As a grad student, I’ve learned about the importance of doing research and checking your sources before making any claims. I recently did a review on Mint.com, a free, automatic way to manage your money online. While I was doing some research for the review, I noticed that a lot of people were making false claims about the security of Mint. The most annoying part is that some these people continued to make false claims after others had proved that their claims were ill-conceived.
Well, I’d like to set the record straight once and for all and debunk the myths that have been spread about Mint.
If someone breaks into my Mint account, they will have all of my financial information.
This seems to be the most widespread myth about Mint. People worry about “putting all of their eggs in one basket.” Others talk about how they’re hesitant to give anyone or any company their bank account info. Well, the truth of the matter is that Mint doesn’t store your financial information at all.
When you enter your account credentials, they’re only used once to establish a connection to your bank accounts. This comment left in Lifehacker’s review of Mint sums it up pretty well.
No where on Mint.com do we ever have your name or address. We have a read-only connection to your bank accounts, and are provided with balances and transaction descriptions only - no names, no account numbers.
On Mint.com we know about your finances, but we really don’t know who you are.
Aaron Patzer
Founder & CEO, Mint.com
If you want more details, read the explanation of how this works in the Mint forums. You’ll find out that Mint relies on Yodlee to get your balances and transactions, which brings us to the next myth.
Mint is not as safe as other online financial sites.
Well, if you did some research on Yodlee, you’d find out that Bank of America and Fidelity Investments rely on Yodlee as well. If you have accounts with either of these institutions and check your account online, you’re probably already using Yodlee. In the comments of a TechCrunch post, Aaron Patzer makes a bold claim that you’re safer on Mint than you are with online banking.
To all those who are concerned over Mint.com security, a few points:
1) You’re anonymous on Mint.com
2) Our security is independently verified
3) Email & text-message alerts help identify fraud immediately…and being proactive is the best measure.I’ll make a bold statement: You’re safer on Mint then with online banking. On Mint, you’re completely anonymous. We never ask for a name, address, or SSN - just an email. We know about your finances…but not about you. We’re also independently verified by Verisign, TrustE, and several outside agencies.
We also have serious physical security. Our servers are in a secure, unmarked facility. To get in, you need to pass 3 biometric scanners, 4 locked doors, and several guards. We have our own cage so we’re physically separated from all other companies. Cameras monitor our servers and power supplies 24/7. The servers themselves have additional locks. The hard drives are encrypted. It’s like Mission Impossible (except without the electrified floors…maybe one day).
Perhaps more interestingly, 90% of all fraud actually occurs offline, not online (e.g. someone swipes your card at a restaurant or from your mail). Because Mint sends proactive alerts for low-balance or unusually high spending, you’ll know right away. It’s better than logging into 4-5 different banks every day, or waiting 30 days for a paper statement before finding that something went wrong.
Aaron Patzer
Founder & CEO, Mint.com
I still don’t trust Mint.
Even with these myths debunked, I realize that Mint isn’t for everyone. I know that some people still won’t feel comfortable using something like Mint. However, that doesn’t give these people the right to fear monger. I don’t think it’s fair to scare people away from something useful, like Mint, just because you personally don’t think it’s safe, especially with no proof to back it up.
The purpose of this post isn’t to get everyone to use Mint. I put together this information so that you could evaluate the facts about Mint and then make the best decision for yourself.
If you enjoyed this post, subscribe to my RSS feed or via email for free updates.
{ 3 trackbacks }
{ 14 comments… read them below or add one }
I’ve been using Mint for a few days now, and I really like being able to log in to one place and see all of my accounts. I’ve got a couple credit cards that I keep for emergencies, since I don’t use them at all I don’t log in to those sites all that often…but with Mint I’ll know right away if any transactions are made with those cards.
I like the idea of Mint, especially as my free trial of Quicken is about to expire (sad)…but unfortuantely, every time I try to put ANY of my accounts in, it can’t seem to find any of them. Maybe they should get that worked out, eh?
Lauren - Yes, Mint still has quite a few issues to work out. They do have support forums if you’re interested in submitting the issues or seeing what problems other people are having.
Banks and credit cards continuously change their systems, and this seems to wreak havoc on financial applications. For example, Citicards recently changed their online account management, and my credit cards no longer update in Quicken.
One thing I don’t like about Mint is that I can’t add my student loan account or my Roth IRA account. This is pretty limiting, so I’ve been testing out Yodlee MoneyCenter. I really like it so far. The interface isn’t as flashy as Mint, but it’s functional. Unfortunately, I’ve been having issues adding my ING account to MoneyCenter, but all of my other accounts worked fine.
“Read only acccess”, wow, Aaron is treading a fine line here.
- mint requires your full access username and password for all sites (there is no such thing as read only credentials)
- mint uses the Yodlee service to actually retrieve account data and hands over the full access credentials to yodlee
- yodlee provides mint a read only xml feed of account data
- yodlee does this by using the full access credentials to screen scrape the financial institutions web site
Bottom line, your real/full/everything/all credentials are out there on yodlee and mint servers.
All right, another myth to debunk. The four steps damon described are accurate, but the “bottom line” doesn’t make any sense.
Mint uses the credentials once, passing them off to Yodlee to get a connection to your account data. Mint doesn’t actually store your credentials. It only needs to store a link to the connection with Yodlee for that account.
This does mean that your credentials are stored by Yodlee, which, as I mentioned before, is used by financial institutions such as Bank of America and Fidelity Investments. The funny thing is that nobody’s complaining about Bank of America and Fidelity asking for their personal info.
People should not trust Mint at the same level as Bank of America. BofA is bound by all the banking regulations, you have recourse if there is a screw up. Mint is NOT beholden to any banking regulation. Mint is bound by the start up laws, which are basically “do anything to get acquired and cash out”.
Bottom line, Mint and BofA should not get the same level of trust from people.
Once again, I agree with part of your post, damon, but I disagree with your bottom line.
I think you’re missing the connection that all of the accounts you add to Mint are still bound by their own regulations. With credit cards, you still get fraud protection, and with bank accounts, you’re still protected with all of the banking regulations.
I found this explanation in the Mint forums.
This is an actual regulation issued by the Federal Reserve, not some made up term like “start up laws”. With that being said, I’m not claiming to be an expert on banking regulations, so if someone knows more, please share.
My bottom line — Mint can be trusted at the same level as any other financial site. However, it may or may not be the right tool for you to track your finances.
Thanks for sharing all this info. I use BOA Portfolio. I assume it’s similar to Mint?? I have trouble connecting to some of my accounts all the time. I have to keep going back in and re-entering my login credentials. Is Mint better for this?
Also, has anyone done a good comparison of the security risk of bill pay (bank has all your payees info) versus auto withdrawel (bill companies have your bank info)? I do a mixure of both right now, but would like to know the difference in risk.
Since BOA Portfolio and Mint both rely on Yodlee to fetch your account data, you’ll probably run into the same connection problems in Mint. Regardless of the front end (BOA Portfolio or Mint), if Yodlee isn’t able to connect to your account properly, then your information won’t get updated.
I haven’t come across any comparisons of the security risk of bill pay vs. auto withdrawal. Thanks for giving me an idea for a future post.
The second myth ‘debunking’ in this article is quite misleading. True, BofA uses Yodlee, but only for their My Portfolio feature. It would be a safe bet to assume that the vast majority of BofA customers would not be using My Portfolio. So, essentially these people would be using the BofA website and have nothing to do with Yodlee. It is misleading to say that if you are using BofA online banking, you are already using Yodlee.
Having said that, I myself use Yodlee and just love the service. I believe the benefits handily outweigh the risk.
Just wanted to say thanks. I love mint but everyone I talk to thinks I’m a fool for using it.
If only they pled a better case from the mint privacy page (I think in the efforts of keeping it simple they didn’t go into enough depth to make folks feel secure).
I agree that mint is as secure as the other portfolio products that rely on yodlee, but I don’t think you really address the root question of is it safe? Also, quoting the CEO of mint to support the argument against mint being less safe than other institutions is equivalant to saying “Mint is safe because they say they say it’s safe”.
Thanks for the pointer to yodlee so that I can now do real research on the safety of the service I’m considering.
mint.com triggered fraud alert at my bank. All my accounts are frozen. All automated bill pays are frozen. This mint.com is a piece of junk and has wreaked havoc with my online banking.
1. If somebody who knows you gains access to your mint.com account, then they will have access to your financial information. Just as if they had stolen your mail except that you’ll never know.
2. If you use the mint.com Facebook app, for example, then mint.com knows who you are.