Archive
Mint: Is Your Bank Information Secure?
Earlier this week, Ezra Mound, FiLife’s systems administrator and resident security expert, sent a few questions to Mint founder Aaron Patzer about how Mint keeps user data safe (click here and scroll down to see our series of posts on Mint’s tool).
Here are Ezra’s (abbreviated) questions with Aaron’s (unabbreviated) answers:
- Are my usernames and passwords being saved on your or anyone else’s servers (possibly Yodlee, your technology parter)? The credentials are kept at Yodlee. This is identical to how Bank of America and Microsoft Money use Yodlee.
- Let’s say you get hacked. Banks normally would protect me if they get hacked, but do I lose my protection if I’m using Mint to access the bank but the breach happens through your systems? You’re legally protected for $0 liability on credit cards and $50 on bank accounts if fraud is reported within two days. These rights are not voided by using Mint, Yodlee, Quicken, Microsoft Money or similar programs.
- If I stop using your service, do you flush my usernames and passwords out of your systems? We back up our database every four hours. If you purge your account, a backup exists for another four hours and is then destroyed.
The majority of us here at FiLife are sanguine about this sort of stuff. We know enough about identity theft to worry most about people stealing our U.S. mail and government or bank employees accessing our records. Mint is of less concern; the gang there knows that they’re probably out of business if even a single break-in occurs, plus Mint has an experienced partner in Yodlee that has run systems for many top banks and their paranoid security executives.
Aaron says he’ll post two in-depth articles on security in the next few weeks on the Mint blog. Lots of security questions have popped up elsewhere in the weeks since the site has launched (for instance, see the comments at the bottom of this week’s Lifehacker tour of Mint).
In the meantime, here’s what Mint has already posted about its security.
– Ron Lieber
- Comments (2)
- Add a comment »
(2) Comments
The statement “You’re legally protected for $0 liability on credit cards and $50 on bank accounts if fraud is reported within two days” needs some larification.
First of all, he is clearly referring to Reglation E (EFTA) when talking about the $50 on bank accounts. That protection only applies to fraud using electronic funds transfers. The $50 liability limit does not apply for wire transfers (which criminals often use to send money overseas) or if someone uses the account information to create fraudulent paper drafts. So, if a criminal uses your account information to wire your money to a bank in Nigeria, the $50 limit does not apply.
Also what is left out is what happens if you do not report fraud within 2 days? That is very likely to happen with busy lifestyles or if you are traveling. For electronic funds transfer fraud, your liability could be up to $500 PER ACCOUNT if you do not report within 60 days, and if you do not report it within 60 days, your liability is not not limited (you could lose all your funds). And since Yodlee is an account aggregator, the “per account” part is very important. If you have 5 accounts compromised, and you report it in 3 days, you could lose $2,500.
These fraud scenarios may be unlikely, but I feel it is important that people know the details, when you are talking about their financial well-being.
Not sure why you wouldn’t just open a Yodlee MoneyCenter account for free…. don’t they do the same thing as Mint but without the middleman?
