Online Security: TWiT Scalds Mint.com
If you have your financial info on mint.com the folks at TWiT (Leo LaPorte, John C. Dvorak in particular) are not suggesting you keep it there due to the potential for online hackers to compromise the data. On their weekly tech podcast TWiT episode 114 they specifically suggest you shut down your account. I use Wesabe.com myself, but the system that Wesabe has in place doesn’t give the website direct access to your financial information you have to upload it yourself and it appears that no critical data is stored off of your computer.
Is Mint dangerous? Their security statements lead me to believe that they’re working hard to keep your financial data safe. However, in the case of all digital data there is risk involved with computers being hacked, hard drives crashing or computers being lost. Any time you work with data that is of value or has some privacy concerns it should be backed up, stored in multiple secure locations, and checked for expiry so that you can destroy it appropriately as soon as it is no longer needed.
I would welcome the folks from mint.com, wesabe.com and any online financial institution to contact me for further discussion so that I can publish an interview here or in a podcast episode.
Update: Both Mint.com and Wesabe.com have contacted me and I’m hoping to get some interview action soon! Thanks to both companies for being so quick and willing! See the comments for Mint’s initial reaction.
Related posts
September 28th, 2007 at 4:15 pm
Randy,
My response to Leo LaPorte’s concerns over Mint’s security is below, verbatim & with no edits:
—–
I’m Aaron Patzer, the Founder & CEO of Mint.com, which you mentioned on Tuesday’s TWiT show. I’m glad we “seduced” you into giving Mint a try
Mint is the easiest way for most people to organize their finances, without the hours of accounting-like work required by desktop products (Quicken, MS Money).
I wanted to address your concerns on the security of Mint, because everyone on the show seemed to unanimously agree that Mint was somehow unsafe. Not true.
I’ll make a bold statement: You’re safer on Mint.com than with online banking.
I’m sure you’re asking yourself: “How can that be possible? If I’m putting all my accounts in one place, then of course it’s even more vulnerable – like putting all your eggs in one basket.”
Here’s how. Mint has the same data security practices used in online banking (encryption, network security, outside audits, physical security, etc). But on Mint, you’re anonymous. Notice that on our signup (https://wwws.mint.com/login.event?action=S) we never ask for your name, address or SSN. All that is required is a valid email. Mint knows about your finances…but it does not know you. We cannot tie the two together – and we like it that way.
Also, as you may know, 90% of all fraud actually occurs offline( http://www.informationweek.com/windows/showArticle.jhtml?articleID=178600217), not online (e.g. someone swipes your card at a restaurant or from your mail). Because Mint is linked securely to all your accounts, one of its best features is alerting via email or SMS text-message. If your balance drops too low, or Mint sees unusually high spending, you’ll know right away. Without Mint, you would have to log into 4-5 different banks each day, or wait 30 days for a paper statement before finding out that something went wrong.
It’s better to be proactive – especially because if you catch and report fraudulent bank activity within 2 days, your liability (by law) is limited to $50. Using Mint actually helps you in the fight against identity theft and fraud.
The last point I’ll make is that even thought we’re a startup, our executive team has deep experience in both financial services and security: Intuit, Charles Schwab, American Express, PGP, and Ebay/Paypal.
If you’d like to dig deeper into our security, or any other aspect of Mint, I’d be happy to answer any questions or concerns you or your viewers have.
Aaron Patzer
Founder & CEO, Mint.com
October 2nd, 2007 at 1:38 pm
I was pretty surprised to hear Leo Laporte trash Mint on two separate podcasts - TWiT and net@nite. While storing passwords online might not be for everyone, I would not make a blanket statement that this is somehow inherently insecure. I think Mr. Patzer’s detailed response is proof that Mint.com takes this seriously. On the podcasts Leo Laporte made some comments about storing financial information with “strangers”. Didn’t we get over this 10 years ago? What am I missing?
November 18th, 2008 at 7:20 am
[...] in September of 2007 I mentioned that Leo Laporte had made some strong accusations of Mint.com. Both Mint.com and Wesabe.com staff left comments on my blog, and both offered to do follow up [...]