Thoughts on mint.com

dukebound85

macrumors P6
Original poster
Jul 17, 2005
18,135
1,447
5045 feet above sea level
Sounds cool but I can't help but be uber wary

Is it better to avoid this? I hate entering bank info to a website but I hear it has good reviews

Are my concerns warranted? or are they unfounded? Any one have experience with this?
 

robanga

macrumors 68000
Aug 25, 2007
1,657
1
Oregon
I've heard a lot of good things as well. Now that they are owned by Intuit, you'd also figure that the experience would be more secure being run by a larger publicly held company.
 

maflynn

Moderator
Staff member
May 3, 2009
65,874
32,200
Boston
Intersting idea but there's no way I'd give that company (or any company) my bank info.
 

old-wiz

macrumors G3
Mar 26, 2008
8,323
225
West Suburban Boston Ma
they have the usual Verisign, TrustE, etc, but these are not all that trustworthy in my opinion. They haven't been around long, and their track record at security is not proven.
 

angelwatt

Moderator emeritus
Aug 16, 2005
7,857
7
USA
they have the usual Verisign, TrustE, etc, but these are not all that trustworthy in my opinion. They haven't been around long, and their track record at security is not proven.
They've been around for 2 years now and I haven't read about any security issues so their track record is actually pretty good. They seem to have all of the same security in place that bank web sites do and a lot of people use those. I don't have an account at Mint as I don't see a personal use for it, but I do see it as secure and trustworthy as a banking web site.

Here's one article on this topic in general.
 

sl1200mk2

macrumors 6502
Oct 17, 2006
320
3
I've been using Mint since practically day #1 and love it. It's a fantastic site. My budgeting and financial needs are fairly simple and it works perfectly for my situation.

they have the usual Verisign, TrustE, etc, but these are not all that trustworthy in my opinion. They haven't been around long, and their track record at security is not proven.
An FYI, Verisign has been around forever in internet terms. They are one of the most highly regarded (albeit overpriced) SSL vendors and also control the root DNS servers for the entire internet. If you browse the web your using Versign servers.

As far as giving Mint financial information, you all are living under a rock and in denial if you think giving them information is any worse then ever making a single purchase online. It's far more secure than your typical ecommerce site. I know a thing or two about this as I've worked in the hosting industry for over 8 years. I can't tell you (in obvious violation of PCI compliance) how many times I've seen full name, credit card, CVV, expiration and address information sitting in a database or file, plain text, unencrypted / hashed.

I'm far more uncomfortable giving my credit card to a teenager in a restaurant who disappears in back somewhere for a few minutes with opportunity to do god knows what than I ever would be with Mint. In fact, the two times in 20 years I've ever had any "mystery" charges on my accounts where in a few days of having been dining out.

The routine (daily) inspection and scrutiny that Mint and major financial institutions undergo is about as safe as it gets online.
 

miles01110

macrumors Core
Jul 24, 2006
19,269
31
The Ivory Tower (I'm not coming down)
As far as giving Mint financial information, you all are living under a rock and in denial if you think giving them information is any worse then ever making a single purchase online.
Actually that's not correct.

Giving your card to a teenager who disappears with it to charge something to it is no different than making a purchase on line if there's ever a problem, because you are not liable for any charges you didn't make to your card if it's ever appropriated by an unauthorized third party. In fact, this is what makes the entire credit card system work- the onus falls on the credit provider to prove that you made charges to your card.

If a hacker somehow gets into Mint's system or access your information via social engineering, guessing a weak password, or otherwise stealing your identity and winds up transferring money out of your bank account by otherwise legitimate means to a Swiss bank account, you are 100% screwed.
 

sl1200mk2

macrumors 6502
Oct 17, 2006
320
3
Actually that's not correct.

Giving your card to a teenager who disappears with it to charge something to it is no different than making a purchase on line if there's ever a problem, because you are not liable for any charges you didn't make to your card if it's ever appropriated by an unauthorized third party. In fact, this is what makes the entire credit card system work- the onus falls on the credit provider to prove that you made charges to your card.

If a hacker somehow gets into Mint's system or access your information via social engineering, guessing a weak password, or otherwise stealing your identity and winds up transferring money out of your bank account by otherwise legitimate means to a Swiss bank account, you are 100% screwed.
I'll take my chances. ;)
 

robanga

macrumors 68000
Aug 25, 2007
1,657
1
Oregon
When comparing the risk to other commerce and banking sites, you have to consider that very few of those have all of the information on you. Mint as I understand it, requires a bit more info on multiple accounts etc.

Still I agree with the others that say they use the best security they can. I believe I am going to start using it.
 

Ashka

macrumors 6502a
Aug 9, 2008
600
66
New Zealand
No, No & No.

After all that has happened with all the World wide financial skulduggery that Banks and related businesses have been getting up to over the last who knows how many years and you are thinking seriously about giving some online company that is only two years old all your banking details....

Trust is something that is earnt not given away to some tinpot outfit to save an hour or so a month.
 

sl1200mk2

macrumors 6502
Oct 17, 2006
320
3
No, No & No.

After all that has happened with all the World wide financial skulduggery that Banks and related businesses have been getting up to over the last who knows how many years and you are thinking seriously about giving some online company that is only two years old all your banking details....

Trust is something that is earnt not given away to some tinpot outfit to save an hour or so a month.
It's pretty obviously everyone is highly confused about what information you're actually giving Mint, because you haven't actually used the service. Everyone is under the impression that you must be filling out forms with every bit of personally identifiable information about you and possibly DNA samples. That just isn't the case.

Here's what Mint does not have:

1. Your name
2. Your address
3. Anything that actually would identify who you really are other than a random username and password
4. Any of your actual full account numbers to any financial institution (unless yours is stupid enough to use your account number as a login).

Here's what Mint does have:

1. Usernames and passwords used to access your various online banking accounts

"Yes, but doesn't that sound really really bad?" -- it does, until you think about what it actually means in practice. It's the same as someone being able to log into your online bank account or credit card. What can they actually do from there? For me, that means they know what banks / credit cards I use, can see my balances, see my recent transactions and possibly steal $1,000 via transfer (the maximum online transfer my bank allows) -- which I would promptly get back. Being able to access your account online, in most cases, is pretty limiting, which is intentional, because real fraud does happen.

What they still don't have:

1. My name
2. My address
3. My full account numbers (because these are never fully displayed by any reputable financial institution online)
4. Any real identifiable information about me other than my spending habits and account balances
5. My credit card CVV numbers

No one is stealing my identity or wiring off my life savings to Switzerland as someone else implied. They have nothing about me that even remotely allows that.

You don't have to give Mint any information you don't want to. For example, my retirement accounts are not in Mint, nor are my savings accounts. No reason to be. I only have my daily checking account and a couple credit cards to track spending habits and balances in a central location.

Maybe I'm just a bit too trusting in this case, but I really don't see what the super paranoid concern is once you review what's really at stake. And I'm generally highly skeptical and non-trusting, especially online where practically everything is a scam. I'm not saying you don't have to be sensible and blindly throw some outfit everything about you. That'd be insanity, but really, Mint has less information and is far harder to crack than someone cracking and packet sniffing my wireless network which the majority of you use wireless as well. There's a lot more online and in my daily life to worry about other than Mint.
 

miles01110

macrumors Core
Jul 24, 2006
19,269
31
The Ivory Tower (I'm not coming down)
1. Your name
Who cares about your name if I've already got your bank info?

2. Your address
3. Anything that actually would identify who you really are other than a random username and password
4. Any of your actual full account numbers to any financial institution (unless yours is stupid enough to use your account number as a login).
See above. And for #4, once you're into your online banking system that's simple enough to find out.

Here's what Mint does have:

1. Usernames and passwords used to access your various online banking accounts

...For me, that means they know what banks / credit cards I use, can see my balances, see my recent transactions and possibly steal $1,000 via transfer (the maximum online transfer my bank allows) -- which I would promptly get back.
"Promptly" ? You'd have to go through a lot of bureaucracy and have an annoying time of it, unless you have a good bank like USAA. A thief logging into your bank account looks exactly the same as you logging into your account, so you *are* responsible for proving your innocence.

What they still don't have:

1. My name
2. My address
3. My full account numbers (because these are never fully displayed by any reputable financial institution online)
4. Any real identifiable information about me other than my spending habits and account balances
5. My credit card CVV numbers
Again, 1-4 don't matter. 5 is unimportant because with credit cards you're not liable.

They have nothing about me that even remotely allows that.
...They have your account numbers and access to a means of transfer. It's not your entire life savings, but it's enough that you are going to be pissed about it.

You don't have to give Mint any information you don't want to.
Yes, but most people aren't careful.

That'd be insanity, but really, Mint has less information and is far harder to crack than someone cracking and packet sniffing my wireless network which the majority of you use wireless as well. There's a lot more online and in my daily life to worry about other than Mint.
I don't know why people fixate on the difficulty of cracking AES, RSA, SSL, or whatever other encryption algorithm X company uses to secure their data. That's simply not how data gets stolen. It's almost totally irrelevant against systems competent enough to implement a good algorithm. If you pick a strong password for Mint, you're fine. The problem is most people don't, and those are the people that are going to have a very stressful experience dealing with their bank.
 

sl1200mk2

macrumors 6502
Oct 17, 2006
320
3
I wrote this whole huge long post, then came back and deleted it. I realized that I just don't care. Do what you like folks. Just do it with strong passwords. :)
 

Similar threads

  • pwygant
31
Replies
31
Views
3K
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.