe that I had to tell him that that IS one of the three requirements for earning the higher rate?
Third, the checking ("Bank") and savings account pair cannot be joint accounts. Another future feature, I was told.
Fourth, and critically important because of the previous point, there is no way to indicate one's beneficiary designation.
Fifth, the web portal has limited function compared to the app. You can't transfer money; you have to use the app. The checking and savings balances match those shown in the app, but the transaction detail has a one-day lag so you have to use the app to see what hit the accounts.
Sixth, my brokerage rejected my attempt (in July) to create an ACH link because Varo/Bancorp could not be found in their universe of financial institutions.
If you do decide to pursue an account with Varo, keep one eye open at all times.
So I opened an account with them and wanted to play with their system after transfer $100 in to it to see if I would really want to transfer all my savings in to their account for 1.92% annual yield. Here's what I thought about them
1. It is a security glitch if they are linking to your external accounts by taking your external account credentials. That should never be the case. This is just a quick work around for implementing something more robust. Being a computer software architect, I can vouch for this. I am sure they won't store your credentials but they do have access to your external accounts which is a BIG BIG NO NO NO. Keep in mind that if they system is compromised (easy to do I think), your external accounts will also get compromised. There are ways to work around it but, how many of you are tech savvy people who would want to spend time around working around their flaky security system.
2. Their iPhone app is pretty flimsy. I tried to transfer my $100 back to my external account from their savings account and I wouldn't let me. So I transferred the money to their checking account first and tried to transfer money to my external account from their checking account. The moment I would hit submit, it would reset "from account" selection field. I had to log out and log in multiple times to make it work.
3. I tried to link another account of mine and it would always throw errors. I called their customer care and they suggested to send them a screen shot for their engineers to take a look at. They were not able to see my tries to link to this external account in their system. Any decent bank would have an audit trail of literally anything and everything to your account. These guys are far away from such a thing.
Apart from the above, I found the following really weird:
1. You can't wire money from an external account in to varo accounts.
2. You can only deposit $1500 max per week. This was as per the phone rep I spoke with.
In lieu of above, I can say with authenticity that their systems are flaky and not at all secure. Even though everything is insured by FDIC, do you really have time to be on call with them so frequently?
Please check frustration shared by many other at this website: https://www.trustpilot.com/review/varomoney.com
Varo allows only one method to link your Varo checking account to your checking or savings accounts at another bank for electronic transfers. Instead of using test deposits and verification thereof like other banks do, Varo requires that you give them your sign-in ID and password at the other banks website. This is especially dangerous because Varo does not even do the account verification itself. Instead it gives your ID and password to some third party named PLAID.
Furthermore, PLAID's disclosures admit that they will be able to view all your various accounts at your other bank including your credit cards. They will be able to view the details of every credit card purchase, every payment by check, and every electronic payment you have made as well as all personal data which your other bank has. Your records may indicate your medical conditions when they show what medical specialists you have paid. It is completely unnecessary for PLAID to have all your records in order to do the account verification. This is evidenced by PLAID's own disclosures which describe a much more limited amount of data collection for persons who reside in Europe.
Then you have to trust PLAID not to use all your records that they have collected for their profit or reveal it to yet other companies for them to use (if they really won't use your records, then why do they collect them?). PLAID is not a bank and therefore not subject to the extensive federal regulation and oversight that most US banks are. You have to just trust PLAID to protect all your records from hackers and from their own employees abusively using all this information from your banking and credit card transactions. All this by a company that hides from consumers as PLAID's website reveals no phone contact, no email address, and no physical address. The only way to contact them is in text on their website (even that is designated for commercial sales, not for consumers).
There is a way to avoid PLAID while still having an electronic link of your bank accounts. Set up the electronic link to your Varo account at your other bank and initiate all transfers in either direction between the 2 banks at your other bank's website.
UPDATE: New California law gives California residents new opt out rights regarding use of data collected by companies. Some companies are now offering those new opt outs to all Americans rather than just Californians. Other companies are offering those opt outs only to Californians, thus giving treating Californians better than other Americans. It seems that Varo is one of those companies that treats Californians better than other Americans.
|FDIC Certificate #||35444|
|Return on Assets - YTD||1.02%|
|Return on Equity - YTD||11.78%|
|Annual Interest Income||$51.5MM|
|Assets and Liabilities|
|Assets||Q1 2020vs Q1 2019||$5.46B$4.63B|
|Loans||Q1 2020vs Q1 2019||$3.80B$2.23B|
|Deposits||Q1 2020vs Q1 2019||$4.70B$4.04B|
|Equity Capital||Q1 2020vs Q1 2019||$489.4MM$425.2MM|
|Loan Loss Allowance||Q1 2020vs Q1 2019||$14.9MM$10.0MM|
|Unbacked Noncurrent Loans||Q1 2020vs Q1 2019||$11.8MM$24.2MM|
|Real Estate Owned||Q1 2020vs Q1 2019||$22.8MM$29.0MM|
Always verify rates and promotions with the bank or credit union. We are not Varo; we are a rate comparison website and cannot provide official rates or promotions.
* The APY shown varies based on the deposit amount. Expand the listing to see APYs for other deposit amounts.
|APY||MIN||MAX||ACCOUNT NAME||VIEW DETAILS|
|2.80%*||-||$10k||Varo Savings Account|
|OTHER TIERS: 1.21% → $10k+|
|APY||MIN||MAX||ACCOUNT NAME||VIEW DETAILS|
|0.00%||-||-||Varo Checking Account|
Varo is an Internet only bank and does not have branch locations. Its headquarters is located at 111 Sutter Street - San Francisco, CA 94104