Author Topic: Feeling queasy about opening mint.com account  (Read 67147 times)

MDM

  • Walrus Stache
  • *******
  • Posts: 6947
Re: Feeling queasy about opening mint.com account
« Reply #50 on: January 21, 2015, 06:50:54 PM »
It would be nice if Mint had a way for me to just import data from the bank. I know my bank will export it in various formats for me to download. Then I could just upload it to mint periodically. This way mint would not have any passwords, account numbers (easy enough to scrub from the exported files), etc.
Quicken can (check your bank's web site for a "download info to financial programs" option) work this way.  Don't know about Mint.

As for security, one "can't prove a negative."  In other words, one can't prove that a problem will never occur if Mint (or Quicken, or...) has external account passwords.  So it's a matter of personal preference and risk tolerance.  Personally we think the risk is sufficiently close to zero that we have all our accounts linked to Quicken.  YMMV.

Bakari

  • Handlebar Stache
  • *****
  • Posts: 1741
  • Age: 37
  • Location: Oakland, CA
  • Veggie Powered Handyman
    • The Flamboyant Introvert
Re: Feeling queasy about opening mint.com account
« Reply #51 on: March 07, 2015, 10:03:50 PM »
If anything, the heartbleed thing should tell us that having an account - any account, period - puts you at some risk.


I have had credit cards hacked from overseas, and had neighbors go through my mail and/or trash and print fake checks that drew on my bank account.


Not having Mint does make you safe.


If you are worried about online security, by the same measure you should have no credit cards or bank accounts or investment accounts either.


Keep all your money in cash under your mattress.  Or maybe gold.


Except, then someone might break in and steal it.


The question isn't whether a certain risk is technically possible, its whether the probability, times the damage, outweighs the gain.
(In my examples the damage was some lost time and effort in contacting the banks - all of my money was refunded)


Assuming the risk of credit fraud is real, the ability to quickly and easily check all my accounts every day or two, vs. checking a statement at the end of the month, seems like a way to safer online to me
Anything I've said here useful or interesting?  Find a lot more of my thoughts here: http://randomthoughts.fyi

Dimitri

  • Guest
Re: Feeling queasy about opening mint.com account
« Reply #52 on: March 07, 2015, 10:20:33 PM »
Mint is owned by Intuit.  http://www.intuit.com/products/

Turbo Tax (another Intuit product) seems to have had a little problem recently.  http://www.washingtonpost.com/news/get-there/wp/2015/03/06/turbotax-says-it-received-inquiries-from-federal-investigators-about-tax-fraud/

I'm sure Mint is safe.   (I'm assuming purple is the color for sarcasm.)

But go ahead all ye faithful.  Put your passwords into Mint.  Nothing can go wrong.

lovesasa

  • 5 O'Clock Shadow
  • *
  • Posts: 92
  • Age: 28
  • Location: The Chinese Wild Wild West
Re: Feeling queasy about opening mint.com account
« Reply #53 on: March 07, 2015, 10:35:02 PM »
I assume nobody cares about the thing they signed with their bank to not disclose their password to ANYONE?

That's the one that stopped me... sure I can trust the site, but if it violates my agreement with my bank of 20+ years, and if anything goes wrong I'm *screwed*, not just 'fraud victimized'....

I prefer to use software that is in no way connected to my bank :)

It would be nice if Mint had a way for me to just import data from the bank. I know my bank will export it in various formats for me to download. Then I could just upload it to mint periodically. This way mint would not have any passwords, account numbers (easy enough to scrub from the exported files), etc.

Regarding this, my Capital One checking and savings account recently added a feature where they provide you a code to give financial services companies (such as Mint) that is separate from your personal login information. You have the option at any point to login to your Capital One account and disable services from using this code to access your information, or to change the code (i.e. if you think it has been compromised but want to keep using the service). This seems like a good compromise, and I wouldn't be surprised if more banks start using a similar system. The bank can tell which logins are you and which logins are a separate service, and I would presume the separate code access provides only a view option, not the ability to move money.

All of this being said, I have been using Mint since 2007 with no problems. I love it. It also notifies me incredibly quickly of large or uncharacteristic transactions, sometimes faster than my bank itself, or even transactions my bank chose not to notify me about.

I actually feel more secure using Mint, because it allows me to check up on my accounts regularly without needing to login to my bank accounts directly. I live in China and travel frequently in Southeast Asia. Computer security here can be... dodgy. I feel significantly more comfortable being able to use Mint and have only that login potentially compromised (I just use it on my phone, my tablet and my work computer, not at internet cafes or anything like that), than potentially compromising my direct account logins with which someone could actually gain access to my money. YMMV.
"Get over the idea that only children should spend their time in study. Be a student so long as you still have something to learn, and this will mean all your life."
- Henry L. Doherty

Argyle

  • Pencil Stache
  • ****
  • Posts: 911
Re: Feeling queasy about opening mint.com account
« Reply #54 on: March 07, 2015, 10:46:38 PM »
One thing that makes me uneasy is this. If someone steals your credit card number and runs up unauthorized charges, your credit card company will not charge you for those transactions, once you report it.

But if someone hacks into Mint and gets your bank details, and uses them to siphon money from your account, your bank will not refund you your money.  Anyone who operates using your password is considered a fully authorized user of your account. 

So if someone did this, you could pursue them through legal channels, assuming you could identify them — good luck with that.  But your bank will not refund you the money.

Can't Wait

  • Stubble
  • **
  • Posts: 131
Re: Feeling queasy about opening mint.com account
« Reply #55 on: March 08, 2015, 07:07:17 AM »
One thing that makes me uneasy is this. If someone steals your credit card number and runs up unauthorized charges, your credit card company will not charge you for those transactions, once you report it.

But if someone hacks into Mint and gets your bank details, and uses them to siphon money from your account, your bank will not refund you your money.  Anyone who operates using your password is considered a fully authorized user of your account. 

So if someone did this, you could pursue them through legal channels, assuming you could identify them — good luck with that.  But your bank will not refund you the money.

That's crazy. I definitely didn't know that.

I just use excel to track monthly expenses, net worth, etc.. I've never used mint.com but I don't see the need to. I simply punch in my monthly variables and the excel worksheet I created calculates it for me.

zurich78

  • Stubble
  • **
  • Posts: 187
Re: Feeling queasy about opening mint.com account
« Reply #56 on: March 08, 2015, 11:03:55 AM »
Mint is owned and operated by Intuit (maker of Quicken/Turbotax).  Not that that guarantees protection, but, it's not like they're some small time operation.

They have the financial means to provide and improve security.

If you're worried about Mint, I wouldn't online bank either.

skiddieleet

  • 5 O'Clock Shadow
  • *
  • Posts: 22
Re: Feeling queasy about opening mint.com account
« Reply #57 on: March 08, 2015, 12:26:27 PM »
I didn't read every post in the thread, so someone may have already mentioned this.  I use a token that changes every 30 seconds to login to my bank's website.  This gives me great peace of mind.  To use mint with this account would I have to go back to just a username and password?

Bakari

  • Handlebar Stache
  • *****
  • Posts: 1741
  • Age: 37
  • Location: Oakland, CA
  • Veggie Powered Handyman
    • The Flamboyant Introvert
Re: Feeling queasy about opening mint.com account
« Reply #58 on: March 08, 2015, 09:03:10 PM »
One thing that makes me uneasy is this. If someone steals your credit card number and runs up unauthorized charges, your credit card company will not charge you for those transactions, once you report it.

But if someone hacks into Mint and gets your bank details, and uses them to siphon money from your account, your bank will not refund you your money.  Anyone who operates using your password is considered a fully authorized user of your account. 

So if someone did this, you could pursue them through legal channels, assuming you could identify them — good luck with that.  But your bank will not refund you the money.


I may have been unclear, or you may have missed it:  Someone DID illegally access my bank account and withdraw a large amount of money, and my bank DID refund 100% of the money, even though they didn't (officially) ever catch the people who did it*


*(I say officially because I knew who did it, it was my crack-head neighbors who had previously been in prison for writing fake checks, but there wasn't enough hard evidence and the police department felt it was too small an amount to launch a full-scale investigation.  Which sucked, but the important thing from my point of view is I got all of my money back)
Anything I've said here useful or interesting?  Find a lot more of my thoughts here: http://randomthoughts.fyi

tooqk4u22

  • Handlebar Stache
  • *****
  • Posts: 2035
Re: Feeling queasy about opening mint.com account
« Reply #59 on: March 10, 2015, 10:27:58 AM »
Mint is owned and operated by Intuit (maker of Quicken/Turbotax).  Not that that guarantees protection, but, it's not like they're some small time operation.

They have the financial means to provide and improve security.

If you're worried about Mint, I wouldn't online bank either.

I used to take more comfort in that until Turbo Tax reecntly had issues with fraudulent state findings and they basically said its not our issue - its the IRS responsibility. 

Seems they are a bit lax in the security and oversight aspect of their business - I was very surprised and now question mint.

Bakari

  • Handlebar Stache
  • *****
  • Posts: 1741
  • Age: 37
  • Location: Oakland, CA
  • Veggie Powered Handyman
    • The Flamboyant Introvert
Re: Feeling queasy about opening mint.com account
« Reply #60 on: March 10, 2015, 10:58:07 AM »
Mint is owned and operated by Intuit (maker of Quicken/Turbotax).  Not that that guarantees protection, but, it's not like they're some small time operation.

They have the financial means to provide and improve security.

If you're worried about Mint, I wouldn't online bank either.

I used to take more comfort in that until Turbo Tax recently had issues with fraudulent state findings and they basically said its not our issue - its the IRS responsibility. 

Seems they are a bit lax in the security and oversight aspect of their business - I was very surprised and now question mint.


Except, keep in mind that people file fraudulent returns using paper, they file fraudulent returns in in-person tax-return offices, and they file fraudulent returns  using other software.
Probably one of the main reasons TurboTax gets called out is simply that they process more returns than most other companies.  That doesn't mean their process is any less secure than anyone else.

A lot of experts still say filing online is safer than using paper:
http://www.in.gov/dor/5060.htm


http://www.cnbc.com/id/100359963#.


https://www.protectmyid.com/identity-theft-protection-resources/prevention-tips/tax-time-identity-theft.aspx


So you really have to take news like that in the greater context
Anything I've said here useful or interesting?  Find a lot more of my thoughts here: http://randomthoughts.fyi

Blonde Lawyer

  • Pencil Stache
  • ****
  • Posts: 640
    • My Student Loan Refi Story
Re: Feeling queasy about opening mint.com account
« Reply #61 on: March 10, 2015, 11:15:50 AM »
Mint is owned and operated by Intuit (maker of Quicken/Turbotax).  Not that that guarantees protection, but, it's not like they're some small time operation.

They have the financial means to provide and improve security.

If you're worried about Mint, I wouldn't online bank either.

I used to take more comfort in that until Turbo Tax reecntly had issues with fraudulent state findings and they basically said its not our issue - its the IRS responsibility. 

Seems they are a bit lax in the security and oversight aspect of their business - I was very surprised and now question mint.

The fraudulent returns did not involve info stolen from turbo tax.  Bad guy has victims SSN, name, address, etc.  Bad guy goes on to turbo tax, creates an account and files the return.  It is identity theft.  Same as doing it on paper.  Turbo tax security has nothing to do with it.  Bad guy already had all of the necessary info.

Blonde Lawyer

  • Pencil Stache
  • ****
  • Posts: 640
    • My Student Loan Refi Story
Re: Feeling queasy about opening mint.com account
« Reply #62 on: March 10, 2015, 11:19:01 AM »
Also, Mint topped 10 Million users in 2012.  Here is how I look at it.  If 10 Million users have their bank accounts wiped out, something would have to be done about it.  I'm not usually one to say "I'll let the government take care of me" but I can't imagine we as a society would ever say "too bad so sad" to 10 Million people.  So, let's say instead a hacker just looks to wipe out one bank account.  I think the 1 in 10 Million chance that it will be me is so small that I will role the dice.

tooqk4u22

  • Handlebar Stache
  • *****
  • Posts: 2035
Re: Feeling queasy about opening mint.com account
« Reply #63 on: March 11, 2015, 02:31:48 PM »
A lot of experts still say filing online is safer than using paper:
.
.
.
So you really have to take news like that in the greater context


The fraudulent returns did not involve info stolen from turbo tax.  Bad guy has victims SSN, name, address, etc.  Bad guy goes on to turbo tax, creates an account and files the return.  It is identity theft.  Same as doing it on paper.  Turbo tax security has nothing to do with it.  Bad guy already had all of the necessary info.

I agree with of you that fraud happens and generally electronic is safer, but as big as they are they have a responsibility to the customers and ultimately the shareholders to provide better checks and balances...if they are lax or complacent about punting to the IRS then they may be the same in other regards.  The other tax programs didn't have a similar increase in fraudulent filings, and it is not by chance that turbotax implemented a number of new security measures for customers after all of this. At the end of the day, customers will determine the outcome if not addressed properly.


Lis

  • Pencil Stache
  • ****
  • Posts: 725
Re: Feeling queasy about opening mint.com account
« Reply #64 on: March 12, 2015, 10:07:09 AM »
I agree with of you that fraud happens and generally electronic is safer, but as big as they are they have a responsibility to the customers and ultimately the shareholders to provide better checks and balances...if they are lax or complacent about punting to the IRS then they may be the same in other regards.  The other tax programs didn't have a similar increase in fraudulent filings, and it is not by chance that turbotax implemented a number of new security measures for customers after all of this. At the end of the day, customers will determine the outcome if not addressed properly.

Two problems with this though. Everyone pays taxes (let's assume without getting sidetracked), but not everyone uses TurboTax. While it's an extraordinarily popular way to file taxes, I assume the overall percentage of people who file taxes using TT is low. So John Doe files his taxes with his accountant, who does not use TurboTax or any Intuit program at all. Jane Smith is a bad person who has stolen all of information and files a fraudulent tax return in his name. How is Intuit/TurboTax supposed to know? They don't have a database on everyone in the country - that would be more disconcerting, to be honest. That should be up to the IRS to handle (or should be, at the very least).

And in regards to TurboTax having a higher amount of fraudulent returns filed... I wonder how true it is that other programs didn't have such an increase like TurboTax. TT had a lot of bad press for raising prices without announcing it (yes an issue, but for another discussion). If it's one thing the media loves doing it's adding more bad press or existing bad press. TT's been in the news for raising prices... what else have they done? It's clickbait. H&R Block and other services just have to keep their head down and not say anything and they get Intuit's business.

I'm an avid Mint user with my own problems with the site (it keeps doubling my 401k... I wish they could actually make it happen!). There are glitches, they categorize incorrectly from time to time, and the customer service is kind of a joke. But what I get in return, for not paying a dime, is worth it. Safety and security has never been an issue for me with them.

grantmeaname

  • Magnum Stache
  • ******
  • Posts: 4300
  • Age: 25
  • Location: London
  • This night has silence and very little fear
    • The MMM Blogger Community
Re: Feeling queasy about opening mint.com account
« Reply #65 on: March 14, 2015, 06:34:14 AM »
Two problems with this though. Everyone pays taxes (let's assume without getting sidetracked), but not everyone uses TurboTax. While it's an extraordinarily popular way to file taxes, I assume the overall percentage of people who file taxes using TT is low. So John Doe files his taxes with his accountant, who does not use TurboTax or any Intuit program at all. Jane Smith is a bad person who has stolen all of information and files a fraudulent tax return in his name. How is Intuit/TurboTax supposed to know? They don't have a database on everyone in the country - that would be more disconcerting, to be honest.

But you still haven't gotten to the part where that makes you at risk of identity theft from using TurboTax.
Quote
That should be up to the IRS to handle (or should be, at the very least).
It is.

coffee

  • 5 O'Clock Shadow
  • *
  • Posts: 5
Re: Feeling queasy about opening mint.com account
« Reply #66 on: March 14, 2015, 08:55:13 AM »
I am personally not worried about it at all.
Same with credit karma.

Lis

  • Pencil Stache
  • ****
  • Posts: 725
Re: Feeling queasy about opening mint.com account
« Reply #67 on: March 17, 2015, 09:25:14 AM »
But you still haven't gotten to the part where that makes you at risk of identity theft from using TurboTax.

I didn't 'get to it' because I don't believe using TurboTax makes you at any more risk for identity theft than most other methods of filing your taxes.

It is.

Sarcasm, my dear. Yes, it is the IRS's responsibility. Doesn't mean they do a very good job of handling it.

scottish

  • Pencil Stache
  • ****
  • Posts: 863
  • Location: Ottawa
Re: Feeling queasy about opening mint.com account
« Reply #68 on: March 17, 2015, 12:51:14 PM »
Quote
If 10 Million users have their bank accounts wiped out, something would have to be done about it.

Wipe out 10,000,000 bank accounts?   How about extracting a few dollars per month from each account.  Alternatively there's a black market for financial credentials - if an attacker was to get access to mint, they could sell user's credentials to others.   Since mint must have credentials from many financial institutions, it would be quite the hairball to sort everything out after the fact.   

In the worst case where millions of bank accounts are wiped out, what could be done about it?  Would Intuit be held to account for the losses?  Or would it be up to the federal government to make the users whole again?  Or each individual financial institution?  How many cents on the dollar of losses would be achieved?

Perhaps this is all alarmist - Mint says
Quote
we use the same 128-bit SSL encryption and physical security standards as your bank. We’re also verified and monitored by third party experts such as TRUSTe, VeriSign and other stalwarts of online security.
     We all know Verisign would never issue bogus root certificates.

Enough with the negativity (on my part, I mean).  For Canadians, the Bank of Montreal has added a very nice budgeting and tracking service.  If you have BMO accounts and credits cards it does a great job of categorizing expenses.  You can create rules putting specific payments and specific vendors into specific categories.   The only thing I haven't figured out how to do is export the results into a spreadsheet.  You can take screenshots of the pie charts though.

arebelspy

  • Administrator
  • Senior Mustachian
  • *****
  • Posts: 26094
  • Age: -999
  • Location: Traveling the World
Re: Feeling queasy about opening mint.com account
« Reply #69 on: March 17, 2015, 12:59:47 PM »
Quote
If 10 Million users have their bank accounts wiped out, something would have to be done about it.

Wipe out 10,000,000 bank accounts?   How about extracting a few dollars per month from each account. 

And none of them notice?  Or many of them do, and it's reported/discovered ASAP?

Which seems more likely to you?

Alternatively there's a black market for financial credentials - if an attacker was to get access to mint, they could sell user's credentials to others.

And that's different from now... how? 

I mean, I agree, that's a risk,

A fairly small one, IMO.  But one you take (or not) if you want to do things over the interwebs.

The bottom line is this:
If you're worried about Mint, I wouldn't online bank either.

We are two former teachers who accumulated a bunch of real estate, retired at 29, and now travel the world full time with a kid.
If you want to know more about me, or how we did that, or see lots of pictures, this Business Insider profile tells our story pretty well.
We (occasionally) blog at AdventuringAlong.com.
You can also read my forum "Journal."

scottish

  • Pencil Stache
  • ****
  • Posts: 863
  • Location: Ottawa
Re: Feeling queasy about opening mint.com account
« Reply #70 on: March 17, 2015, 05:32:30 PM »
I disagree with that one.   When you're banking online there's no 3rd party involved (i.e. Mint).    And the security breach will be specific to 1 financial institution, not all the different financial institutions
of all the mint users.

Like you say, it's risk management.   If all you have in the accounts is a couple of thousand dollars for paying bills not to worry.   If you have a 3 month emergency fund, maybe it's a different story.

Bakari

  • Handlebar Stache
  • *****
  • Posts: 1741
  • Age: 37
  • Location: Oakland, CA
  • Veggie Powered Handyman
    • The Flamboyant Introvert
Re: Feeling queasy about opening mint.com account
« Reply #71 on: March 18, 2015, 11:46:11 AM »
Quote
If 10 Million users have their bank accounts wiped out, something would have to be done about it.


In the worst case where millions of bank accounts are wiped out, what could be done about it?  Would Intuit be held to account for the losses?  Or would it be up to the federal government to make the users whole again?  Or each individual financial institution?  How many cents on the dollar of losses would be achieved?


https://www.fdic.gov/about/mission/


You have to go beyond not banking online to be sure you are never a victim of internet based account medling.


Remember last year when Home Depot's servers were hacked?
Unlike fears of Mint being hacked, this actually happened.


It made zero difference if you accessed your account and/or home depot's website online or not.
Everyone who USED A CREDIT CARD at any Home Depot was at risk of hacking.


So like I said earlier, the only way to be safe from things like that is to not use credit cards or banks AT ALL.
If your bank has online access - whether or not you personally make use of it - OR, if ANY store you ever shop at has online access or networked servers, then your personal information is at risk, and good hackers could hypothetically drain your bank account or max out your credit card.


But wait - when my ex-girlfriend got her credit card account hacked, it was because a restaurant employee wrote down her credit card number on paper and kept it.  And when my bank account was hacked, they stole a bank statement from my (locked - but not that strong) mailbox, and used it to create fake checks.


Again, these are all real life examples that actually happened, not imaginary worst case scenarios.  And none of them in any way involved online account access.


This is like how people worry about kidnappers, or being shot by cops, or plane crashes, yet don't think twice about driving 75mph on the freeway, even though that kills 1000s of times more people every year.
Anything I've said here useful or interesting?  Find a lot more of my thoughts here: http://randomthoughts.fyi

RetireAbroadAt35

  • Stubble
  • **
  • Posts: 191
Re: Feeling queasy about opening mint.com account
« Reply #72 on: March 18, 2015, 03:11:05 PM »
You should assume that:

  • Mint is a tantalizing target for cyber criminals
  • Mint is under constant probing / reconnaissance from said criminals
  • Mint is no different than any other application in this sense
  • Were Mint to be successfully exploited, all the data you provided Mint would be in the hands of attackers, including the usernames & passwords you gave them to log into your bank accounts for them.
  • Security is hard and Mint is vulnerable.  It is only a matter of time before they are exploited.

That said, you should still consider whether the value is worth the risk.  For me it is.

A few other thoughts.

  • It would be smart to disable the Mint email notifications that include your balances / net worth.  Having those in cleartext in your email is a privacy risk with little upside.
  • Have all of your banking account information stored in a secure location so that if mint were exploited, you could quickly go to all your bank accounts and change your passwords.
  • If your bank allows you to generate a token for use on sites like mint, use that rather than your normal username/password.

I would not assume that mint has their shit together.  Most organizations don't because they can't and because they are not properly motivated.  It's wild west out there.

http://www.cbsnews.com/news/the-reason-companies-dont-fix-cybersecurity/
« Last Edit: March 18, 2015, 03:13:39 PM by RetireAbroadAt35 »

Blonde Lawyer

  • Pencil Stache
  • ****
  • Posts: 640
    • My Student Loan Refi Story
Re: Feeling queasy about opening mint.com account
« Reply #73 on: March 19, 2015, 07:39:06 AM »
My health insurance just got hacked.  They are providing free credit monitoring service and if you suffer actual damages they have another company hired to fix that for you.  The way I view it, nothing is safe, we are doing damage control all the time, and I'm not going to let that stop me from using services I find useful.  However, I do agree that Mint poses a more unique risk given that you are providing your credential to other sites.

I do laugh sometimes at how over secure my student loan log-ins are.  What is a hacker going to do? Pay my loan off for me? Go ahead!

Bakari

  • Handlebar Stache
  • *****
  • Posts: 1741
  • Age: 37
  • Location: Oakland, CA
  • Veggie Powered Handyman
    • The Flamboyant Introvert
Re: Feeling queasy about opening mint.com account
« Reply #74 on: April 03, 2015, 06:21:22 PM »

I do laugh sometimes at how over secure my student loan log-ins are.  What is a hacker going to do? Pay my loan off for me? Go ahead!


I find it more than just ridiculous, but downright counter productive how secure the military make us make our passwords.
12 Characters (or more), at least one capital, lowercase, number, and special category.  And then mandatory change every 3 months (to one which was never used).  3 mistaken log in attempts, have to reset it.

All of which means, there is no realistic way that any one could remember their password without writing it down somewhere.
Which immediately defeats the purpose of having a secure password!


Anything I've said here useful or interesting?  Find a lot more of my thoughts here: http://randomthoughts.fyi