I am so grateful to them. I love the idea of Mint, however they should be using API keys. Accounts are only as secure as your password and by linking your account between Mint and the bank you are litterly handing over your full username and password to your bank web services.
You lost me here. If this was one way only as they say, you should have my login credentials to login into my bank account. That info gets out, you are fawked. Quickbook and Waveapps connect to the bank accounts and download transactions to perform accounting function.
I found this out the hard way, and lost everything. FYI — the account I deleted was at the bottom of my list, and may have been the first account I set up. I would have expected an error message, telling me this would happen. Mint only needs to read data from the bank account. They would do the same thing to import the transactions from the bank. Is it not? I think if you changed the login passwords for your bank accounts, it would have prevented Mint to access your accounts.
So I had to re-open my account and eliminate my bank account info, and close it again. Just keep putting all your finances online, just keep doing it and I lay money on the table — there will be a day it will be hacked.
All your info that laid on that could server is gone, in the hands of someone in a foreign land. Let me keep my information on my computer, with the password stored safely inside my little head. Spammers, and scammers, purport to represent all kinds of companies, from major banks or credit unions to companies like PayPal, eBay, and Mint.
Just right after I registered my account with mint. After this happened, I deleted my account, changed passwords for my 2 banks. Same thing happened to me when I just subscribed to Netflix then few days later I received an email from fake Netflix to update my payment info. I think these scammers are working in those companies even if contract working outside. Moreover, it would be nearly impossible for them to find this out.
The problem is that if your bank account is hacked and they find you have a Mint. The bank would not reimburse him so he was just out the money. Can anyone give me an opinion on how safe they think this would be when linked solely to a credit card? This is a non-issue with strong passwords. A mint breach would actually not be a big deal if my banks offered physical security token authentication for any withdraws that were not done via check or atm card.
That way even if they were able to log into my account they could not transfer any money unless they someone broke the banks servers which kept my specific security token or physically stole my token. I have been told this it normal practice for consumers in European banks. I believe that perhaps private information should remain private and not stored or viewed by anyone else than the actual owner of the information. Doug is right. Banks would rather you use their dashboard and import all of your other accounts to their convenient PFM software because they will use the information to market products to you.
I know this because I work for a bank and just sat through a demo of software that would give that capability to our marketing department. I feel you. Now that Mint. They went from the relative safety of read-only to murky land of read-write. On a side note, I have yet to find a local application that acts like Mint with regard to online accounts.
I want a solution that simply shows my current balance from my bank and uses the transactions simply for budgeting. This article applies only to Canada. In the US, under federal regulations, banks are liable for any unauthorized spending even if the user transmits the login information to a third party as long as the user did not authorize the third party to conduct transactions.
Similarly, they also partner with SecureKey Concierge and the Government of Canada to use your online banking sign-in details to access Government of Canada services. Crap software. Anyone using Wifi on their PC or other device can be hacked.
Quicken needs some good competition. I may try Mint, as others rated it pretty good. This should be a technical solution. OAuth2 is a mechanism that most tech services like Google, Microsoft, Facebook, etcetera utilize for a user to allow a third party to access content from their site.
In this case, it would be the banks providing OAuth2 capabilities for integration with Mint. Banks probably do not want to create this capability. They would blame OAuth2 for not being sufficiently secure. But, this is likely a red herring argument to disguise the real reason: banks want you visiting their sites so they can sell you new services.
Now you can sleep at night. The article makes no sense, whenever it was published. By a long shot. Easy fix, no advancements on that. Does merely closing the mint account resolve the issue with the banks so that you become protected for fraud again? Or are there any further steps you must take? Note that in the Privacy Statement mint. Just because you have nothing to hide does not make this violation of the 4th Amendment okay.
Such 3rd parties will assume responsibility for the personal information collected by us in connection with our business operations or through our Sites and such third parties will assume the rights and obligations regarding such information as described in this Mint Privacy Statement. Mint does not have your passwords. They have a unique, unencryptable hash key that was created by your bank account in order to connect Mint to your bank.
That API key can only access certain bank info in a read only format. When I signed up to Mint a while back I tested this theory: 1. Enter your bank details into Mint. Wait until Mint syncs your transactions to make sure everything is working. Go and change your banking password. The Mint sync is now broken because Mint is using your old password to try and connect.
Dylan, I think the bank has to invalidate the token if you change your password. Otherwise, the company using the token would have access forever. They offer a unique password that only allows read only access to your bank. This is the code you give Mint instead of your real password so your money is in no danger. Hang on a second.
If they only got into your Mint account they would still be able to gather enough personal information to then call your bank and impersonate you. Again thanks for the response. Where your bank will not cover you, your personal insurance may!
I am not sure if they would have an issue with the banking passwords on third-party sites and deny you coverage however. I may have to look into that a little deeper as an article idea! What robmausser says just above. You are more likely to have your bank account compromised by malware you unknowingly download to your PC or by phone and internet scams than by Mint getting compromised. This is because its a one way street. Mint is only allowed from the API that is what your bank uses to add their service to Mint to view the status of your funds and transactions.
Thats it. Now, someone could hack Mint but all they would get would be your financial history, which may be unsettling to you. But they could never get your money. I know you add your banks to Mint by logging into your bank information on that add account page, but that is being handled by your bank, not with Mint. Once you log in, your bank gives Mint a special access hash that is unique to you, your bank and Mint.
It would be much easier for them to do it straight from your online bank websites, which I am sure you now log into individually on your computer.
If I was a hacker trying to take your money, I would much prefer this approach. You are actually making yourself more vulnerable by using each of your online banking websites rather than just Mint! It is more likely that your computer will get infected while you are browsing the internet for whatever you browse for, and that your credentials will be stolen that way.
Mint and all the other budgeting apps encrypt your passwords. So even if they were hacked, now the hackers have to crack encryption to get your password. So when you go to login, you have to use your password and another piece of information that is only good for one use. Some banks give you a little device with numbers on it that change every few seconds, other banks text you a code to your phone. Other banks only allow access from a specific IP address or a specific computer.
So even if mint. I like the comments everyone has made, and Young, you bring up some great points, i just wanted to let everyone know that there are some things you can do to lower the likelyhood of getting hacked.
Also, protect your email account. I mean, you receive statements and account info in your email right? How many of us have gone paperless? Use multifactor for your password and tell your banks to enrypt and password protect your statements when they send them to you.
My question to you is — what are you using now? Is there something you recommend? I read your concerns about mint. Maybe there is an app opportunity there for you? Check out our website and let me know what you think! Absolutely valid concern, however there are banks that allow to create a read-only guest account which works great for third-party applications like Mint.
And if there are some destructive actions made through read-only guest account which functionality is provided by the bank , the bank is responsible for it. The really stupid thing is that there are lots of ways that something like Mint could be done without having to give it your banking password. The banks would have to get onboard with the idea that you should be able to give your info to third party websites via their website.
The problem is with the banks, not with Mint. For the record, I do use Mint, but just for my credit cards and one chequing account. If those were hacked, it could be a pain, but my financial loss would be quite limited. I originally had these same concerns. But since then, my financial institutions have added the third layer of protection to their website. The third layer requires you to enter a security key or secret question if you log on from an unrecognized computer.
In consideration of UBS complying with your request to enroll in this service, by entering your OLS User Name and password and by clicking the box below, you agree to hold UBS harmless from any loss or damages that you may incur as a result of providing Intuit with your User Name and password, including mistaken identity, unauthorized access to your account, unauthorized use of Bill Pay, Funds Transfer and other means to transfer money and securities, unauthorized acquisition and use of your personal information by others who may access your accounts via OLS.
I work in information security. Even if a breach occurs at a third party, if money is stolen from you, your bank should replace it and run an investigation. Fraud is fraud no matter where it comes from. I use Mint for all my information and have no intention of stopping. Bobby, this is incorrect. If you give away your login details to a third party, you forfeit any protection the bank offers.
There was a story years ago of a Canadian who was victim of fraud and never got a penny from the bank because he admitted that his wife knew his PIN. So how is keeping your information on a spreadsheet, notebook, day-planner, quicken, or YNAB any different?
It all can be considered third party. Like Bobby said, it is a lot easier for a hacker to get your personal files then crack mints intense security. Just curious if you then took the extra step to change your bank accounts i. If there ever was a breach to your account, would your bank know that you had once given a third party access to your account and on that basis can they then deny any claim for stolen money?
Just wondering how the agreements work in such a case. Of course banks continually like to remind Mint. The reality, however, is that it seems that banks are more fearful of the transparancy that Mint. I am risk adverse as well, however, the transparency of all banking transactions and fees, ease of use and security that mint. I use YNAB, so all fianacial info is on my computer and there are no account password details stored anywhere.
I also only have one bank account since you use YNAB to allocate the money, not different accounts. Mint is simpler, buy YNAB is safer and better for budgeting. Free opensource software. Runs on Linux, Mac, and Windows. So, I never jumped on the Mint bandwagon.
I can see and understand your reasons. Security is huge. We pay virtually everything by credit card and pay this off at the end of the month and everything there seems to balance. Do you have any insight you could offer as to why our budget says we have money that is not in the bank even at the end of the month?
Also and this is really presumptuous — would you be willing to share your spreadsheet sans your transactions of course? Hi, I was a big fan of mint until recently. I read the security policy and found out that their servers keep some of your records even after you delete your account. But I should also mention that mint notified me, way before I could notice it in my bank account, when my credit was fraudulently used.
To help users better track and spend, Mint downloads several months of data from accounts, including transactions. Among other features, Mint allows users to track cash and ATM transactions to ensure they are keeping an eye on all of their spending. With all the funds accounted for, Mint lets users categorize different areas of spending, and the customization feature allows for tagging certain transactions to get a more in-depth analysis of the transaction.
Mint's main categories include overview, transactions, bills, budgets, goals, trends, investments, and ways to save. From there, users can set up alerts for bills or other financial goals. As its main draw, Mint's budgeting feature allows users to create categories that track their own budgets based on their financial and transaction history and data.
The budgets can be set by the week, month or other longer periods of time. And if users go over budget in a particular area or are late on a bill payment, Mint can send reminder alerts or other notifications -- a draw for users who lack discipline. To promote saving, Mint recommends credit card deals, insurance and a variety of other financial deals. And if users need to keep track of investments, Mint helps them manage their k or IRA, and even suggests brokerages. Additionally, Mint provides reports on things like debt, spending, income and even net worth.
As an added plus, the service provides a free credit score. The app aggregates financial statements, bills, bank accounts and payment accounts like PayPal. JPM Report. But how dangerous is aggregating all financial information on one app, really? Additionally, Mint uses bit encryption to protect files on the company's servers. The app also uses multi-factor authentication including security questions , passwords and Touch ID to provide customers with additional security. Moreover, Mint reportedly hires hackers to test the system's security on a quarterly basis.
Budgeting can be a wonderful thing. It keeps your expenses and shopping habits in check and, at least in theory, ensures that you always have enough funds to make ends meet. But when budget charts moved from spreadsheets to personal finance apps that have direct access to your bank account, people began to question how secure their data would be. When applications like Mint , PocketGuard and Wally were first released in the mids, they garnered a lot of negative media attention focused on the presumed security risk of giving away your banking passwords for the sake of organizing your finances.
Since then, the negative noise has died down, and Mint, which comes from Intuit, the same company behind Quickbooks and Turbotax, has become one of the most popular budgeting apps, with over 10 million users. But have these apps become more secure, or did people simply become more comfortable with them?
Should consumers be worried? Apps like Mint ask you to plug in your banking information so the program can keep track of your expenses and overall balance to make a budgeting plan. The main concern with this is that giving these apps access to this sensitive information can make you vulnerable to fraud because of the risk of a data breach, or an outside party somehow gaining access to your banking passwords.
0コメント