Security Concerns with the Tesla Payment

This is part of a series that covers my experience with a Tesla Model Y.

Before we could get our car, we needed to make our down payment for the car. I wrote about the ordering experience. Part of that process was choosing the loan (or case or lease) and payment. I had left it near the default of US$4500 and two days before our pickup appointment, we got an email that we needed to check the paperwork and make the payment.

As we logged on to the Tesla site, part of the workflow asked us for the credentials for our bank account.


We backed out and looked again and sure enough, when you click make payment, you get a popup from the Tesla site asking for your bank (Wells Fargo for us) and your login credentials.

This isn’t a recurring payment, and this isn’t from Tesla. The fine print shows this is from Plaid, a financial company. Lots of banks use their service, and maybe I use them for something, but I hadn’t seen a request to give my credentials to a third party. This is apparently a model being used as other businesses ask this from customers.

I’m not comfortable.

A Workaround

Fortunately, I searched and found a few posts from Tesla owners. This one noted that you can click the “X” in the dialog and then get a popup to enter the bank routing information. We did that, and it worked fine.

I think this is a poor business model. I’m not even sure this is legal with some of the computer security acts in the US. While some posts indicate this generates a token from your bank that is used for access, I think providing login credentials is a problem.

If you run into this with any other company, I’d try clicking the X and using a semi-more secure method of entering routing and account info.

About way0utwest

Editor, SQLServerCentral
This entry was posted in Blog and tagged , . Bookmark the permalink.