Wednesday, August 05, 2009

Is Safe?

Yesterday, I wrote about managing my money with Ed asked, in a comment, whether can be trusted - is it safe to use the service? Here are my thoughts on that question.

Here is the information I have given Mint:
  • my email address
  • the names of financial institutions I have relationships with
  • the user logins and passwords for those accounts
I have not given Mint, and they have not asked for:
  • my name
  • my address
  • my phone number
  • my account numbers
  • my social security number
Something important to know is that you can't do anything from the website. If someone guesses or otherwise obtains my password and logs in as me, they will be able to see a lot of my private financial information, but they won't be able to withdraw money, move money around, view my login and password information for other sites, or anything like that. All they can do to me is violate my privacy a bit. That doesn't seem very interesting for criminals, and I'm not too worried if someone I know does this. (It's just not that private to me that I have $1200 in a savings account or spent $4.62 at McDonald's last week.)

The only real point of danger I see here is that Mint itself has my user names, passwords, security question answers, etc., stored somewhere. This leads to two question:

1. Is Mint a criminal enterprise?

I would say not. They are so mainstream, have so many reviews from mainstream sites, so many certificates from ratings authorities, that I think we would know by now if they were criminals out to steal our money.

2. Can Mint keep my data safe from other criminals?

By this I mean, is Mint going to be hacked into by someone who will then get all of my user names and passwords and use these for nefarious purposes?

I have reasonably good faith that Mint has adequate security meaures in place to prevent this. I also know that anything you can do through accessing my online accounts takes a few days to actually generate money. (For instance, you could have a card issued to yourself from one of my credit accounts, or set yourself up as a bill pay payee and send yourself a payment, or copy the information from one of my scanned-in checks and use the account and routing number to submit your own check from my account to yourself.) I think that if a major breach happened at Mint, they would know, and enough people would be affected that we'd all know to take steps to prevent a loss.

Ultimately, whether you decide to trust systems like this is a personal question. I (briefly) lost $1300 once when someone broke into my Paypal account, but I was able to recover the money within a few days, and the hassle involved was small. Apparently some people have suffered identity theft crimes that were harder to recover from.

At the same time, using Mint makes me much more likely to notice fraud happening in any of my accounts, because it won't take a billing cycle or two to notice new charges show up on a credit card I don't use, or to spot a suspicious withdrawal from my savings account.

My guess is that, on net, using Mint is safer than not using it.

1 comment:

Sally said...

I have never used any of this kind of software. I don't know if this is for the same reason that my sister (who eats well, gets a ton of exercise, and possibly won the genetic lottery) doesn't have software for managing her diet and exercise or if I just haven't felt sufficient motivation to do the work to set something up.