Online money management applications: Do you trust Mint.com or Quicken Online, or other personal finance tools online?

Question

For online applications such as Mint and Quicken (online), to automatically update your accounts, they'll always ask you to enter your login info to your banking and/or investment accounts.

Do you trust giving out these types of personal information, how do you know you can trust them?

---

Moderator's note: I've merged into this question the following similar question (and its answers):

Services like mint.com and quickenonline.com they seem to simplify money management and offer an attractive alternative to using traditional financial software. I'm tempted to use them, but security is a definite concern. What are your experiences and thoughts on this? [this version was originally asked by M. Attia]

---

(Moderator's note: Intuit, the makers of Quicken, acquired Mint.com in September, 2009.)

Answer 1

The only people who should know my online bank password are me & my spouse. Forget it, I won't share that sensitive information with any other company. I might as well give a blank check!

Besides, don't banks require people to keep their username & password & PIN private? I signed an agreement to that effect, I think! So even if I did find the online services compelling enough to try, I would want to check with my own bank first & ask them if it's OK to give my password to somebody else. I wonder what they would say to that!!

Answer 2

Whether or not I trust them depends entirely on the personal finance application. In the cases of Mint and Quicken, I would trust both. Always make sure to do plenty of research before submitting any personal information to any source.

Answer 3

I think a lot of people would respond with something like "you use bank machines and online banking, don't you?" That is the same reason I hear people supporting voting machines and even online voting, but the problem is that there are significant differences.

Take a service like mint.com compared with your bank for example. The bank is a regulated company with insurance to back up your money should they make a mistake. Even if someone steals your debit card and drains your account, you will usually get all your money back. Banks have deep pockets and even the government has a vested interest in making sure the banks stay afloat. When they do make a mistake (and they will) you are usually quite safe.

On the other hand, mint.com is a third party that you are just going to hand over your bank passwords to. I think it is reasonable to ask:

• What kind of insurance do they have?
• How do they store the passwords? Is it on their own servers, or are they authenticated through the banks servers?
• If an employee of mint.com got into your accounts and sucked them dry, how long will it take to clear everything up from your point of view? Will the account be locked for months?

I am not saying not to use mint.com, but it is certainly reasonable to ask these questions.

Answer 4

I personally use mint.com and find the alerting feature to be handy. The reports and ledger are nice for a web page and attractive, but I use Quicken for really keeping track of my money and budget. Mint.com just doesn't offer the depth I want; but a lack of depth is a feature for some people.

The one thing I do is to check my accounts online every couple of days (not just via mint's interface). I am still protected from fraud if someone steals my money regardless of the vector of attack. So mint's fault or not, I have to keep on top of my outgoing and incoming transactions with frequency so I can stop problems before they get too deep.

summary: the security is important, but being secure or not doesn't absolve me of being aware of all the transactions on my account. I will still be protected by consumer laws (as much protection as that is) but I can't expect mint to fix any problems it might cause.

Answer 5

Like a dog staring at a bone, I just cannot keep myself from jumping on this.

Distrust and caution are the parents of security.
- Benjamin Franklin

That, in a nutshell, explains my view on mint.com and any other such service.

Answer 6

I have to disagree with Scott's point about bank's ability to reimburse you for money withdrawn by people who stole your debit-card - that is only limited to transactions taken place after you reported the lost of the card (http://www.ftc.gov/bcp/edu/pubs/consumer/credit/cre04.shtm). In the event that someone got into your banking account and conduct transactions without your knowledge, you are pretty screwed unless you can prove it wasn't you who did the transaction. The same goes for people whose debit card was "copied" (e.g. by swiping through those hacked ATM) - the bank's insurance policy doesn't kick in until you report loss.

Mint.com is very nice website and too bad it doesn't work for Canadians. I instead opt'd for Yodlee (moneycenter.yodlee.com) which is the engine behind Mint but works for Canadians (but without all the social network aspects/features). These sites are good for aggregating your various personal financial info online, but none of them are good enough (yet) for me to ditch my Microsoft Money - oh wait, MS has decided to discontinue the product and I need to look another one...

Chris

Answer 7

I think you really have to ask yourself if its worth it, the risk/reward. Can you trust a publicly traded company with your data in return for the analytics you can get back from them?

Answer 8

For what it's worth: this is part of why I am still using the application version of Quicken rather than the online version. I want my data (and passwords) stored locally rather than on someone else's server where they are directly vulnerable to a data breach.

However, I do allow the desktop app to automatically download from (but not submit transactions to) my banks. The protection varies from bank to bank. Some required two-factor authentication every time, and Quicken correctly pauses for me to provide that. Others appear to negotiate a download - only password the first time Quicken connects to them, asking for the 2FA at that time and not needing it thereafter.

There is a newer, more secure banking protocol. Not all banks support it yet, and Quicken seems determined not to use it because it threatens their proprietary system. As soon as my banks do support that alternative, I will dump Quicken and move to an application using that.

There is some risk if the Quicken program itself picks up malicious code, but no more than if the bank gets hacked. Either way, you contact your bank and tell them the transaction was unauthorized, they and the target bank reverse the transaction, and the target account"s holder has to answer hard questions about what was going on. In other words, it is exactly as if someone had forged a check; the banking system knows what to do about this. It may be an unmitigated nuisance and a short-term disruption of your finances, but shouldn't be worse than that.

Note that the nonstandard payment methods used in scams (bitcoin, Western Union, and so on) are specifically employed to break that chain of accountability so the transaction cannot be reversed.

Answer 9

Mint is only an organizer of information that is actually aggregated by different services. Currently data aggregation for mint is being done by Yodlee and also by Intuit's own aggregation service.

Answer 10

The reason people like Mint is because it allows you to see all of your financial details in one place. When you create an account, you’re able to link all of your bank accounts, credit cards, and investment accounts. This linking enables Mint to update your transactions automatically. The catch is that you have to provide the username and password you use for each one, which can certainly make you feel jittery if you’re worried about a security breach.

Mint is designed to be a read-only service, which means you can’t transfer money back and forth between accounts. If someone were to get their hands on your Mint login, all they’d be able to do is view your balances and transactions. Your full account numbers aren’t displayed, nor are your bank account or credit card usernames and passwords. The only thing that would be visible would be your email address.

If a hacker was interested in taking things a step further, there’s always the possibility that they could physically steal the information from Mint’s secure servers – but that’s really a long shot. That would require knowing where the servers are located, bypassing the physical security measures that are in place, and cracking the code on how the data is encrypted. If that were to happen, then your personal information might be at risk, but so far, there’s no record of it being attempted.

I was very skeptical of Mint and how secure it truly was. I did my fair share of research. Try looking at:

• https://www.listenmoneymatters.com/mastering-mint/
• http://www.moneytalksnews.com/ask-stacy-how-safe-are-online-budgeting-sites-like-mint/