Comments on: Mint Myths Debunked

By: Security Pro

Security Pro — Mon, 14 Dec 2009 22:11:33 +0000

You are providing your log on credentials for your financial instituations to a third party. This fact, by itself, may (depending on your financial instituations policies) make you 100% liable for any fraudulent transactions that occur with your accounts. This means that when you call your bank for withdrawals that you did not make, your bank may not give you your money back because you gave out your log on credentials.

Another point that I have is what happens when the log on credential database is hacked. There will be millions of user IDs and passwords available to malicious individuals to log onto your financial instituations web sites’ and will give them the ability to update personal information (such as email addresses, physical addresses, telephone numbers, etc), execute inappropriate withdrawals, etc. This could result in huge lawsuits and lots of finger pointing…any empty bank accounts for those of you who use this service.

Finally, Mint.com says that they have 128-bit SSL encryption over connections between your computer and their servers. That is all fine and good…however, we don’t know any information about how they protect data that is passed between Mint.com and the other third party service providers that are not well disclosed. Are these channels also appropriately controlled and encrypted to protect your log on credentials?

None of the security comments made by Mint.com address these points directly. Some of these points cannot be addressed by Mint.com directly, like how your bank would react to fraudulent losses that result from you sharing your log on creditials with Mint.com. Regardless, with that said, I like what Mint.com offers, but will not use it based upon their security model. I hope they can improve on this in the future.

By: George B. Dubendris

George B. Dubendris — Fri, 18 Sep 2009 17:53:12 +0000

Thank you ,
I feel better after your article. I am thinking about using Mint but still am somewhat out of my comfort zone.
But as Herbert Spencer said,” contempt prior to investigation can hinder all progress” or something like that.
Laughing

By: Steven

Steven — Sun, 14 Jun 2009 00:21:51 +0000

1. If somebody who knows you gains access to your mint.com account, then they will have access to your financial information. Just as if they had stolen your mail except that you’ll never know.

2. If you use the mint.com Facebook app, for example, then mint.com knows who you are.

By: Robert Bradley

Robert Bradley — Mon, 01 Jun 2009 20:15:19 +0000

mint.com triggered fraud alert at my bank. All my accounts are frozen. All automated bill pays are frozen. This mint.com is a piece of junk and has wreaked havoc with my online banking.

By: Scott

Scott — Sat, 07 Mar 2009 21:41:00 +0000

I agree that mint is as secure as the other portfolio products that rely on yodlee, but I don’t think you really address the root question of is it safe? Also, quoting the CEO of mint to support the argument against mint being less safe than other institutions is equivalant to saying “Mint is safe because they say they say it’s safe”.

Thanks for the pointer to yodlee so that I can now do real research on the safety of the service I’m considering.