Is Mint.com Safe? Power of Attorney question

Non-investing personal finance issues including insurance, credit, real estate, taxes, employment and legal issues such as trusts and wills.
Post Reply
Topic Author
aadwen
Posts: 180
Joined: Fri Dec 04, 2009 11:42 pm

Is Mint.com Safe? Power of Attorney question

Post by aadwen »

Is Mint.com safe? It looks like you grant them limited power of attorney by signing up????

By using the Service, you expressly authorize Mint to access your Account Information maintained by identified third parties, on your behalf as your agent. When you use the “Add Accounts” feature of the Service, you will be directly connected to the website for the third party you have identified. Mint will submit information including usernames and passwords that you provide to log you into the site. You hereby authorize and permit Mint to use and store information submitted by you to the Service (such as account passwords and user names) to accomplish the foregoing and to configure the Service so that it is compatible with the third party sites for which you submit your information. For purposes of this Agreement and solely to provide the Account Information to you as part of the Service, you grant Mint a limited power of attorney, and appoint Mint as your attorney-in-fact and agent, to access third party sites, retrieve and use your information with the full power and authority to do and perform each thing necessary in connection with such activities, as you could do in person. YOU ACKNOWLEDGE AND AGREE THAT WHEN MINT IS ACCESSING AND RETRIEVING ACCOUNT INFORMATION FROM THIRD PARTY SITES, MINT IS ACTING AS YOUR AGENT, AND NOT AS THE AGENT OF OR ON BEHALF OF THE THIRD PARTY. You understand and agree that the Service is not sponsored or endorsed by any third parties accessible through the Service.
TRC
Posts: 1969
Joined: Sat Dec 20, 2008 4:38 pm

Post by TRC »

I used it for about a month canceling my account It was unable to link up a number of my accounts, so it only gave me a partial view of my financial profile. It's free...you get what you pay for.
junior
Posts: 1452
Joined: Wed Sep 10, 2008 6:14 pm
Contact:

Re: Is Mint.com Safe??? Power of Attorney question.

Post by junior »

aadwen wrote:Is Mint.com safe? It looks like you grant them limited power of attorney by signing up????

By using the Service, you expressly authorize Mint to access your Account Information maintained by identified third parties, on your behalf as your agent. When you use the “Add Accounts” feature of the Service, you will be directly connected to the website for the third party you have identified. Mint will submit information including usernames and passwords that you provide to log you into the site. You hereby authorize and permit Mint to use and store information submitted by you to the Service (such as account passwords and user names) to accomplish the foregoing and to configure the Service so that it is compatible with the third party sites for which you submit your information. For purposes of this Agreement and solely to provide the Account Information to you as part of the Service, you grant Mint a limited power of attorney, and appoint Mint as your attorney-in-fact and agent, to access third party sites, retrieve and use your information with the full power and authority to do and perform each thing necessary in connection with such activities, as you could do in person. YOU ACKNOWLEDGE AND AGREE THAT WHEN MINT IS ACCESSING AND RETRIEVING ACCOUNT INFORMATION FROM THIRD PARTY SITES, MINT IS ACTING AS YOUR AGENT, AND NOT AS THE AGENT OF OR ON BEHALF OF THE THIRD PARTY. You understand and agree that the Service is not sponsored or endorsed by any third parties accessible through the Service.
Don't take this as legal advice, but, its says limited power of attorney, which Nolo.com defines as

"limited power of attorney
A power of attorney that gives the agent power to handle only a specified matter -- for example, to sign papers completing a single business transaction or property transfer. (Compare: general power of attorney)"

So my reading is it means you are granting them permission to log in to your financial web sites and doing what's necessary to download your account information. That seems entirely appropriate. It looks like that the extent of the power you are giving them.
Topic Author
aadwen
Posts: 180
Joined: Fri Dec 04, 2009 11:42 pm

Post by aadwen »

That didn't answer my question....

Seems like the service is excellent. I want to make sure the power of attorney gives them the right to pull my info and nothing else
junior
Posts: 1452
Joined: Wed Sep 10, 2008 6:14 pm
Contact:

Post by junior »

aadwen wrote:That didn't answer my question....

Seems like the service is excellent. I want to make sure the power of attorney gives them the right to pull my info and nothing else
It posted before yours, so see my post above.
User avatar
Ice-9
Posts: 1579
Joined: Wed Oct 15, 2008 12:40 pm
Location: MD

Post by Ice-9 »

TRC wrote:I used it for about a month canceling my account It was unable to link up a number of my accounts, so it only gave me a partial view of my financial profile. It's free...you get what you pay for.
You should try yodlee.com instead. As I understand it, mint.com based their product on yodlee.com but made it more snazzy looking and for some reason offer fewer accounts.

Between various retirement and taxable accounts, banks, credit cards, credit card rewards, and monthly bills I have 40 accounts currently being tracked by Yodlee. Most of them were already tracked by Yodlee when I signed up. The two that weren't, I made a suggestion to add them on their forum and used their manual account tracking feature until they added them about two months later.

Very handy - keeps track of my net worth, spending by category, and even gives me warnings for certain events I set in advance happening on certain accounts (ie a deposit or withdrawal above a certain amount, a balance reaching a certain % of the limit, etc)
sscritic
Posts: 21853
Joined: Thu Sep 06, 2007 8:36 am

Post by sscritic »

Ice-9 wrote:
You should try yodlee.com instead. As I understand it, mint.com based their product on yodlee.com but made it more snazzy looking and for some reason offer fewer accounts.
Mint post-Intuit-takeover will no longer be using Yodlee for account aggregation.
Intuit has it’s own back-end account aggregation service that it will use instead of Yodlee.
http://www.techcrunch.com/2009/09/18/mi ... s-youtube/

As someone who is unhappy with Intuit, I don't buy TurboTax and I am looking to get out from under Quicken. If I decide to use an on-line aggregator, I will use yodlee, not mint.
Ron
Posts: 6972
Joined: Fri Feb 23, 2007 6:46 pm
Location: Allentown–Bethlehem–Easton, PA-NJ Metropolitan Statistical Area

Post by Ron »

sscritic wrote:As someone who is unhappy with Intuit, I don't buy TurboTax and I am looking to get out from under Quicken. If I decide to use an on-line aggregator, I will use yodlee, not mint.
Just a note on Yodlee. It is used "under the coverers" for FIDO's Full View (as input to the Retirement Income Planner - e.g. "RIP") and linked to M* for portfolio/holdings breakdown when using FIDO products.

I use FIDO's services, along with a separate accont on Yodlee (to pick up my non-retirement and CC accounts).

Sorry, I still do use Quicken (as I have over the last 20+ years :lol: )...

- Ron
downshiftme
Posts: 1142
Joined: Sun Mar 11, 2007 6:11 pm

Post by downshiftme »

How can any service that you give your passwords to be safe? Of course it's not safe. I'm sure they have procedures to guard the accounts and they used to make a big deal about the fact that they do not store the passwords (they pass them to another company to store. lol)

Many people use the service and seem to feel the risks are acceptable. I think this is far too much risk for me and I would never give them access to my accounts. YMMV.
Ron
Posts: 6972
Joined: Fri Feb 23, 2007 6:46 pm
Location: Allentown–Bethlehem–Easton, PA-NJ Metropolitan Statistical Area

Post by Ron »

downshiftme wrote:I think this is far too much risk for me and I would never give them access to my accounts. YMMV.
Simple; then just don't do it :roll: ...

As for me? I have an auto-email sent to me for any transaction (that is ANY transaction) that affects my accounts over $1.

I also "pull" my accounts on Vanguard, Yodlee, FIDO, etc. on a daily basis. I'm well aware of what is happening in my account (and my wife's) on a daily basis.

If anything, it is more timely than anything that happened in the "old days" of receiving monthly paper statements.

But if you don't "trust" the system? Then fine; do what you must, in your situation (I'm not here to "convert" you in any manner :wink: )...

- Ron
CaptMidnight
Posts: 757
Joined: Tue May 15, 2007 5:58 am

Post by CaptMidnight »

downshiftme wrote:How can any service that you give your passwords to be safe? Of course it's not safe. I'm sure they have procedures to guard the accounts and they used to make a big deal about the fact that they do not store the passwords (they pass them to another company to store. lol)

Many people use the service and seem to feel the risks are acceptable. I think this is far too much risk for me and I would never give them access to my accounts. YMMV.
Words of wisdom. It is not possible for any outsider to assess the risk. While probably nothing untoward will ever happen, if it does, you might be ruined. How could a mere convenience benefit be worth that risk?
The history of thought and culture is ... a changing pattern of great liberating ideas that inevitably turn in suffocating straightjackets... | --Isaiah Berlin
TRC
Posts: 1969
Joined: Sat Dec 20, 2008 4:38 pm

Post by TRC »

CaptMidnight wrote:
downshiftme wrote:How can any service that you give your passwords to be safe? Of course it's not safe. I'm sure they have procedures to guard the accounts and they used to make a big deal about the fact that they do not store the passwords (they pass them to another company to store. lol)

Many people use the service and seem to feel the risks are acceptable. I think this is far too much risk for me and I would never give them access to my accounts. YMMV.
Words of wisdom. It is not possible for any outsider to assess the risk. While probably nothing untoward will ever happen, if it does, you might be ruined. How could a mere convenience benefit be worth that risk?
With that logic, you should keep your money buried under your house. Any company is open to being hacked, including your bank, credit card companies, investment accounts, etc. (not just mint).
User avatar
Steelersfan
Posts: 4129
Joined: Thu Jun 19, 2008 8:47 pm

Post by Steelersfan »

I really like the convenience of accessing cash using my debit card from an ATM, both in the U.S. and when I travel to Europe. Is there a risk? Someone inside the bank or somewhere between the ATM and my bank could steal my account number and password. Sure there's risk, but the convenience way outweighs the risk.

I think that risk is actually greater than giving some information aggregator the right to access my account balance and transaction history.

Disclosure - I worked in technology for a large financial institution who provided both ATM access and information aggregation.
vgoel
Posts: 40
Joined: Mon Aug 31, 2009 4:26 pm
Location: Silicon Valley

Post by vgoel »

I used Mint for a number of months and then deleted my account. I did not like Mint employees getting interviewed on TV talking about trends that they were seeing on their site. I run a lot of my life using Google and other cloud based services but I got uncomfortable with Mint.
mfen
Posts: 672
Joined: Sun Jun 21, 2009 5:23 am

Post by mfen »

With that logic, you should keep your money buried under your house. Any company is open to being hacked, including your bank, credit card companies, investment accounts, etc. (not just mint).
Not the same thing. You have legal/fiduciary protections with banks and brokerages. You have government protections and regulations with banks and brokerages. Mint and similar sites are just marketing programs to offer you a service to sell a product, they are not regulated financial institutions. It seems Mint was trying to sell itself, which is a common marketing program for internet websites. They develop a service that drives consumers to their website and when they reach critical mass they market themselves out to the highest bidder, in Mint's case it was Quicken. Fortunately Quicken is a fairly transparent company, but they are just using their aggregator as a marketing tool to sell you software.

If your bank gets hacked you have a substantial probability of getting your money back and you will have the full force of the court systems to help you, not so with some internet aggregator.
Maryanne
Larry Johnson
Posts: 183
Joined: Mon Dec 08, 2008 9:30 am
Location: Tulsa, Oklahoma

milnt.com

Post by Larry Johnson »

Giving a limited power of attorney to strangers is simply stupid.
Topic Author
aadwen
Posts: 180
Joined: Fri Dec 04, 2009 11:42 pm

Post by aadwen »

What program can I buy that can do all of this safely with no risk?
User avatar
greg24
Posts: 4512
Joined: Tue Feb 20, 2007 9:34 am

Post by greg24 »

aadwen wrote:What program can I buy that can do all of this safely with no risk?
I was going to say a pen and paper, but someone might come steal that from your house.
User avatar
Cloud
Posts: 662
Joined: Wed Sep 12, 2007 12:43 pm

Re: milnt.com

Post by Cloud »

Larry Johnson wrote:Giving a limited power of attorney to strangers is simply stupid.
I'm with you there.... And what ever happened to your bank not being responsible if you give out your password and it's used to harm you... Once you give out your password to a third party all bets are off and you have no recourse to recover any funds. Good luck.
User avatar
Lbill
Posts: 4997
Joined: Thu Mar 13, 2008 11:25 pm
Location: Somewhere between Up and Down

Post by Lbill »

Wonder if you are giving limited POA to Quicken also when it accesses your accounts to download transaction data.
"Life can only be understood backward; but it must be lived forward." ~ Søren Kierkegaard | | "You can't connect the dots looking forward; but only by looking backwards." ~ Steve Jobs
fsrph
Posts: 1610
Joined: Sun Jul 26, 2009 7:54 pm
Location: Pa.

Post by fsrph »

downshiftme wrote:How can any service that you give your passwords to be safe? Of course it's not safe. I'm sure they have procedures to guard the accounts and they used to make a big deal about the fact that they do not store the passwords (they pass them to another company to store. lol)

Many people use the service and seem to feel the risks are acceptable. I think this is far too much risk for me and I would never give them access to my accounts. YMMV.
I agree with you that it's too risky for a 3rd party to know your user name/password for other accounts. But, if anyone has outside accounts linked to your Vanguard acccount they do ask for your login info for the 3rd party site. This is if you want VG to refresh your balances from the 3rd party account. However, I do not know if the limited power of attorney language is in VG's terms of use.

Francis
CaptMidnight
Posts: 757
Joined: Tue May 15, 2007 5:58 am

Post by CaptMidnight »

aadwen wrote:What program can I buy that can do all of this safely with no risk?
The first step you might take is to abandon that black and white, either/or approach, in favor of a recognition of assessing levels of risk against varying benefits. While we all know that it is impossible to reduce risk to zero in most cases that hardly implies that risk reduction is futile.

Providing your passwords to another company that does not have a fiduciary responsibility to you merely for the benefit of reporting your transactions with less effort that using Quicken waves a big red flag in my face. We know that most of the hacking (97% is one number I have seen) attacks institutions nots pc desktops on which you are dutifully running a firewall and virus checker. So, providing a rich target for just such an effort seems foolish to me especially when the benefit is something I can provide myself with a little effort and very little cost.
The history of thought and culture is ... a changing pattern of great liberating ideas that inevitably turn in suffocating straightjackets... | --Isaiah Berlin
User avatar
Steelersfan
Posts: 4129
Joined: Thu Jun 19, 2008 8:47 pm

Post by Steelersfan »

CaptMidnight wrote:
aadwen wrote:What program can I buy that can do all of this safely with no risk?
The first step you might take is to abandon that black and white, either/or approach, in favor of a recognition of assessing levels of risk against varying benefits. While we all know that it is impossible to reduce risk to zero in most cases that hardly implies that risk reduction is futile.

Providing your passwords to another company that does not have a fiduciary responsibility to you merely for the benefit of reporting your transactions with less effort that using Quicken waves a big red flag in my face. We know that most of the hacking (97% is one number I have seen) attacks institutions nots pc desktops on which you are dutifully running a firewall and virus checker. So, providing a rich target for just such an effort seems foolish to me especially when the benefit is something I can provide myself with a little effort and very little cost.
That's all very true. But how many hacks have been done exploiting userid and passords stored at sites where they've been stored and used to retrieve (in a supposed read only basis) accounts on another site? My knowledge certainly isn't total, but I don't remember hearing of any. Other types of hacks? Many, and serious ones too.
gh0st
Posts: 12
Joined: Fri May 22, 2009 11:09 pm

I use mint.com to track credit card expenses only

Post by gh0st »

I use mint.com to track my expenses only. Specifically, I have mint tied in to my credit cards, but *not* my checking, savings, or retirement accounts. Since I run most all of my expenses through credit cards the mint analytics are very useful for looking at spending habits. It has completely replaced my old spreadsheet budget.

I figure that in a wost-case scenario I'm pretty safe since credit card companies are usually good about reimbursing fraudulent charges. With cash accounts it's usually not so easy, so I keep them far away from mint.
User avatar
amp
Posts: 345
Joined: Sun May 04, 2008 9:40 am

Post by amp »

There are always tradeoffs. I probably have accounts at something like 10-15 financial institutions. Aside from my primary checking account and my brokerage, I just don't log into most of them very often. Consider the risk if some money went missing from one of those accounts, due to theft or bank error or something else. Mint's aggregation provides a safeguard, so I will be aware of any problematic transactions much quicker than if I had to wait until the monthly statement arrived in the mail -- and that assumes that I'd even notice the error on the statement.

I also like that I can have Mint automatically email me if I get charged any bank fees or transaction charges. A $20 or $30 garbage fee is exactly the sort of thing I would miss on a complex statement with many transactions.
Rajsx
Posts: 1014
Joined: Wed Mar 21, 2007 10:07 pm
Location: Florida

Yodley is great

Post by Rajsx »

After hearing about Yodley on this Post (Ice-9), I linked all my accounts (Quite a few) on their Website. This went very smooth, except 1 or 2 accounts which I am still working on.

DW has been using Quicken, which I find difficult to work with. Yodley gives me a very useful, accurate & up to date Summary.

I will keep you posted of any negatives.

Warm Regards
User avatar
Cloud
Posts: 662
Joined: Wed Sep 12, 2007 12:43 pm

Post by Cloud »

From my bank:
And do not provide your User ID and Password to anyone else! If you do, we will consider any transactions initiated by someone to whom you have given your User ID and Password to have been authorized by you.
eas
Posts: 242
Joined: Sat Jan 10, 2009 7:39 pm

Post by eas »

Cloud wrote:From my bank:
And do not provide your User ID and Password to anyone else! If you do, we will consider any transactions initiated by someone to whom you have given your User ID and Password to have been authorized by you.
In the case that mint / yodlee's servers get hacked and your logon data stolen (and is somehow stored unecrypted / poorly salted ), I would imagine that bit of verbiage still wouldn't matter. You didn't provide the user ID and password to the thief, who is initiating the transfer.
Post Reply