Author Topic: Mint.com security concerns?  (Read 21343 times)

Baylor3217

  • Bristles
  • ***
  • Posts: 291
Mint.com security concerns?
« on: March 28, 2013, 10:02:41 PM »
I understand many if you use that site. How do you get past the obvious security concerns?

Daley

  • Magnum Stache
  • ******
  • Posts: 3957
  • Location: Cow country. Moo.
  • Got that mustache feeling.
Re: Mint.com security concerns?
« Reply #1 on: March 28, 2013, 10:07:21 PM »
There's actually a good thread on it here.

For what it's worth, I won't use it... but I'll spare the reasons.

Honest Abe

  • Bristles
  • ***
  • Posts: 376
  • Emancipate Yourself from Mental Slavery
Re: Mint.com security concerns?
« Reply #2 on: March 29, 2013, 07:15:16 AM »
They've (intuit)  been aggregating people's financial information for decades with their Quicken software. While past performance doesn't guarantee future results, I'd say their track record is relatively clean.

I think the best thing you could do, with or without mint, is to use a password manager like lastpass to generate distinct, strong passwords for all of your sites (especially forums such as this)

Spork

  • Walrus Stache
  • *******
  • Posts: 5753
    • Spork In The Eye
Re: Mint.com security concerns?
« Reply #3 on: March 29, 2013, 08:45:54 AM »
They've (intuit)  been aggregating people's financial information for decades with their Quicken software. While past performance doesn't guarantee future results, I'd say their track record is relatively clean.

Ima gonna disagree.  The online version of TurboTax has been plagued over and over by security breaches.  (Example).  Some of these were just plain stupid.  One I remember was something along the line of theirwebsite.com/their_url?customer=12345.  If you wanted to see someone else's return, you just changed that number on the end.  Maaaahvelous.

If you are going to base your decision on past performance: they've not been great.

MtnGal

  • 5 O'Clock Shadow
  • *
  • Posts: 36
Re: Mint.com security concerns?
« Reply #4 on: March 29, 2013, 10:01:22 AM »

chucklesmcgee

  • Pencil Stache
  • ****
  • Posts: 613
Re: Mint.com security concerns?
« Reply #5 on: March 29, 2013, 11:38:45 AM »
I understand many if you use that site. How do you get past the obvious security concerns?

The same way you got past the fears of handing your credit card information over to an incredibly secure database when making an online purchase despite being completely alright with leaving your card over to a shady waiter or an unknown customer service agent over the telephone. Your information is already out in a million different places, putting it in one additional secure place isn't going to make much of  adifference.

Spork

  • Walrus Stache
  • *******
  • Posts: 5753
    • Spork In The Eye
Re: Mint.com security concerns?
« Reply #6 on: March 29, 2013, 01:22:40 PM »
I understand many if you use that site. How do you get past the obvious security concerns?

The same way you got past the fears of handing your credit card information over to an incredibly secure database when making an online purchase despite being completely alright with leaving your card over to a shady waiter or an unknown customer service agent over the telephone. Your information is already out in a million different places, putting it in one additional secure place isn't going to make much of  adifference.

I wouldn't say that's a valid comparison.  The credit card is "VISA's money".  My bank/investment accounts are "my money".

You are probably safe with Mint.  Probably.  But I wouldn't use it.

BlueMR2

  • Handlebar Stache
  • *****
  • Posts: 2008
Re: Mint.com security concerns?
« Reply #7 on: April 01, 2013, 07:17:11 AM »
I went around and around with this myself.  Ultimately, I'm not going to use it.  Benefits just don't outweigh the risks for me.

GoStumpy

  • Stubble
  • **
  • Posts: 243
    • YNAB = The ultimate budgeting software
Re: Mint.com security concerns?
« Reply #8 on: April 01, 2013, 07:46:30 AM »


The same way you got past the fears of handing your credit card information over to an incredibly secure database when making an online purchase despite being completely alright with leaving your card over to a shady waiter or an unknown customer service agent over the telephone. Your information is already out in a million different places, putting it in one additional secure place isn't going to make much of  adifference.

Definitely a difference between giving a website your credit card number, and giving your bank account PASSWORD....

It also violates the T&C of my Bank, so if heaven forbid something DOES happen (not likely I know), my bank is NOT responsible for $ lost!

And don't think it *can't* happen!!  IT DOES... I just found out an entire block of STUDENT LOAN information was 'leaked', account numbers, Social Insurance #'s, etc...  If a Government Student Loan program can make mistakes, so can some website without people to talk to.

randymarsh

  • Handlebar Stache
  • *****
  • Posts: 1374
  • Location: Denver
Re: Mint.com security concerns?
« Reply #9 on: April 01, 2013, 01:13:39 PM »
There's obviously security concerns with ANY system that has your information...but I just don't get the specific concerns with Mint. I also don't understand what real world implications a hack would really have.

If Mint itself was hacked, they could see how much I spend on stuff and how much debt I have? I guess that could be awkward for some people (online porn or gambling transactions maybe?)

If they actually gained access to my usernames/passwords, they could log into my accounts. Then what? Mail a check somewhere? Do a funds transfer? Now they've given a paper trail and account information. Seems like an easy way to get caught.

My information is already a million different places. Experian, Transunion, Equifax, US Department of Education (student loans), Social Security Administration, IRS, Vanguard, Chase, Citi, Discover, etc. They could all be hacked too. Some of those pose a more serious risk than Mint getting hacked.

Maybe I'm just naive, but I'm not worried about Mint. I check my credit reports a few times a year (so I'd notice any new accounts easily), and login to online banking at least twice a week so I'd notice any odd behavior. The credit card companies text me when transactions above a certain amount go through.

To be honest, I think someone leaving a company laptop in a taxi with unencrypted information on it is way more likely than a Mint hack.

Spork

  • Walrus Stache
  • *******
  • Posts: 5753
    • Spork In The Eye
Re: Mint.com security concerns?
« Reply #10 on: April 01, 2013, 01:40:34 PM »

If they actually gained access to my usernames/passwords, they could log into my accounts. Then what? Mail a check somewhere? Do a funds transfer? Now they've given a paper trail and account information. Seems like an easy way to get caught.


If you watch what goes on with computer security ... this type of hack happens all the time.  (I'm not referring to mint.... but the type of attack.)

Usually when folks get userids/passwords, they pass them through a money mule.  They have "work at home" scams where they hire people to move money (or hard goods) around.  These are innocent people that think they're getting paid to do legal tasks.  When the hammer comes down, it's these people that get busted.  It's very common.

the fixer

  • Handlebar Stache
  • *****
  • Posts: 1037
  • Location: Seattle, WA
Re: Mint.com security concerns?
« Reply #11 on: April 01, 2013, 02:02:44 PM »
I'm squarely in the no-Mint camp. I'm a software developer with some security background. No website should know that much about my finances, especially one that does not offer any financial assurance they will keep it safe. Sure, I have a lot of money with Vanguard and if someone got into my account they could do a few malicious things, but if that breach were Vanguard's fault they would be liable. If Mint gets compromised, I believe it would be too easy for my bank and Mint to just point fingers at each other and refuse to compensate me.

Intuit has made themselves an extremely high-value target, and the payoff from a criminal organization compromising their account credential database is probably much greater than the amount Intuit spends on its security team. The criminals will eventually win, because they have more to gain.

I also don't trust Intuit not to sell my personal information (where I use my CC, what services I subscribe to, my net worth, etc.) to marketing and advertising firms like every other free service out there does. Maybe they do already, I don't care enough to check. Even if they don't do it now, they will someday. It's economics: the longer they hold out, the more valuable that data would be to buyers and the more tempted they'll be to sell it. Eventually some PHB will decide to pull the trigger; at that point if my data is already there, I can't stop them.

I track all my finances in gnucash.

GoStumpy

  • Stubble
  • **
  • Posts: 243
    • YNAB = The ultimate budgeting software
Re: Mint.com security concerns?
« Reply #12 on: April 01, 2013, 03:14:02 PM »

My information is already a million different places. Experian, Transunion, Equifax, US Department of Education (student loans), Social Security Administration, IRS, Vanguard, Chase, Citi, Discover, etc. They could all be hacked too. Some of those pose a more serious risk than Mint getting hacked.


If Experian, Transuinion, Equifax, IRS, Vanguard, Chase, Citi, Discover, got 'hacked', it would be THEIR fault, and they 99.9% of the time refund fraudulent charges.

If mint.com is 'hacked' and allows access to your bank account, (with the password you've given them), you're screwed because you violated the T&C of your bank.  The money is gone.  Bye Bye. 

THAT is why I stopped, I don't like blatantly violating the T&C of my online banking, giving them full authority to deny reimbursement if something happens to go wrong.


Besides, it wasn't that useful anyway :)