If you're new here, you may want to learn what this site is about. I encourage you to subscribe to my RSS feed. Thanks for visiting!
In this guest post, SC takes a look at Mint, one of the recent batch of on-line financial management tools. I haven’t had a chance to use the site, so SC volunteered to write about his experiences.
Mint is a new website that claims it will help you organize your finances, automate your financial life, and help you save money at every turn. I have a credit card with Capital One, two bank accounts with E-Trade, and a number of certificates at E-Trade, as well. Normally I use Quicken at home to manage all my finances, and but I gave Mint a whirl a few weeks ago.
Here is a quick summary in case you don’t like to read: Mint is great for helping you identify spending habits and prioritize your finances. It has wonderful charts and graphs, and was very easy to use. Also, if you are not using the most efficient “financial vehicles”, Mint has good suggestions. It is not a good tool for finding “deals” on your day-to-day spending. Mint just can’t get enough information from your credit card bill to adequately offer cheaper alternatives to your shopping habits.
Getting started
The first thing you do at Mint is add your various online accounts. This was easy as pie — mint pie.
The interface for adding and organizing your accounts was very simple — it felt a lot like moving around widgets on the iGoogle homepage.
Financial overview
Once you’ve uploaded your credit card account information, Mint is able to offer a variety of information about your money. One of the neat features is the Financial Overview page, which shows you the current status of all your accounts — updated every night:
The Financial Overview also displays your cash vs. debt breakdown, and how much you spend on various categories (shopping, restaurants, gas, entertainment, groceries, etc) with a bar chart. If you click on one of those categories, Mint will show you the associated charges, so you can easily see what you are spending where.
For example, here is my grocery breakdown:
And my entertainment expenses:
Spending trends
Mint tracks your spending trends across the months of data it has for you. Then it puts a fancy pie chart together for you. (This probably will look familiar to Quicken users.) Here is my spending breakdown per Mint:
This chart shows each category and how much I spent. If I click on a category — Food and Dining, for example — it will expand to show me more details:
I found this to be very helpful to identify specific areas I can cut back. I wish I could click a subcategory and see a listing of those charges, but that’s not an option I can find.
On the same page with the nifty pie charts, there are a series of bar graphs showing how your spending pattern has changed. This is fairly limited since I just signed up with Mint (and my credit card only keeps two months of history), but I would imagine that as time goes on, it will become more and more helpful:
I sold my car last month and now only ride a motorcycle, so it’s nice to see my gas has gone down. I also made a more concerted effort in September to eat at home more and eat out less. My grocery bill went up, and my restaurant bill went down! Yay!
Advertisements
So here is where Mint loses its flavor. Basically, it offers you “savings options”, which are products you don’t currently use and could save you money. There are two kinds of offers that Mint shows you:
- Consumer services — Mint told me I should switch from Sprint to Verizon. It noticed that I spent ~$450 on phone service this month and offered a Verizon alternative. There are a few issues here:
- I bought a new phone this month, so my monthly number is very inflated. There’s no way to adjust this with Mint.
- I use Sprint for a reason: I can’t get what I need with Verizon. I have an unlimited phone, data, and text plan, plus a cellular WiFi card, and the connection speed on Sprint is notably faster than Verizon. Mint’s “Verizon Offer” is a generic “you can get your phone, internet and cellular service for $145 a month!” and there’s no way to update your needs and get better tailored ads.
- Financial services — Mint does a better job here — at least the offers were comparable products. But again, Mint didn’t know what specific rates and costs my accounts were. So, for example, Mint told me I should open an ING checking account and get 3.50% APY, a yearly savings of $250. But my E-Trade checking account has an APY of 4%! Same thing for the Discover Credit Card it suggested. I have a cashback plan with my Capital One card, but it didn’t ask (or have a way to input manually) what my plan is. So the $4,489 in savings I could have each year is completely inaccurate.
Sometimes — especially if you aren’t taking full advantage of competitive financial vehicles — this might be handy. If you don’t getting interest on your checking account, you should look into it!
But this certainly isn’t the real strength of Mint.
Bottom line
I think Mint is a wonderful tool to organize and analyze your finances; it’s a more detailed and user-friendly online flavor of Quicken. (But without the check writing abilities.) As a free site, it’s pretty cool. It doesn’t get much better than free!
But in terms of actually saving you lots of dough through promotional offers, I would take a pass. Unless they find a way to really tailor their recommendations to your needs and situation, it doesn’t seem like it will work very well for the average consumer. It didn’t work for me.
Thanks for the review, SC! What about you folks? Have you used Mint? Do you like it? How would you improve it? Last year about this time, I reviewed Wesabe, another online personal finance tool. Have any of you tried both? How do they compare? For myself, I’m happy to keep using Quicken for now.
November 14th, 2007 at 6:24 am
I’ve used Mint and was initially VERY excited about it because I have been wanting an online replacement for Quicken for a long time. However, it is very, very buggy — to the point where it becomes unusable. Sometimes charts don’t work or are not accurate; often times it couldn’t figure out how to handle the ING accounts and its “pending” status. My other big problem with it is that you cannot modify the categories at all. I don’t need a lot of customization, but I do need some.
The good thing about Mint is that it led me to Yodlee, a far, far superior online finance solution. It is so good, I’m amazed it does not get more publicity, especially on personal finance sites like this. First, it does everything Mint does, but better. No serious bugs that I’ve seen, and I’ve used it daily for the last 3 months now. And then it far surpasses Mint’s functionality. It includes bank & credit card accounts but also investments accounts and even mortgage account tied to Zillow.com valuation software so you can get a good read on the equity you have in your house, all of which contributes to the net worth report it makes available.
I could go on about other features, but it would take a long time. If you are looking into online personal finance solutions, you owe it to yourself to check out Yodlee.
November 14th, 2007 at 6:28 am
I use Mint and this review is right on target with both the good and the bad points (almost exactly what I would have said).
November 14th, 2007 at 6:37 am
I tried mint for about 5 minutes a few weeks ago. I set up one of my bank accounts and it did seem to look very good. Then (about 5 minutes after I started) I said, “wait a second, I’m a software engineer who works in security, what the heck was I thinking just giving out my bank account’s password to some random website?!” So I promptly disabled the account and changed my bank’s password.
I think it’s a neat idea IN THEORY, but cannot bring myself to, or recommend others to give out their bank passwords.
November 14th, 2007 at 6:50 am
I used Mint briefly. For me the bad outweighed the good. This review is right on with the service. I view Mint as a place for people to start getting a grasp on their finances. If you are already there it is not a great tool.
November 14th, 2007 at 6:51 am
I’m stunned that a review of Mint wouldn’t include anything about the serious privacy concerns raised by Mint! Unlike other online money managers, Mint asks for your logins, passwords, and account numbers for all accounts you’d like to track. Are you guys being paid in any way for reviewing this service? Is it relevant to mention that among the terms and conditions for using Mint, you waive your right to a trial by jury or to participate in a class-action suit against Mint?
November 14th, 2007 at 6:52 am
I tried Mint and ended up canceling because of two problems: there is no way to exclude accounts when you have multiple at one institution (like the business account my bank has listed under my name but whose money does not belong to me), and the lengths to which I needed to go to get their site to crack into my ING account. The bells and whistles look nice, but I’m still just concerned enough about my financial privacy online that I’d rather not be giving my bank account passwords to third party sites.
November 14th, 2007 at 7:01 am
I tried Mint out briefly but later cancelled my account because of security concerns as well. I don’t quite feel comfortable giving all my username/passwords to a small internet startup.
I realize they have strong privacy policies right now, and are most likely not going to doing anything inappropriate with my information, but say they get bought out by a company that isn’t quite as “concerned” about that sort of thing. I don’t think the small value gained by having all your financial info in one place is worth the risk.
November 14th, 2007 at 7:04 am
Doesn’t the fact that this site has access to all a person’s financial data send red flags to anyone?
Identity theft is the fastest growing white collar crime right now, and its a billion dollar “industry”.
Imagine the GOLD MINE that a malicious hacker would find if they were able to breach Mint’s site. How many users does mint have? How many credit card and investment accounts are those linked to? Right. I’ll keep it to myself thanks.
Oh, and I’m sure they’re not selling users’ personal information. Not that the wonderful banks that we all know and love didn’t already do that.
November 14th, 2007 at 7:14 am
I’m not saying that Mint is bad. Obviously some people love it. But I, too, am wary about using it.
I would be happy to share a guest post at GRS from somebody who is concerned about Mint’s security. This would probably be better if it addressed online security in general, of course. (Actually, this sounds like a good idea for an article, even if nobody volunteers to do a guest entry. I’ve added it to my “future stories” list.)
I just dropped a line to the folks at Mint asking them if they’d be willing to come address reader concerns.
November 14th, 2007 at 7:18 am
I’ve tried Mint and I think the one area the site is really lacking in is budgeting tools. I’ve been using Mvelopes.com for about 6 months now, and their budgeting tools have helped me make dramatic changes in my spending habits.
Sure, I could save myself $7 a month by switching to Mint. The way I see it though, Mvelopes’ budgeting tools help me save far more than that $7 a month by helping me stick to my budget.
November 14th, 2007 at 7:18 am
@Amber - I had the same issue re excluding accounts at banks. I’m the power of atty for my mom and her bank in my primary bank, so having the primary checking account of two separate households killed by initial trial of Mint.
I went on there today and they do now have that option.
November 14th, 2007 at 7:21 am
i’ve been entertaining the idea of using an online tool like this, but can you tell me what the risks of giving a FREE online tool access to your personal accounts would be?
November 14th, 2007 at 7:32 am
I do like the interface with Mint, but my ING account is very hard to adjust. It keeps asking me for my information to log ina nd most times I can’t access it.
November 14th, 2007 at 7:32 am
After reading the part about Mint’s user agreement I promptly went to the site and deleted my account. That is just plain scary.
I also agree with J.D. about the credit card peddling. I think that a site trying to help people manage their money is really only hurting most consumers by advertising credit cards. Many of us think we have learned responsible use of them, but very few of us actually have.
One of the sites that I don’t think has been mentioned yet on GRS is expensr.com. I checked it out a few weeks ago. It isn’t as Web 2.0-ish as Wesabe or Mint, but it works fairly well. It doesn’t seems to work very well if you use credit cards as far figuring out how much you actually spent per month. It does have ways to compare your spending with other people (in groups) as well as a way to enter your monthly budget, which is nice.
November 14th, 2007 at 7:38 am
YOU HAVE TO GIVE IT ALL YOUR BANKING PASSWORDS!
November 14th, 2007 at 8:02 am
You might also want to look at Expensr.
I haven’t tried it, but a few of my friends like it.
Lise
November 14th, 2007 at 8:03 am
I tried Mint, but it was way too limited for me. I have an account with Citizen Bank, and Mint.com couldn’t get connected too it. I raised a feature request in the forums, along with many other Citizens bank customers, and we were just fobbed off with no resolution or even commitment.
So when my main bank can’t be added - it was useless too me. At least with wesabe I can upload my statements manually.
So I cancelled my Mint.com account, quite unsatisfied with the experience.
November 14th, 2007 at 8:06 am
I like mint, I’ve been using it for a couple months now. It helps me set a budget and I can look any time and see how I’m doing with my monthly budge.
November 14th, 2007 at 8:10 am
I agree with cms. I tried mint and wasn’t that pleased with it but after doing some research mint led me to Yodlee (moneycenter.yodlee.com) and I have been really pleased ever since. I currently use a combination of Yodlee and Mvelopes to track my finances. Yodlee to track my net worth and my overall status in all of my accounts and Mvelopes to have a more proactive way to budget and track what I have spent in each category. This has been very helpful for coordinating the budget with my wife since we can both access the budget online whenever we need to.
November 14th, 2007 at 8:13 am
[...] 14, 2007 by Linda Well now, Get Rich Slowly just posted quite an in-depth review of Mint. How [...]
November 14th, 2007 at 8:29 am
As others have stated, the security concern is a real one and that is what keeps me from signing on with a company like Mint. My take is that even if the guys at Mint are doing everything they can to give your information the best security they can, what happens when they get bought out by some faceless corporation?
Do you think someone isn’t working very hard to get all of those account names and passwords out of Mint right now? Could they not possibly be smart enough to pull it off? It’s just a matter of time in my opinion…
November 14th, 2007 at 8:33 am
I use mint. I’m a little frustrated because they sent me these emails telling me when my credit card bills were due, but it forgot one, so I didn’t pay it. I shouldn’t have trusted it. My fault, but I usually look at my credit cards each time I get paid to look at the finances, and pay the bill if it’s due. Since I started using mint, I haven’t been visiting each credit cards site as frequently. Well, not I’m going to move all my credit card bills to the same day, and pay them all of at once so I don’t forget again. And I’ll still use mint.
November 14th, 2007 at 8:37 am
Thanks for the through review, SC!
As was mentioned by other commenters, Mint uses Yodlee as a partner to access financial accounts - the very same service that powers Bank of America’s My Porfolio, Microsoft Money, and other bank’s branded personal finance management system.
Amber: As mentioned by Kraft, we’ve recently added the ability to exclude or hide accounts, depending on your preference on Mint.
Paul #1: Our privacy policy does in fact address the concern you’ve mentioned.
Paul #2: We’re well aware the problem many users are having with Citizens bank, and we’re working with Yodlee to address the issue. Unfortunately there’s no quick resolution to the problem.
For those that are concern with security and privacy, which is always a valid issue for applications such as these, I invite you to read Mint’s safety page and privacy policy.
You should also be aware that Mint does not require personal identifiable information to use the service. We do not ask for your name, address, birth date, and certainly not your social security number to register for use with Mint.com. We only require an email and password of your choice. We also strip away account numbers from banking and credit accounts so these information are not shown when you access Mint. At Mint, we want to ensure that our users are as anonymous as possible to protect their privacy.
In regards to the Ways to Save page, or the SmartSave engine, it is in beta and will definitely be more robust as time progress. We only show offers that are calculated to show savings, regardless if the offers are sponsored or not. For anyone that’s a rate-chaser, or a savvy credit card user, they’re most likely aware of the massive amount of choices out there in terms of high-yield savings or credit card rewards - it’s not easy to swim through the myriad of terms and condition on APRs and fees! As the database grows and algorithm refines, the aim with the SmartSave engine is to provide a quick and objective way for people to identify better rates and savings opportunity.
There’s also a reason why the page is separated on another tab, if you’re a savvy consumer that’s fully aware that you’re using the best account for your financial situation, then you most likely won’t need to check the page out. In future releases, we’ll try our best to fit in more functionality so that users can give more feedback to the types of offers they see.
Our users constantly give us feedback, whether positive or constructive criticism, we read them all and take them into account. At the end, we’re consumer advocates. We’re trying to make a financial application that’s secure, simple and objective so that our users can get a better handle on their finances, to truly see where their money is going and have a better tool to grow their net worth. If you have an idea on how we can better do that in the forms of feedback or product suggestions, please contact us and send them our way!
Since JD has also invited others from Mint to address other concerns, expect more responses to follow (I personally just read the post right now).
Cap
Mint Community Team
November 14th, 2007 at 8:40 am
I really like the Mint interface. It’s very clean and easy to use, but there were actually several of my accounts that Mint couldn’t connect to. I may try it again in a month or so to see if that problem has been resolved, but I guess I’ll be sticking to Quicken for now.
- Brandon
November 14th, 2007 at 8:49 am
Even putting security concerns aside, this isn’t worth it to me if I can’t enter stuff in manually. Like my student loans, or a check I’ve written that hasn’t cleared. I’ll stick to MS Money.
November 14th, 2007 at 9:05 am
SC (and JD) - thanks for doing that writeup.
My biggest concern about Mint isn’t the security aspect of it, but the hands-offiness of it — their focus seems to be on eliminating as much financial thinking (on the user’s part) as possible. Granted: you can use their service and still be involved in budgeting and whatnot, but when you “put your finances on autopilot,” I think you tend to put your spending on autopilot, too. Or you miss important payment dates, like Jeffeb3 (post 22).
Two other services in the personal finance space that look good are clearcheckbook.com and expensr.com (mentioned above). And, as you mentioned, Wesabe. And, of course, once we launch PearBudget, we’ll be in the space as well (although our focus will be much more on making a spending plan and keeping a budget, rather than synching up bank accounts). Even though I’m behind PearBudget, please don’t think I have anything against Mint. Clearly, a lot of people have found them to be useful.
Each of the services has strengths. And, depending on what you’re looking for, each service has weaknesses as well. But what’s most exciting is that people are finding tools to engage with their finances. Regardless of what tool you end up using, getting your financial house in order is crucial. It’s awesome that tools are emerging to work with different peoples’ approaches to money. It’s just a bit of a shame that there’s not a quick way to compare them all to see which one works best for you.
November 14th, 2007 at 9:13 am
bank of america’s website sort of has something like this.. it’s called MY PORTFOLIO.. it lets you add all your accounts (assets and liabilities) and also filters expenses into graphs.. i kinda like it because i can keep track of my net worth all in one page
(only thing is it won’t let me add my ING direct account for some reason)
November 14th, 2007 at 9:32 am
SC,
Great review. I’m glad you see Mint as a quick, easy way to see where all your money goes without much work.
Regarding Mint offers, we’ve noticed that the interest rate that you get on your bank, or the rewards you have on your credit card may not be accurately reflected. In our next release (one week away) we’ll be incorporating data from nearly every checking, savings, and credit card in existence (a monumental task to be sure) to ensure accurate, reliable savings recommendations. We’ll also let you over-ride our inferred spending (e.g. $450 on your mobile because it included a phone) as well.
Thanks for the great feedback.
Aaron Patzer
Founder & CEO, Mint.com
November 14th, 2007 at 9:39 am
Re: Security
On Mint.com security, I’ll make a bold statement: You’re safer on Mint than with online banking. Mint has a read-only connection to your bank; there’s no money transfer in Mint.
On Mint, you’re completely anonymous. We never ask for a name, address, or SSN - just an email. We know about your finances…but not about you. We’re also independently verified by Verisign, TrustE, and several outside agencies.
We also have serious physical security. Our servers are in a secure, unmarked facility. To get in, you need to pass 3 biometric scanners, 4 locked doors, and several guards. We have our own cage so we’re physically separated from all other companies. Cameras monitor our servers and power supplies 24/7. The servers themselves have additional locks. The hard drives are encrypted. It’s like Mission Impossible (except without the electrified floors…maybe one day).
Perhaps more interestingly, 90% of all fraud actually occurs offline, not online (e.g. someone swipes your card at a restaurant or from your mail). Because Mint sends proactive alerts for low-balance or unusually high spending, you’ll know right away. It’s better than logging into 4-5 different banks every day, or waiting 30 days for a paper statement before finding that something went wrong. It’s better to be proactive in protecting yourself vs. passive - and Mint.com helps tremendously there.
Mint uses Yodlee on the backend to connect up to banks. In 10 years of operation, there’s never been a major security breach at Yodlee. This is the same secure “account aggregation platform” used by Bank of America, Microsoft Money, and Fidelity.
Aaron Patzer
Founder & CEO, Mint.com
November 14th, 2007 at 9:49 am
To the people concerned about security, I suggest you think of a couple of things. First, many, many banks use Yodlee for their security. So, if you feel comfortable with an online account at your bank, you can feel comfortable with the security of Mint and the source, Yodlee. Second, if someone were to get into your accounts, what exactly could they do? I defy you to even find your own account information at your online bank, and you certainly wouldn’t be able to find your SSN. You can transfer money between accounts, but it’d be pretty tough to transfer money to a completely new bank account without the owner knowing it, given the hoops we all have to jump through to set up a new transfer account.
I’m not saying I’d like it if someone hacked into my accounts, I’m just saying I find it highly unlikely. And if a person did, I don’t expect much damage would occur.
As a reminder, many people were distrustful of ATMs when they first came out, to say nothing of online banking and (horrors!) online BANKS themselves. But I suspect most people who frequent this site got over it.
November 14th, 2007 at 9:58 am
I happen to love Mint. Not sure where I found it but I’m glad I did. It’s been great to see how my finances are laid out in graphical format. I use BofA but the My Portfolio is kinda cheesy. I still prefer Mint.
Regarding the ING accounts, they do not allow external services to connect to them. I was trying to add my Electric Savings and Electric Orange accounts and they always failed. A quick call to ING yielded a security related response. This is not Mint’s fault.
If you’re interested in a site that provides high security and allows for a nice overview of your accounts, then try Mint and see if you like it.
November 14th, 2007 at 10:22 am
It’d be great to keep track of all my finances like this, but no way I’m giving out my passwords, accounts, cc’s, etc to an online site. It’s bad enough when Ebay or Paypal get hacked. I don’t want to find out someone hacked into Mint and has ALL of my financial information.
November 14th, 2007 at 10:23 am
While this sounds like a useful site, it just really makes me uneasy. Why would anyone create a site like this without a subscription fee? I haven’t researched how long they’ve been around, so perhaps they’re new and just looking for customers.
Personally, I’d look at their privacy statement very, very closely. I’d be concerned they were mining my finance data and then selling it (and whether or not they did it with or without my name is irrelevant to me — I would expect any site with personal finance information to not say “Oh, Restaurant Advertiser: SR over in Seattle spent $xx at restaurants in October”).
Personally, if I wanted to use a tool like this, I’d buy some software, so that my personal information wasn’t potentially being mined and distributed to marketers.
November 14th, 2007 at 10:34 am
Another Bank of America customer here. I also use their branded Yodlee service (My Portfolio). I like it a lot so far. As others have mentioned, the budgeting portion of it is kind of weak. For instance, the seperation of restaurant and grocery purchases is great for showing how you’ve spent your money, but in my opinion is awful for budgeting it. (I like to simply set a monthly food budget, and if I blow it I know I’m eating out too much.)
Mvelopes seems like a nice solution to this, but I refuse to pay $7/month for something I can do myself! (Albeit with a little more work, since I doubt I’ll be able to automatically pull purchases. Maybe I’ll teach myself how to parse Quicken files…)
My favorite view in Yodlee is the cash flow. I love being able to see, both in hard numbers and graphically, how I’m spending compared to my income. The graph gets a little shaky when I go to a weekly instead of monthly view though, since my paychecks are biweekly and my biggest expenses are piled up at the beginning of the month. (Thus I end up with a nice alternating XXX pattern of the red and green lines!) It’s nice to see that I net on average about $100 per week though.
And for those concerned with your safety: I’m happy that you all are concerned. You should be. Just be careful not to misplace it. I think Aaron addressed your concerns very well. Especially relevant is the fact that 90% of identity theft is not online! Media exposure would have you think those numbers are reversed. You have a problem giving your account information to an automated aggregation site (so that no person is actually looking at your information!), but you have no problem handing your physical card to the random waiter/-ess that is serving you, and allowing them to take it out of your sight!
November 14th, 2007 at 10:46 am
Whoa.. security paranoia to the max. cms said what I was about to.
Also, Ariston: My Electric Orange account works fine on Mint..
I use mint. I used to use wesabe but then i got into mint beta and it’s so..much.. *prettier*. Yeah, big fancy reason that is.
Anyway, I’m looking forward to improvements (i really wish they would hurry and put student loans on there!), I absolutely love all the graphs and such. It’s always nice to go through, tag all the purchases my boyfriend weasles out of me, then point it out to him on the graphs later. It helps… sometimes. Even the suggestions, I’ve found much more informative than not. Everything they’ve shown (nearly) is much better than what i’m using now.
November 14th, 2007 at 10:47 am
Watch out for those waiters as mentioned in an earlier post. One in my area was fired. He would take the customer’s charge card at the cash register when they were paying for a take-out, then hold it underneath the counter and take a pic. of the front and back w/his cell phone!
November 14th, 2007 at 10:50 am
Mint.com is a good tool from everything I have seen, however in inherits the same flaws as every other financial aggregator on the web. There are several security concerns, and their admins seem not to like addressing them. Also keep in mind that Mint.com has 0 liability if anything happens to your data. I wrote about some of the concerns at my blog
http://think-smarter.blogspot.com/2007/10/mintcom-great-concept-bad-execution.html
November 14th, 2007 at 10:54 am
I’m sure other people will/have said the reason i don’t like this service, FOR ME:
Identity theft. I’m sorry, but i don’t want to hand over ALL of my financial numbers, and passwords, &c over to a stranger, let alone a stranger on the inter-web!
I hope people who can’t afford Quicken/Money can find this useful, but i would have a Better Suggestion, if you use this because of money: Gnucash. It’s open source, free, and available on both Linux and Windows (and they just released a portable version for Windows)
November 14th, 2007 at 11:08 am
Is Yodlee free?
Which one is better: Yodlee or Mint?
thanks,
Vic
November 14th, 2007 at 11:30 am
@VicfromATL
Mint is actually using Yodlee to provide the service, they just provide a front end to Yodlee to make it a little more user friendly according to them.
November 14th, 2007 at 11:33 am
This is a very good way to keep organized with financial matters. Although this program is interesting, I don’t think I would have the time to try it
As for this post, you spelled “CAPITAL” one wrong as “CAPITOL” at the top
-Mike
November 14th, 2007 at 11:39 am
FYI, if you have an account with Fidelity, they have a Yodlee-powered interface called “Full View”. I’ve used it to consolidate all investment accounts and Rewards Points accounts into a single picture. Good or bad, I trust Fidelity to ensure the security of access to my accounts.
I still use Microsoft Money for checking & credit accounts, primarily because I rely heavily on the scheduling of bills for planning purposes.
November 14th, 2007 at 12:06 pm
I *like* Mint. My finances had been in shambles and - at least for the budgeting-challenged such as myself - it really helps me keep track of everything in one easy-to-use place.
For instance, it flagged a grocery store as my ‘most-frequented’ store. Well I was using that store as a ‘free’ ATM by buying items I didn’t really need so I could get cash (for parking). When I saw that store flagged I immediately started going to a real ATM instead.
It does seem a little buggy, but I’m sure that’ll get worked out soon and personally I just don’t mind giving out my passwords to them.
November 14th, 2007 at 12:13 pm
I agree with everyone who’s talking about Yodlee — Yodlee is amazing! And they’ve been in business for a while and are trusted to be the portfolio backend management site for many different banks (like Bank of America), so I’m more likely to trust them than some random startup. Also, the interface for Mint absolutely sucks. It’s so hard to change the category, and it often gets categorization wrong.
I don’t understand why more people don’t recognize yodlee.
November 14th, 2007 at 12:14 pm
“Why would anyone create a site like this without a subscription fee?’
Hi SR,
Because that isn’t our business model. Our business model is to make money off of referrals (see link: http://forums.mint.com/showthread.php?t=867)
As people have pointed to security a great deal, I thought I would share the following links that explain things in detail:
http://forums.mint.com/showthread.php?t=703
http://mint.com/privacy.html
Note: Having worked at PayPal, I can also state that most online fraud occurs because of spoofing/phishing activity. You’re also still far more likely to have your id/card information stolen in your local area.
November 14th, 2007 at 12:37 pm
I’ve been using Yodlee’s money center for quite a while now just because it does a cool calculation of what my Net Worth is and tracks it with a fancy graph, Mint is definitely a step up!
November 14th, 2007 at 12:51 pm
I’ve been using Mint for a few months now and I love it. It’s an incredibly easy way for me to see exactly where my money is going.
I had some problems at first - my bank is pretty local and at first it wouldn’t sync up, and then it randomly stopped syncing up for a week - but it’s back on track now. It doesn’t show transactions that are still pending, but it still accurately reflects my balance. I imagine this will be improved over time.
Overall I’ve been pretty impressed with Mint. I heard all the arguments about security and it seems solid to me. And they never asked for my bank account number… just the username and password I use to log into my online banking. I can change those, and my security questions, really easily if I need to.
It is a really useful tool and I plan on using it to my advantage.
November 14th, 2007 at 12:56 pm
I was pretty impressed with Mint’s capabilities (I’m an avid user of Wesabe) but the problem I had was it simply would not log into my Franklin Mint account. It kept telling me there was an error and it was reported to Mint, but still nothing. I did set up my other accounts no problem..
Maybe next time!
November 14th, 2007 at 1:04 pm
“On Mint.com security, I’ll make a bold statement: You’re safer on Mint than with online banking.”
Disregarding comparison of any serurity measures, let me think about that: One account in one system I have to worry about vs. ALL of my accounts in ONE system I have to worry about.
As a software engineer, I am shocked that people would so easily hand over their bank account information (including passwords!) to a single system. Have any of you done any analysis on security failures over the last few years?!?
November 14th, 2007 at 1:29 pm
Apologies in advance for the length of this post, but I have to chime in here on the security issue and in particular to folks who downplay it.
CMS: Not to cast a damper on what you are saying, because in some ways I agree with you, but…
The difference is when you aggregate all of your banking and financial information into a single spot, hidden behind a single login, you create a _single point of failure_ for your entire financial identity. One break in to that single point and your entire set of financial information is compromised. I don’t know what kind of logic Mint uses in their interface to mitigate this; but unless you have to log into each account every time you want to see that account info via Mint, I am skeptical that truly less than that single point of failure.
On bank account info online, bank accounts also provide vast amounts of “passive” information about your spending habits; they tell potential thieves about expenses that you regularly incur that could easily be replicated to make it seem as though what they are stealing is a normal expense that you are less likely to notice/question.
It also makes it incredibly trivial to perform social engineering hacks using this information; Credit card companies often use banking history to determine the identity of the person on the other end of a phone call - so if a thief can say, to another human being on the phone, “Uh yeah, I spent 354.00 on concert tickets last month”, the card company is much more likely to be phone scammed.
Using information from an open online banking session, thieves can also quite easily and quickly set up things like fraudulent PayPal accounts that can be tied to your banking information. And if they’re set up in various countries and locations (think Bahamas, Cayman Islands, etc.), there is actually very little (and often, no) international law that says what they are doing is strictly illegal.
Further, a single point of failure is not like an ATM machine; a stolen debit card with the PIN will compromise at most a handful of accounts at one bank; A site that gathers ALL of your financial data behind a single fence is an entirely different matter.
That said, you do have a greater chance of a restaurant server stealing a card number and CVE. Absolutely. But at least with a credit card you have some recourse if the worst happens. With a service like this, their liability is $0, so if your account is compromised via this service, I would bet that card companies and banks would say, “sorry, you gave your info to a third party - we don’t cover that,” which means you are SOL.
So yes, Internet security involves a degree of paranoia; but don’t underestimate the danger of having all of your financial information under one veil.
And that’s just the tip of the iceberg.
November 14th, 2007 at 1:37 pm
Interesting related article: http://www.nobosh.com/Article/Mint.com—Is-it-Safe%3F/712/
Mint, is it safe?
November 14th, 2007 at 1:55 pm
Mint was my first exposure to online financial account aggregation, and I at once loved the ability to view all accounts and transactions from one login. Since then though, I haven’t used Mint much.. mainly because of these annoyances: 1) I can’t add a few accounts (e.g. my credit union and Capital One), even though I can add them in BOA’s Portfolio; and 2) Their auto-category-renaming feature is so often wrong and hard to train.
All these apps are great for simple expense tracking and a general overview, but I’ve yet to see really good integration with budget management. For instance, why can’t I itemize a receipt/transaction into multiple budget categories?
I’ll still use BOA’s Portfolio and Mint for the account overview (and I plan to check out yodlee), but as for expense tracking and budget integration, I’m sticking to the custom app I wrote.
November 14th, 2007 at 2:32 pm
Is it true, did you quit your job?
November 14th, 2007 at 2:56 pm
Ravi, As a software engineer, you should be used to this level of “concern” from users when it comes to security!
November 14th, 2007 at 3:07 pm
@JG-CISSP
THANK YOU! you have voiced my primary concerns perfectly. (not surprised considering the CISSP tag)
@Monkymonk
read his last blog, he is quitting over the course of a year.
@spencer
god I wish you were wrong. I have to beat security into people at work.
November 14th, 2007 at 4:17 pm
[...] Get Rich Slowly blog has done a nice review of Mint, an online financial management tool. Mint combines all of your online financial [...]
November 14th, 2007 at 4:46 pm
Damon: that just sounds unethical to me, on a personal level. If you want to create a site that does a financial compare/contrast, great. But to blatantly use advertisers to generate income on a personal finance budget tracking site is just, well, wrong. Obviously, part of your target audience are people who manage money poorly, and even from some of the comments above this is proven, and then you provide advertisements for people to move their money around, or move their services around? Really? You can try and argue that you’re just providing a “service” but that’s bull. You’re not providing a true comparison service if you’re including anything less than a *complete* list of options for people to consider. Saying that XY credit card is a better card to save someone money is only true if the ongoing APR is lower — not just a balance transfer promotional rate.
Again, I’ve not reviewed the privacy policy on the mint site, and I’m not likely to because a site like this just makes my skin crawl. You’re mining customer financial data so that you can deliver targeted advertising to them, when the advertiser is paying to be on your site — not because you’ve reviewed them and think they are a good fit. For the latter scenario, I might consider using a site like that (and I would pay to do so), but I will never, never use a free site that looks at my financial data and provides unscreened, targeted financial ads to me — that’s just a recipe for disaster and pushing vapid consumerism.
Ugh!
November 14th, 2007 at 4:51 pm
Hi SR,
I don’t see how making offers that potentially save people money is unethical? In addition, a consumer doesn’t need to take an offer to use the service (the service is free & there’s no obligation for the user to accept any offer).
“Saying that XY credit card is a better card to save someone money is only true if the ongoing APR is lower — not just a balance transfer promotional rate.”
And those are the specific offers we try to highlight to consumers (long-term APR rates, other benefits, etc.)
November 14th, 2007 at 4:57 pm
Mint uses Yodlee on the backend to connect up to banks. In 10 years of operation, there’s never been a major security breach at Yodlee.
Define the difference between minor and major security breach.
You’ve just said that the platform you use is flawed… This is meant to inspire confidence in your service and security how, exactly?
November 14th, 2007 at 5:05 pm
@Damon
Ignoring all security concerns, since I have already voiced them.
Part of the problem with your model is you are making recommendations without complete information. The customers targeted are those who already weak when it comes to financial responsibility, and you tell them “this credit card is better!” when in fact lower APR != better always. It is irresponsible to make financial recommendations with only a portion of their financial situation understood. Not to mention that you get a profit when they follow your recommendation. One of the first rules for finding a financial adviser is to find one who is unbiased to a particular product. Otherwise they will recommend the best one for them, not you.
I guess its not your concern to do socially responsible business. You are there to make money, so I understand, but don’t you think your product would have more value if it was truly unbiased? Charge a subscription fee, and you wont have to make sure they are picking the credit card or loan that will pay you the most.
@SR.
No product is flawless. This has to be understood. The key with security is getting as close as possible without destroying usability. Yodlee is a solid service, and Mint is smart to use it as a back end… its their front end that concerns me.
November 14th, 2007 at 5:10 pm
Hi Jordan,
The “Ways to Save” page is still very much in beta & we’re still making tweaks to make it as strong as possible (Mint is still in beta as well). It will also get better as we get more offers in the system. We have a push going live later this month that should make the offer quality much, much better (we’re getting more accurate data about existing credit card information, interest rates, rewards, etc.)
Financial Advisor: To be honest, I haven’t met one Financial Advisor (person) that is unbiased because they are there to push the company products. The Mint system, however, is attempting to base it entirely off of transaction data & algorithms, items that are certainly less biased than a human being.
November 14th, 2007 at 5:10 pm
Sorry to keep posting on this, but the more information I read, the more I distrust mint security planning and execution.
I just read the Nobosh.com article that someone else referenced, and mint clearly doesn’t have top security. Someone can create a password that is “password”??! Everytime I’ve had to create a password for a banking/financial site, I’ve had to use more than just letters. I thought that was pretty basic in password security measures — ESPECIALLY when dealing with personal or financial information.
A financial services site that doesn’t make users take reasonable precautions in creating their passwords only makes it easier for hackers to hack an account.
November 14th, 2007 at 5:18 pm
@Damon
not all financial adviser’s sell a product. There are ones out there who look whats available from other companies and make recomendations based on that, so yes they are unbiased because they will make the money by charging you for the service, not the commission from a product they sell.
The system will be less biased with the info it has, but not accurate because Mint cant see all info for many of their clients and also can’t take into consideration discounts that might be in effect because of the longevity of a customer, or the number of accounts held with a single bank.
November 14th, 2007 at 5:20 pm
Damon, you’re pushing financial products on people that are concerned about their budgeting. Some commenters have already said they had poor habits, before using your site. There will obviously be foolish users, who think that you are *recommending* a service/provider, when all you’re doing is providing a link so you can make money.
I’m not an ethics professional, and I don’t claim to be one — I’m just saying: in my world, what you’re doing is unethical. What many will likely think is mint-sponsored financial advice is really just advertising so mint can make money. I see a big problem in that.
November 14th, 2007 at 5:25 pm
@Damon
Also, any reason people at Mint don’t respond to my messages regarding the security of your service? I was able to speak with co-founders of your competitors directly with no issue at all, yet the best Mint.com could provide was an automated “see our FAQ” response.
(Sorry for the comment abuse JD, but Mint.com just seems so shady, and people really do need to know what they are getting in to)
November 14th, 2007 at 6:10 pm
Hi Jordan,
*What* specifically were your questions? I believe I left a comment on your blog that you’re more than welcome to contact me directly. If I can’t answer the question, I am more than happy to get the answer from someone that can.
November 14th, 2007 at 6:14 pm
Hi SR,
I guess we have to beg to differ. My take is that being unethical would be: (a) forcing someone to take an offer to use the product, or (b) pushing one product or service over another (we don’t). As I also mentioned, the page will be getting a lot better over the next few months & consumers will have even more choices & the quality of those offers will be even better and/or more accurate.
Note: We’ve already had a lot of positive feedback from customers that have saved money from switching.
November 14th, 2007 at 6:14 pm
Hi SR,
“I just read the Nobosh.com article that someone else referenced, and mint clearly doesn’t have top security. Someone can create a password that is “password”??!”
A bug that is being addressed in a fix this month (you can look at the forums’ thread for this).
November 14th, 2007 at 7:19 pm
@Damon
I don’t recall a comment from you, do you have an email address? Ill send the questions your way and maybe you can ease the mind of some of the readers who are obviously concerned.
November 14th, 2007 at 7:34 pm
welp, I kinda forgot I’d set up a Mint account soon after it opened. I just closed it, because in addition to the security concerns, it just doesn’t work very well. it’s buggy, not very intuitive, and half the transactions in my checking account were truncated and it was impossible to figure out just what they were without a trip into Quicken, and I figured I have similar features in Quicken anyway, so I deleted my account.
November 14th, 2007 at 8:39 pm
Hi 42 (Douglas Adams?),
We’re actually working on the transaction renaming issues as we speak. Customers that get screwed up information can send us a bug report that we file with engineering (see forums for information on this).
Yes, we do have some bugs that we’re working on as quickly as we can. I would just like to remind folks that we’re still in beta…even if it is a public beta…
November 14th, 2007 at 9:24 pm
Another quick note on security concerns…
If you send me a check, I have access to the following about you:
Name
Address
Phone Number (in some cases).
Drivers License# (in some cases)
Bank Account and Routing Transit Number
Mint doesn’t ask for your address or name, so your risk is actually low in the unlikely event we were hacked (reminder: username and passwords are not stored on our site).
In order to do credit card theft, you would also need the following:
Name
Address
CVV numbers
(Credit Card numbers, CVV numbers & address are not on our site).
If you’re really concerned about ID theft, shred mail that you discard (including credit card offers, bank statements,etc.). A lot more damage is done this way than the risk of a firm you’re working with being hacked (a lot of the issues, after all, have been firms where an employee mis-placed a file, laptop, etc.) I would also recommend that people do some research on spoofing or phishing, which is actually a much larger issue than hacking. Hacking takes a lot of work, whereas phishing is a much easier way to lure unsuspecting customers into providing information.
Mint: Employees can’t view usernames and passwords. We also will not ask for it to resolve a customer issue.
November 14th, 2007 at 9:50 pm
Damon, you say the ability someone had to create a password of “password” was a “bug”? Reallllly? I’m sorry, but that just doesn’t inspire confidence in your security team. To my thinking, that should be one of the basics of what not to allow. That’s a pretty basic industry standard, yes? Don’t you have QA staff that test this kind of stuff??
If this is what mint considers a “bug”, it makes me wonder how much information could be gleaned by a clever hacker, because that security hole wasn’t foresaw by the mint security team and programmers.
I don’t doubt some people have found better cards or services on your site. A site like mint also has the vast potential to push certain people further and further in to debt. (e.g. “This cell phone plan is $100 cheaper per year (but we’re really not taking into consideration that you will have to pay $200 to cancel your existing contract, and we also really don’t know your coverage needs.”)) Perhaps unethical isn’t the correct word to describe how I feel, but I still have major problems with the vision and execution of the mint business plan — especially if you don’t allow an option (even if paid) for users to opt-out of the ads.
I understand the site is in Beta, but come on, if people are putting real, personal information in, shouldn’t proper, *complete* security have been the first priority? Or was the priority making pretty graphs (I don’t deny the screenshots in the post are attractive). And the blatant, CYA statement of “nothing is perfect” is just cheap and hollow and (to me, at any rate) the sign of a group that is better at being reactive (making excuses) instead of proactive (making a smartly secure website). If someone hacked the site, would you just tell your users “Sorry your data was out there for the world to see! But you know, gosh, we’re in beta and we’re still building this, and you know, *nothing is perfect*! Sorry!” Puh-leeze. If someone is handling my personal financial information, I expect solid, comprehensive security, and I expect the platform to not have had any “security breaches,” no matter how “minor.”
I think it really shows a lot about a company, when more time is spent making a pretty website, than making sure customer information is safe and secure.
Finally, remember the old cliche of ‘you only have one chance to make a first impression’? After reading the comments, mint has made a bad impression on me — and I haven’t even visited the site! The few people that have posted positive comments just don’t make up for people posting about security flaws, customer service’s lack of response to queries, lame “nothing is perfect excuses and remedial level hacker entry points (aka “bugs”) — which, for me at least, is a *major* issue. Because of that, anyone I meet who happens to mention the site, I’m going to do my best to talk them out of using mint.
November 14th, 2007 at 10:01 pm
Hi SR,
“Damon, you say the ability someone had to create a password of “password” was a “bug”? Reallllly? I’m sorry, but that just doesn’t inspire confidence in your security team. To my thinking, that should be one of the basics of what not to allow. That’s a pretty basic industry standard, yes? Don’t you have QA staff that test this kind of stuff??”
Yes, a bug. Like all internet companies, bugs aren’t realized until things are in the “real world”. When I signed up for a Mint account, for example, I was prompted to create a complex password. That being said, the issue is being addressed & should be fixed this month.
Note: While this may sound bad, I would actually hope that most internet consumers are savvy enough to realize that “password” isn’t a secure way of protecting ANY account.
Security: Our primary focus, as it should be, has been on making sure that our security of customer data is rock solid (it is). The password bug aside, something that has been addressed, we feel quite confident in our site security. Outside of the password issue mentioned, you haven’t demonstrated that the site is flawed in any other way. You mention security breeches & we haven’t had any.
Customer service: Actually, we’re around a 90% initial response rate within 24 hours right now for most inquiries (we also get back to customers when things are resolved with a particular bank). Are there any other web 2.0 companies that are close? I don’t think so (most customers are surprised that we bother to even answer).
May I ask what company you work for? Perhaps I could cast a more critical eye on your comments & what your firm does. Sorry, I get a little skeptical when every comment verges on the negative.
Offers: Customer feedback about not viewing certain offers has certainly been taken into consideration.
“(e.g. “This cell phone plan is $100 cheaper per year (but we’re really not taking into consideration that you will have to pay $200 to cancel your existing contract, and we also really don’t know your coverage needs.”))”
This is obviously not something we would know. How would we know when a customer’s contract with a carrier is about to expire and/or if they have to pay a termination fee. Our system, again, is simply looking at transaction information & making a recommendation. The recommendation has no obligation for the customer to accept.
November 15th, 2007 at 6:05 am
I used Mint for a little while. It’s based on Yodlee, for those not in the know, Yodlee is an online OFX transfer system. It collects (via encrypted web interface) and aggregates financial info. Well, Mint is pretty, but I found it to be less useful than Yodlee’s very own Yodlee MoneyCenter. Yodlee allows you to plan budgets, compare spending over a variable period of time, add every type of financial account imaginable (Mint does not). Yodlee also allows you a nifty net worth calculator and comparison chart which can be printed to pdf, handy for those who want handsfree financial statements. Yodlee is to Mint as the NFL is to Arena Football. Arena is flashier and more sugary, like gummy bears, whereas NFL has a lot more to it and is much more robust.
November 15th, 2007 at 7:46 am
I tried Mint - nice interface and pretty charts, but not as advanced as Yodlee. With Yodlee you can display pretty much everything including reward plans and frequent flyer points. It’s a much more complete package.
-Raymond
November 15th, 2007 at 8:10 am
I signed up for mint and started to add accounts when I then became a bit terrified about the potential consequences of a security breach and will not be participating. Just too scary.
November 15th, 2007 at 10:37 am
This comment isn’t directed at Mint per se (as it applies to all aggregators), but Damon, your trivialization of the security aspect borders on irresponsible. Yes, definitely do all of the things that you mentioned (I do), and never, ever put your phone number, SSN, or driver’s license number on a check unless you are forced, in person, by a known institution, to do so. Pay with cash whenever possible.
Those are good suggestions, but how do those best practices make aggregators like Mint/Yodlee any safer?
Mint uses Yodlee. That’s good. Yodlee has a very clean track record so far. Excellent. However, the biggest security threat is not that someone would actually hack Yodlee. The bigger issue is that you as a customer of any aggregator (like Mint or any competitor) are aggregating all of your data into a _central point of exposure_, which is fundamentally dangerous, and should be well thought out.
I’ll give you one common, relatively simple example (and there are many) of why hiding _all_ of your information behind a single password is a supremely bad idea. Your financial info can be exploited _before_ it reaches Mint/Yodlee without having to decrypt anything. How? Is that possible?
If a hacker is trying to steal data, Yodlee is obviously, as you point out, too much work for most would-be thieves. The juicier target is the DNS lookup table information for a hot company like Mint that is stored on any of the servers that your information passes through when you connect to the Internet. DNS Hijacking essentially means that someone accesses an intermediate server that your data passes through, maliciously recreates a Web page that looks exactly like the intended destination, and alters the DNS table to direct traffic to their fake site instead of the intended, secure site. While DNS Hijacking is more or less hard to do, it is a much easier (and much more common) target.
How does this look to the user? How many times have you tried to log in to your bank site and after typing in your credentials you are sent to a page that says, “we’re sorry. Bank of Blah is undergoing maintenance. Please try again later.”?
Seems innocent enough. Except that what you have just done is sent your information across the wire, over numerous servers that you hope are securely routing your data correctly, with no verification that it arrived where you think it did (if you got into your account, you would be confident that its actually your bank, but since you didn’t get in, you can’t be sure).
In other words, In the worst case scenario you just typed in your user name and password into a page that you thought was the Bank’s page, but was actually simply gathering your user name and password info, and fooling you into thinking it failed to connect you because of simple server maintenance. A *smart* thief will do that for an hour here and there on different servers, restore the routing table so as not to arouse suspicion, and then do it again, trapping more and more user data. Eventually, the thief will have the user names and passwords for many, many accounts (if Mint and sites like it explode in popularity, which they are expected to).
So why is this any more dangerous with a service like Mint/Yodlee vs. accessing my bank account directly, online?
If this happens to my bank account, which it could, that is of course bad. But if this happens to an aggregator site like Mint/Yodlee, my _entire_ financial situation is now compromised, which is a potential disaster. Sure, my address and name are not visible because Mint didn’t ask for it. But now that the thief knows every single financial institution and transaction I have used or had because it is all kept behind the single password I use to log in, every account of mine is now a direct target. If I am a victim of a DNS Hijacking like this, I have just given the thief a short, neat list of every financial institution I use, and much more.
Why should that scare me? One example: How many Internet users use a unique user name and password for every site they use? A thief now has a clean, concise list of every bank, credit union, stock trading site, and credit card company to try my stolen user name and password on, or obvious derivatives, and if even one attempt works, each of those sites will provide a little more information here and there, including addresses, phone numbers, common security validation questions, email accounts, ability to change passwords, and on and on.
Possibly the greatest breach potential is if a user happens to use the same password for their primary email account, which many of us do. That means that even if the thief can’t get into some bank account directly, he can request that the password be either resent to the email address on file, or reset, which is almost always done via an email confirmation. Which is now exposed.
I can go on and on here. It only gets worse, and easier for thieves.
Again, _ANY_ site handling financial information is a target for this sort of attack, but an aggregator like Mint is a particularly attractive target because there is so much more to gain from a breach. Whole lists of financial details, all gathered neatly in organized piles for a thief to peruse at his leisure, or sell.
Bottom line:
Please don’t trivialize the danger of putting all of your financial information behind one password, as you (Damon) seem to be doing in your comments here and elsewhere. Users may choose your service, and it looks like a good one, but it should be an informed decision particularly from a security perspective, and not just so they can save a buck or two on good deals. And Particularly if you (Mint) are not doing things like enforcing strong password policies from the start, and you spin that a, “bug”. Not enforcing strong passwords is a _security design flaw_, which should be the first thing you consider/test, and is (strong passwords) generally very easy to implement. Maybe that user was lying - I dunno. Regardless, don’t trivialize it.
But I digress.
Sorry again for the length of post.
November 15th, 2007 at 10:57 am
I too started using Mint about a month ago, found it to be incredibly buggy, couldn’t load half of my accounts, and ING was impossible. I have since been using Quicken Online Beta, and it’s been great. Not sure what will happen cost-wise coming out of beta, but I will probably stick with it.
https://www.beta.quickenonline.intuit.com/quickenweb/
November 15th, 2007 at 10:59 am
I tried Mint and was very excited about it at first, but they kept telling me my bank login information was incorrect, even though it wasn’t… I finally had to give up on it.
November 15th, 2007 at 11:06 am
JG,
It sounds more like you are advocating not using the Internet for any financial transactions through a website. Why would using Mint be any different from using BofA’s My Portfolio page which aggregates all of your accounts on a single page and uses Yodlee for the backend password management?
If you say there is no difference, then we might as well never use our banking website for anything for the fear that our information will be hijacked.
I completely understand your concerns, and with prudence we can rely on a site like Mint which appears to have a strong hold and understanding on security.
The responsibility lies firmly in the hands of the user. If someone breaks into my Mint account what will they get:
1. Who I bank with (which someone could get through social engineering or tracking down tossed receipts…or just watch me go up to a particular ATM frequently)
2. What I buy (who cares…if I keep track of what I buy, then if I see something erroneous I know to check on it…the responsibility is MINE)
3. Account balances (again, so what)
Can they transfer money? No
Can they use that information to break into my account at the banks? No
Do they have any other identifying information to verify who I am? No
The account information is not stored with Mint, it’s stored with Yodlee, which it is anyway even with the banks.
Once again, I understand your security concerns, but paranoia removes the benefits of sites like Mint. I’m not advocating complete trust as there is still a lot of responsibility on the user’s part. But don’t you think a site like Mint would have taken into consideration security before coming out with a site like this? Oh an if someone uses a weak password or the same password that they use everywhere else, that is their own fault, not the site they are using.
November 15th, 2007 at 11:33 am
Assuming that customers are “smarter” than to use an obvious password is dangerous. Assumptions are deadly and I know from personal experience that you have to plan for the lowest common denominator. Being prompted to create a complex password, and being required to do so are two very different things. But you know that, right?
As to the cell phone example, that just demonstrates a flaw in the recommendation design. I just don’t see the value or usefulness in making a recommendation for something with so many variables.
It’s still disturbing that you call the ‘password’ issue a bug. Stop making excuses and just don’t call it what it was: an oversight and/or incomplete planning and execution. A bug is an issue with the software that interferes with the user’s ability to complete a task.
Regarding customer service: I’m going by what I’ve read in the comments here.
To re-quote *your CEO* “there has never been a major security breach at Yodlee.” That implies that a security breach has occurred, otherwise the statement would be “there has never been a security breach at Yodlee.”
Working for a big-name tech company does not automatically qualify someone for entrepreneurship, or mean they even know how to create or execute a smart business plan, much less that someone has a complete understanding of that particular business niche. I spent several years working at Amazon.com – not that it should matter. So does my experience working at Amazon.com (regardless of what I did there) automatically mean I’m qualified to start a similar business?
You can talk until you’re blue in the face about there being more danger of being pickpocketed or mail being stolen, but that *is not the issue here.* Spouting statistics about physical world examples is not relevant when you’re talking about online security. When a hacker breaches security, they are potentially pickpocketing the information of thousands of people.
It doesn’t matter whether or not I’m able to point to your site and say “this is a flaw and this is flawed, too.” I’m not going to use your site and I’m not going to spend my time and expose my information in order to help you make the mint site better – I am not mint QA staff.
Oh, and Ariston: if a site dealing with personal information *allows* weak passwords, that is the fault of the SITE for not enforcing better security. Reactive finger-pointing “Oh, well, they had a weak password, so it’s their fault” is just lame and unprofessional.
November 15th, 2007 at 11:44 am
Regarding the argument that a hacker wouldn’t have access to the personal questions that banks, for instance, ask: how hard do you think it is to track down the generic information that is commonly asked? Mother’s maiden name? Year graduated from high school? City you were born in? Come on, it wouldn’t take a thief with that much intelligence to find that information. Anything that has a single, fairly-easy-to-verify answer can be found. You’re also assuming that the thief is using another computer — and has not, say, stolen the computer, found mint as a bookmarked site, and then started hacking. If the stolen laptop scenario is used, then the thief will not need to figure out answers to security questions. Most people, when a laptop is stolen, are more likely to call the police first, instead of calling all their banks and credit card companies and stock firms, etc.
And, like someone else pointed out, if the user does (what so many people already do) use the same or similar password and username for sites, then the job of the thief just got that much easier.
November 15th, 2007 at 12:25 pm
Ariston:
1. I’m not advocating avoiding online banking. Read the post. I cannot recommend any “aggregator” for the reasons I stated (IMHO aggregators are fundamentally bad ideas from a security perspective), but as I said, the difference between a break-in to my bank account (non-aggregated), and an aggregated account like Mint or the B of A portfolio is significant for several reasons: A)BofA provides reasonable assurance that if your account is compromised, they have a financial responsibility to you for that compromise. Mint, simply does not. And while it may be like pulling teeth to try to get BofA to live up to that (I can only imagine), at least they don’t require you to sign away that possibility by saying they bear no responsibility if the worst should happen, as Mint apparently does (not verified, btw). And B)as I said, with any aggregator you’ve now given a thief a nice neat, tidy list of your financial institutions which now become targets. Different than a single bank compromise.
On user responsibility, I absolutely 100% agree - this comes down to user responsibility, as always. My issue, as I stated, is that Mint via their site and employees seem to be downplaying how important that is by making statements like, “ya know, its more dangerous to not shred your mail…” — bad call. Make users make good decisions when it comes to this via your interface and security design; enforce things like strong passwords. Educate your customer directly on best practices, immediately and directly. Make them pay attention to security, not just the ads that sell good deals.
You also said: “[...]don’t you think a site like Mint would have taken into consideration security before coming out with a site like this?”
Not to be condescending, but read that for yourself and think about what you just said. You feel comfortable assuming that a Web Startup, a _Startup_, is safe, simply because they must be if they are trying to make some money via a site like this? Are they under regulatory compliance to be safe? Are they providing you fiduciary assurance that they are safe (as a bank does)? Do they have physical locations like banks, available to you, that help you to be assured that they are for real (sorry - that last one may be paranoia, I’ll give ya that ;))?
On your points on what can be done with your spending information: 1) who you bank with: as I said. sure a thief can see you use an ATM or walk into a bank. But why give them a nice, clean copy of _ALL_ of your financial statements, all at once if the worst happens? 2) What you buy: I addressed that in my original post. It matters, and tells much more about you than you think. Do you want, for example, a would be purchaser of your stolen identity to know where your kids go to pre-school because you write a check out every month? 3)Account balances: Do you really want a person, inclined already to rip you off, to have a really good reason now if say you have a large amount of money tied up in multiple, high yield long term accounts (for which they now have a list)? Do you really want that information, about you, for sale on the Internet? Paranoid, maybe. But if Identity Theft happens to you, and you embark and the years of effort it takes to recover, your tune will change.
I’m getting carried away again. The point is, folks should not downplay the risks or underestimate the damage that can occur from compromised financial data. Mint should offer better assurance. Customers should WAIT to trust startups until they are known, established entities (As Yodlee is doing), and make informed decisions on whether they are comfortable with the degree of information that are giving away.
And companies like this one should be iron-clad sure that what they call “bugs” do not represent fundamental security design flaws.
November 15th, 2007 at 1:28 pm
JG-CISSP has made a couple comments here, and I imagine most people don’t know what “CISSP” means, so I thought I’d elaborate a bit.
“CISSP” is an IT Security certification with broad recognition in IT.
http://en.wikipedia.org/wiki/CISSP
This isn’t just one of those IT certifications that you can get with a couple weeks of study on a multiple choice exam. It requires years of real world experience and a very extensive exam. It has been said it is a mile wide and an inch thick, as far as the material covered, but that inch is probably more in depth than the average person knows about Information Security.
In layman’s terms, someone who has CISSP put a great deal of work and effort, likely their entire career track on Information Security, and they really should be taken seriously when they’re talking about security.
That said, a bigger concern of *mine* is not that *my* financial information and identity is stolen (I have insurance protection for that, and I don’t use this kind of site/service), but for the greater population. If someone were to breach Mint, they could access thousands of people’s accounts and information. If I log into a page, and I can see my bank information there, then somewhere, somehow, it was accessed and transferred, and a method to reverse engineer that *IS* possible.
Just look at what happened with TJ Maxx earlier this year - millions of dollars stolen through fraud.
November 15th, 2007 at 2:01 pm
Hmm… quite an interesting thread. JG makes lots of very good points, and its clear he doesn’t think aggregators are a good idea. If his certification that he attached w/ his name is for real than obviously he knows way more than me or the layman. It has definitely made me rethink my use of various types of aggregator for the sake of convenience. I’ve been using yodlee since 2001, through many versions.. and I’d have to say that it wasn’t always working 100%. whenever a bank changes their site, yodlee will have to play catch up. the same thing applied when I was using MS money 05, which was horrible as data wouldn’t sync properly sometimes but for whatever reason seemed to sync fine on yodlee’s money center. image these days when bank updates their layout constantly!
I tried out Mint and other sites like it, Geezeo and what’s that other one.. and they all seem to be pretty basic so far in terms of a personal finance management tool. Mint looks pretty nice and was easy to use, but definitely lacking in capabilities that other yodlee powered site has (no support for loans and brokerages yet). Geezeo was working okay (uses cashedge as data middleman), it supported my student loan but not my brokerage accounts (although I probably wouldn’t have linked it anyway).
SR: Hate to call you out but you seem to be making a few assumption on Mint, and already hating on them before even looking at them. I totally agree with you that “password” as a bug is pretty stupid, and makes you wonder if they have any other explotable bugs, but I read through your arguments and was agreeing with them untill I read the part where you said you haven’t even visited mint’s site.
In your first post, you said that reading privacy policy and terms and condition is important, since your concern is that they’ll mine your personal information, and I totally agree. In your second post you made that point again, but you stated again you haven’t review their privacy policy, and you won’t because the site turns you off.
Whenever I personally use a website, I always read their privacy policy and terms and condition carefully. Mint’s first line in their policy states that they won’t ever sell or rent my personal information. If they at least comply with that then I’m happy enough. At least they’re not actively trying to screw me over (security holes, if any, aside. heh).
Seems pretty silly to me for you to be bagging on them before even visiting the site. You’re making all these statements about them mining people’s information before you even use their service. Of course, you’re not comfortable with using their service, that’s totally understandable. But maybe at least read through the site before you start hating on it? Makes the argument much more valid.
I’m going to echo JG’s comments. People shouldn’t downplay risk into using online tools, whether you’re using aggregators like this, or giving out your CC information while you’re making purchases (regardless if you’re protected under law or by bank). Like I said, whenever I use anything remotely close to financial transaction online, I read a site’s privacy policy and terms and condition carefully. There’s a few clause in mint that makes me cringe, but they’re the standard business stuff that I’ve read elsewhere and quite frankly, in my own bank too (gotta cover their liability, after alll). So to protect my own, I take precautions.
You’ll never seen me linking my retirement accounts or brokerage accounts to unestablished companies. That’s where the majority of egg is at, since you can actually make transfers with the password to those account (although my brokerage has 2ndary trading passwords).
I’ve gotten my identity stolen before, and it was no fun to clear that up. Some clown opened up a CC in my name, and I believe I’m fairly careful with my personal information. I noticed this when I saw some strange charges on an account I haven’t used in a long time from a local community bank (through my account aggregators), and then signed up for credit monitoring just to be sure.. and sure enough, a new CC account was open at this community bank. Took me a week or two just to clear it up. I can only imagine if it was worse and I didn’t detect it earlier, as I’ve read plenty of horror stories. I was able to detect this early due to using yodlee, but of course you can also argue that using these aggregators made me more vunlerable.
Still, I think people should be proactive about their own privacy and financial information security. Whenever you use a website or do business with a company, you should always read about how they handle your information (and at least visit their site before making assumptions). Of course that doesn’t mean a company can be lax about their practices, but as with your own financial welfare, no one can judge your situation better, so its up to you to see how much you’re comfortable with in regards to online banking and other similar practies.
November 15th, 2007 at 2:11 pm
Thanks JTimberman.
We’re also known as the white hats that people pay to be a little paranoid.
November 15th, 2007 at 2:12 pm
Can’t believe I spent 40 minutes typing that up. To add, it’s true that many major corporation also gets their butt handed to them. You can make the argument that if big companies or banks can’t secure their data, how can small startups? Although another argument can be that a bigger organization with more people also brings about more exposure and lax in customer protection practices.
Security AND privacy with financial information is always a hot topic (as it should be), but at some point, people just have different values and different comfort level. I certainly don’t go out every day, assuming the next company I buy stuff from is going to screw me over or sell me out. But I’m also not naive enough to trust everything on first impression (whether it’s a good or bad one).
If you really want to use a website like this, do yourself a favor and take proactive action. If you don’t want to bother with reading all the steps you can take, the policy they use, the terms they impose on you.. then definitely don’t use the service.
It’s the same with credit cards, you wouldn’t want to sign up with one without reading carefully what you’re getting into.
November 15th, 2007 at 3:38 pm
James: you make some valid points. I have, since, looked at their website for the privacy information, and it said something to the effect that they would never use it with identifying personal details attached. Though, remember when the search engine (unfortunately don’t remember which one — might’ve been aol) revealed “anonymous” searches, but those searches included people searching by their zip code, personal name, or in relation to their personal addresses, so that it was in fact possible to figure out what was going on in different zip codes and even households? And considering the way they discuss design problems (”bugs”) and how they appear to be currently slated towards making excuses and being reactive, I just can’t say that I would trust them to not give out personal information inadvertently.
However, they are mining the data as they can say “well, BofA, we have xy people on our site, they pay an average of yt% APR, and only zy% use your bank — wanna make an advertising deal?” To my understanding, that is still data mining — regardless of whether or not a person’s name is attached. Their goal is clearly to make the most money possible, and I’m not so clear that that goal is second to providing a service to consumers.
Obviously, mint is out there to make money from advertising (they’ve said this, and theirs is a free service), and how else are they going to pitch to advertisers without mining the data they have?
November 15th, 2007 at 3:41 pm
I’m a security engineer for a large multinational corporation and I fully understand what Mint (and Yodlee and the others) are doing, and the ramifications.
I would never, ever use a service like Mint, or Yodlee, or any other sort of financial information aggregate site. I don’t even use services like Google spreadsheets or calendar or anything like that. The fact that people are uploading all of their info like this to a central location simply boggles my mind.
Saying that Mint is safe because their servers are protected by guards or whatever is irrelevant. You don’t need access to their servers to compromise Mint, you only need an Internet connection.
The risks far, far outweigh any possible benefits you would get from a service like this (Mint or any other). I guess the fact that people are gullible enough to use a service like this means there will always be plenty of work for computer security people like me, which is a good thing, but wow.
November 15th, 2007 at 4:27 pm
Ignorance is bliss because I’ve never heard of Mint & Yodlee before this post. Thanks to those who took the time to caution the rest of us.
November 15th, 2007 at 6:57 pm
I’d love to have automated tracking of all of my account balances but there is no way I would put all of my bank and credit card account info on one of these sites. I didn’t even enter that information when I used Quicken. There is no way for me to know if Intuit was uploading that info to their servers.
I wish there were a free simple client application that could be installed on my PC without storing/maintaining account info on a 3rd party internet server.
November 16th, 2007 at 1:17 am
Ken -
That’s exactly what Wesabe does. They are very explicit that your data is YOUR data, and they’re just there to help you understand it better, and to connect with other people who are in the same boat.
From their security page:
So, basically, your bank account information is only on your PC … never on their servers. You can find out more at Wesabe.com.
(I don’t work for them.)
November 16th, 2007 at 3:19 am
Star Money Articles for the Week of November 12…
Here are some recent interesting posts from the MoneyBlogNetwork and beyond: Consumerism Commentary highlights some useful websites. AllFinancialMatters covers the right mix of stocks and bonds. MightyBargainHunter gives some good career advice. Five C…
November 16th, 2007 at 4:49 am
Yodlee for stats; Wesabe for tips!
I tried Mint a short while back; it is definitely pretty, but you pay for the babying - you have no control over anything.
I was also frustrated to keep getting exclusively “tips” like those described in the review - clearly wrong, and clearly designed to make money off referrals. I don’t like getting tips based on kickback schemes.
Yodlee! Wesabe! Yodlee! Wesabe!
November 17th, 2007 at 8:44 am
[...] Mint: A Fresh New On-Line Personal Finance Tool. SC, a reader of Get Rich Slowly, provides an in-depth look at the new online money management software. For Consumerism Commentary’s take, read Sasha’s review. [...]
November 17th, 2007 at 10:30 am
Just a small reminder to Mint’s CEO. I know you want to reassure everyone about Mint.com and their security but detailing your entire set up is a bad idea.
Never give would be robbers/hackers your entire security set-up including the hurdles they have once inside your building.
Be a little more vague next time please.
Otherwise I really like Mint and would recommend it. You need to support way more credit unions though as I cannot use your site at this time due to Sound Credit Union not being supported.
Thanks.
November 18th, 2007 at 7:50 am
[...] che ti consente di tracciare le tue spese, capire dove spendi di più e come risparmiare. Trovi qui una breve panoramica. Mint è un servizio gratuito e, almeno negli USA, puoi collegarlo in automatico ai tuoi dati [...]
November 18th, 2007 at 10:39 am
This is a very good way to keep organized with financial matters. Although this program is interesting, I don’t think I would have the time to try it
As for this post, you spelled “CAPITAL” one wrong as “CAPITOL” at the top
-Mike
p.s. You accidentally deleted my comment, so i figured you fixed the problem
November 18th, 2007 at 1:14 pm
Booo for Mint!
I read this review and wanted to try it out - that was until:
1) it can’t see any bank that uses image verification
2) cant see student loans
3) cant see car loans
4) cant see your house payments
Uh…..what’s the point?