Is Mint.com Safe?

{18 Comments}

Mint.com is a service that consolidates financial information from many accounts at different institutions. Imagine that you have a chequing account with TD Canada Trust and a savings account at ING Direct. Well, you could log into Mint.com, provide your login information for TD Canada Trust and ING Direct and presto! You can see both accounts by logging into Mint.com.

The example of a person having merely two accounts is trite compared to the reality of the modern Homo Economicus. I have a chequing account, credit cards (Canadian and US), savings account (ditto), Questrade, RRSPs, TFSAs – the mind boggles – let’s just say there’s a cornucopia of accounts to track.

I’d heard of Mint.com before, but I’ve only recently taken note. Why? (1) It now offers its service in Canada and (2) it’s advertised a lot on the TurboTax website. Both Mint.com and TurboTax are owned by Intuit. I really like TurboTax. I think it’s the best tax software on the market.

Questrade is Canada’s best brokerage. 1 cent commission per share ($4.95 min, $9.95 max). $50 in free trades.

At face value, Mint.com is fantastic – it’s an extremely convenient way to keep track of your disparate financial information. You can track your cash flows in meticulous detail, without the meticulousness. You could optimize your spending with pretty pie charts, calculate your net worth across time with a line graph, and track all of your gorgeous charts with yet another chart. The core idea of Mint.com also lends itself to an “App”, which you can access from a smart phone (or, if you’re a hipster, your iPad).

Upon deeper inspection, however, I am concerned about using the Mint.com service to aggregate real time account information. To do so, you’ll need to provide Mint.com with your login information for each of your banks. I’ve not heard of any Canadian institution explicitly approving Mint.com. If you have, please comment.

I’ve reviewed my agreement with my credit union – this agreement forbids me from giving away my online login information to anybody. Intuit is very trustworthy, but if I wouldn’t give my login information to my partner or my Mom, why would I give it to Intuit?

I called TD Canada Trust’s EasyLine to ask them if I could safely give Mint.com my login information. I did this on a Saturday night. Sigh, I know. Anyway, I talked to a nice lady named Shayna (sp? Sorry Shayna). She gave me a very definitive answer: if a TD Canada Trust customer provides his or her login information to a third party (including Mint.com) then this action would violate the customer’s Financial Services Agreement with the bank.

Violating your bank’s terms of service is bad news. It could be disastrous in the event of malicious activity on one or more of your accounts. Even if the activity is unrelated to your violation, the bank could try to claim that you voided your agreement by wilfully compromising your own account. If the bank won this argument, you could be on the hook for your losses or, worse, the losses resulting from the fraudulent activity. Would this position be defensible at law? I’m a layperson and have no idea. I’ll cheer for you while you’re in court. Good luck!

Are you looking to build your credit or get out of debt? Mint.com is OK at tracking your spending, but you’re going to need the right credit card. Here’s a quick guide on the best Canadian credit cards!Canada’s best Credit Card deal: Smart Cash MasterCard® Credit Card

Canada’s best Credit Card balance-transfer deal: Platinum Plus® - 0% interest for 10 months before fees (this deal is subject to change! Get it before it ends!!)

Canada’s best low, fixed-rate Credit Card: TrueLine MasterCard® credit card – Fixed 9.99% AIR

Canada’s best student rewards Credit Card: MBNA Rewards StudentAwards

Meanwhile, Mint.com says on their website, “Mint supports most Canadian banks, including RBC, TD, Scotiabank, Bank of Montreal, HSBC, Canadian Tire, ING Direct Canada, American Express Canada, National Bank of Canada, Desjardins, Capital One, and many more.” But I know that at least two of these listed banks don’t support Mint.com. (Also, not to get picky, but Desjardins is a caisse populaire).

To its credit, Mint.com has a fantastic Privacy and Security Policy. The policy states clearly and concisely what Intuit will do with your information. It also describes the extraordinary safe guards by which your information is protected. I trust Intuit dearly. Millions of Canadians, myself included, file their taxes with TurboTax.

Nevertheless, you shouldn’t give your banking information to Mint.com unless your financial institution tells you that you are allowed to do so. I give TurboTax my bank account number and other vital statistics, but providing this information does not violate any of my banking agreements. You can see how this is entirely different from giving my bank usernames and passwords to Mint.com. I am expressly forbidden from doing so by my financial service providers. The security and safety measures taken by Intuit are extraordinary in both cases. The information that you’re inputting is the difference.

To Mint.com’s credit, the Big Banks in Canada may be unfairly and anti-competitively refusing to approve Mint.com to promote their own pet systems for spending management (I’ve heard that RBC and BMO each have such a system). It’d be easy for the banks to provide a separate account access username/password that is “read-only”. This would guarantee the safety of services like Mint.com. Feel free to complain to your banks about their lazy obstinence. I told TD that I thought it’s unreasonable for them to deny customers choice in PerFi management.

At this point, however, Mint.com is not broadly bank-approved. Therefore giving your bank accounts’ logins and passwords to Mint.com (or any third party) isn’t safe. Your information is safe with Intuit, but by giving Intuit that information you’ve broken your agreements with your financial institutions. In turn, if any completely unrelated malicious activity took place on one of your accounts, your bank could attempt to deny liability on the basis that you comprised its security.

I can hear you cry, “But Mint.com pie charts are so pretty!” You can still use Mint.com. Don’t throw the baby out with the bathwater. How? Manually enter your revenues, expenses, assets, and liabilities. Yes, it’s a bit more effort. I think there are potential benefits, however, to manual entry. The manual entry process makes you think about each purchase individually. This type of conscious spending is a key component of building wealth.

Mint.com is a great, free tool that has the power to help you rationalize your finances. Use it safely.

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

18 Comments… Share your views

  1. Holy… That is kinda freaky. When Mint.com says they support most Canadian banks it really sounds like it goes both ways and the banks are ok with it too. Thanks for the heads up.

  2. Wow, knew nothing about this – thank-you for informing me!!

  3. Hello, Wood

    Thank you for the concise yet informative article. At the end of the day I don’t think it is worth it to give your login information to mint.com precisely because of what you mentioned, that it violates the terms and conditions that you signed onto with your bank. I think the chances of being a victim of some sort of fraud for anyone nowadays is great, and to have no legal ground to stand on with your bank would suck.

    Thanks for the article. Unless mint.com strikes a deal with all of these banks allowing it as some sort of registered entity that is permissible for us to use without violating the contract, I don’t think I’d sign up, but if that ever happens they’ll probably begin to charge people.

    • No problem Omar. If you want to get a bit more scared, try reading the Mint.com terms of service — they try to limit lawsuits to the jurisdiction of California and states damages are capped at $500 :S definitely not worth the risk of breaking your agreements with your banks.

  4. Very good points, I hadn’t spoken to TD (hack ptui (sound made while spitting)) directly, but I suspected they wouldn’t be too happy to know other folks have my on line banking passwords.

    I just use Quicken for now, and am happy enough with it (and manually download and all that stuff). I am too old to learn a new program, I am happy in my ignorance.

  5. Silver Speculation March 26, 2012 at 1:47 am

    I was not aware of mint.com but after reading and visiting this website I felt, it is quite interesting for any type of financial information in detail. I think it is very useful for new users of finance sector.

  6. I don’t think they allow manual entry anymore :/. I tried the app, but it required me to enter my bank account #. pity.

    • I was unaware. Sorry to hear this; I should look into it and possibly revise the post. The banks should be forced to create a safe “read-only” version of account access. But they’re all busy peddling their own pet financial management “tools” that encourage consumers to consolidate their financial products with a single institution. No thanks!

  7. Most of you are not getting the point….YES, mint.com is a read-only service, BUT if someone gets a hand on your mint.com data, which includes your bank online login and password, then they can access your online banking service with full control. Mint.com promises to be readonly, a hacker however makes no such promise.

  8. Mint.com also states that they encrypt your login info, and I take it to mean that they don’t “see” your login info so is it really breaking your bank agreement? Also, it is very likely that the interface provided by the banks to the Mint.com application is in fact read-only. The bank controls the access to your data, lets you do more but 3rd party apps are restricted to only pull transactions.

    I am still deciding whether or not I want to use Mint.com… looking for a case where someone had a bad experience. Anyone?

    • Ron, when I wrote the original article I researched it. While I think a read-only interface SHOULD be provided, this was not the case for the Big Six Banks when I wrote the post. If this has changed, let me know, but please don’t substitute speculation for informed opinion. The fact that they “should” does not make it “very likely”. While I think Mint would be a very useful tool, I am not willing to use it when there is “greyspace” not protected by my bank OR Intuit. If you want to take a risk like that, perhaps you should read today’s post about the Gov losing private data on half a million students.

      • Joe, your article gives readers a lot to think about, but you did not mention that the method by which banks exchange data has been in use for years and it’s the same method used by Mint. Intuit has a lot riding on this system and if ONE compromise happened it could seriously damage their bottom line. Not so for a Gov compromise so you’re comparing apples to oranges there.

        In the end, we all have to do our own research and shouldn’t base a decision on one blog post, right? And we are each ok with a certain level of risk and can take steps to minimize risk like changing passwords before/after using Mint. Just a suggestion for your readers.

        • Ron -

          I think this misses the point. Even if Mint and your bank use the same security processes, Mint has no liability to you if that security is breached.

          If someone gets your password from your bank somehow by hacking into its servers and transfers money out of your account, then your bank is liable.

          If someone hacks into Mint and gets your account and password information, then goes to your online bank account and logs into it with this stolen information, then transfers all your money out of your account, then that’s your liability. You will have no recourse as Mint is a free service, has a liability clause and *you willingly gave them your password!*

          And you know what? Banks are hacked all the time. They don’t advertise it, just like they don’t advertise the internal employee theft (which also occurs all the time), because they see it as a “cost of doing business” and don’t want to concern their customers about safety. But be assured, banks are hacked, and they cover the costs themselves.

          But they won’t cover the cost of Mint being hacked or having internal theft issues. And neither will Mint.

          I have no problem with giving my account number to others. As we should all know by now, we do that every day the moment we write a cheque or use our credit card. But we *don’t* give them our passwords to those accounts!

          Bottom line is, if someone steals your bank account information and password from your bank, you are covered. That’s their breach. If they steal it from Mint and then log into your bank account, you’re not.

  9. What is the consensus on the risk of a non Canadian based service. I would hate to see the Patriot act applied to my information dispersal, let alone US tax probes, help-desk remote access etc. I am surprised there is little comment on the laws that apply to the privacy of the data. Maybe further maturing of this service will make it acceptable.
    I am hoping our investment company may have rights recognized by the Canadian banks allowing them to provide such a service.

    • Good points, Frank. As you can see, I don’t recommend the product unless and until it matures further. Unfortunately there’s been no changes on these important issues, at least to my knowledge, since I wrote this post a year ago. Part of the problem is the Canadian banks’ refusal to cooperate with any of these financial tools by providing “read only” access or amending their service agreements. And, not to be cynical, but several banks are trying to push their OWN proprietary systems which makes me wonder about whether the motivation on their end is truly security.

      There should be an open, competitive market for these financial tools, but rooted in the safety that only commonsense government regulations can provide in these “collective action problem” situations. I.e. that banks must provide alternate “read only” access to all online accounts for free, and financial tool producers must comply with PIPEDA (as they really should if they’re doing business in Canada).

  10. After reading this post, I am extremely sad and disappointing that I will have to stop using Mint. As someone who is trying to get their budget and expenses in control, I found this software optimal. Would you have any suggestions for software that is similar to Mint? have any changes been made to way the big banks think?

Leave a Comment

Your email address will not be published.

*

{ 2 Trackbacks }

  1. Conscious Spending - Four Tips from a Pro - TimelessFinance (Pingback)
  2. Tracking Personal Finances « Porlock Digital Solutions (Pingback)