Is Mint.com Safe? Power of Attorney question
Is Mint.com Safe? Power of Attorney question
Is Mint.com safe? It looks like you grant them limited power of attorney by signing up????
By using the Service, you expressly authorize Mint to access your Account Information maintained by identified third parties, on your behalf as your agent. When you use the “Add Accounts” feature of the Service, you will be directly connected to the website for the third party you have identified. Mint will submit information including usernames and passwords that you provide to log you into the site. You hereby authorize and permit Mint to use and store information submitted by you to the Service (such as account passwords and user names) to accomplish the foregoing and to configure the Service so that it is compatible with the third party sites for which you submit your information. For purposes of this Agreement and solely to provide the Account Information to you as part of the Service, you grant Mint a limited power of attorney, and appoint Mint as your attorney-in-fact and agent, to access third party sites, retrieve and use your information with the full power and authority to do and perform each thing necessary in connection with such activities, as you could do in person. YOU ACKNOWLEDGE AND AGREE THAT WHEN MINT IS ACCESSING AND RETRIEVING ACCOUNT INFORMATION FROM THIRD PARTY SITES, MINT IS ACTING AS YOUR AGENT, AND NOT AS THE AGENT OF OR ON BEHALF OF THE THIRD PARTY. You understand and agree that the Service is not sponsored or endorsed by any third parties accessible through the Service.
By using the Service, you expressly authorize Mint to access your Account Information maintained by identified third parties, on your behalf as your agent. When you use the “Add Accounts” feature of the Service, you will be directly connected to the website for the third party you have identified. Mint will submit information including usernames and passwords that you provide to log you into the site. You hereby authorize and permit Mint to use and store information submitted by you to the Service (such as account passwords and user names) to accomplish the foregoing and to configure the Service so that it is compatible with the third party sites for which you submit your information. For purposes of this Agreement and solely to provide the Account Information to you as part of the Service, you grant Mint a limited power of attorney, and appoint Mint as your attorney-in-fact and agent, to access third party sites, retrieve and use your information with the full power and authority to do and perform each thing necessary in connection with such activities, as you could do in person. YOU ACKNOWLEDGE AND AGREE THAT WHEN MINT IS ACCESSING AND RETRIEVING ACCOUNT INFORMATION FROM THIRD PARTY SITES, MINT IS ACTING AS YOUR AGENT, AND NOT AS THE AGENT OF OR ON BEHALF OF THE THIRD PARTY. You understand and agree that the Service is not sponsored or endorsed by any third parties accessible through the Service.
Re: Is Mint.com Safe??? Power of Attorney question.
Don't take this as legal advice, but, its says limited power of attorney, which Nolo.com defines asaadwen wrote:Is Mint.com safe? It looks like you grant them limited power of attorney by signing up????
By using the Service, you expressly authorize Mint to access your Account Information maintained by identified third parties, on your behalf as your agent. When you use the “Add Accounts” feature of the Service, you will be directly connected to the website for the third party you have identified. Mint will submit information including usernames and passwords that you provide to log you into the site. You hereby authorize and permit Mint to use and store information submitted by you to the Service (such as account passwords and user names) to accomplish the foregoing and to configure the Service so that it is compatible with the third party sites for which you submit your information. For purposes of this Agreement and solely to provide the Account Information to you as part of the Service, you grant Mint a limited power of attorney, and appoint Mint as your attorney-in-fact and agent, to access third party sites, retrieve and use your information with the full power and authority to do and perform each thing necessary in connection with such activities, as you could do in person. YOU ACKNOWLEDGE AND AGREE THAT WHEN MINT IS ACCESSING AND RETRIEVING ACCOUNT INFORMATION FROM THIRD PARTY SITES, MINT IS ACTING AS YOUR AGENT, AND NOT AS THE AGENT OF OR ON BEHALF OF THE THIRD PARTY. You understand and agree that the Service is not sponsored or endorsed by any third parties accessible through the Service.
"limited power of attorney
A power of attorney that gives the agent power to handle only a specified matter -- for example, to sign papers completing a single business transaction or property transfer. (Compare: general power of attorney)"
So my reading is it means you are granting them permission to log in to your financial web sites and doing what's necessary to download your account information. That seems entirely appropriate. It looks like that the extent of the power you are giving them.
You should try yodlee.com instead. As I understand it, mint.com based their product on yodlee.com but made it more snazzy looking and for some reason offer fewer accounts.TRC wrote:I used it for about a month canceling my account It was unable to link up a number of my accounts, so it only gave me a partial view of my financial profile. It's free...you get what you pay for.
Between various retirement and taxable accounts, banks, credit cards, credit card rewards, and monthly bills I have 40 accounts currently being tracked by Yodlee. Most of them were already tracked by Yodlee when I signed up. The two that weren't, I made a suggestion to add them on their forum and used their manual account tracking feature until they added them about two months later.
Very handy - keeps track of my net worth, spending by category, and even gives me warnings for certain events I set in advance happening on certain accounts (ie a deposit or withdrawal above a certain amount, a balance reaching a certain % of the limit, etc)
Mint post-Intuit-takeover will no longer be using Yodlee for account aggregation.Ice-9 wrote:
You should try yodlee.com instead. As I understand it, mint.com based their product on yodlee.com but made it more snazzy looking and for some reason offer fewer accounts.
http://www.techcrunch.com/2009/09/18/mi ... s-youtube/Intuit has it’s own back-end account aggregation service that it will use instead of Yodlee.
As someone who is unhappy with Intuit, I don't buy TurboTax and I am looking to get out from under Quicken. If I decide to use an on-line aggregator, I will use yodlee, not mint.
-
- Posts: 6972
- Joined: Fri Feb 23, 2007 6:46 pm
- Location: Allentown–Bethlehem–Easton, PA-NJ Metropolitan Statistical Area
Just a note on Yodlee. It is used "under the coverers" for FIDO's Full View (as input to the Retirement Income Planner - e.g. "RIP") and linked to M* for portfolio/holdings breakdown when using FIDO products.sscritic wrote:As someone who is unhappy with Intuit, I don't buy TurboTax and I am looking to get out from under Quicken. If I decide to use an on-line aggregator, I will use yodlee, not mint.
I use FIDO's services, along with a separate accont on Yodlee (to pick up my non-retirement and CC accounts).
Sorry, I still do use Quicken (as I have over the last 20+ years :lol: )...
- Ron
-
- Posts: 1142
- Joined: Sun Mar 11, 2007 6:11 pm
How can any service that you give your passwords to be safe? Of course it's not safe. I'm sure they have procedures to guard the accounts and they used to make a big deal about the fact that they do not store the passwords (they pass them to another company to store. lol)
Many people use the service and seem to feel the risks are acceptable. I think this is far too much risk for me and I would never give them access to my accounts. YMMV.
Many people use the service and seem to feel the risks are acceptable. I think this is far too much risk for me and I would never give them access to my accounts. YMMV.
-
- Posts: 6972
- Joined: Fri Feb 23, 2007 6:46 pm
- Location: Allentown–Bethlehem–Easton, PA-NJ Metropolitan Statistical Area
Simple; then just don't do it :roll: ...downshiftme wrote:I think this is far too much risk for me and I would never give them access to my accounts. YMMV.
As for me? I have an auto-email sent to me for any transaction (that is ANY transaction) that affects my accounts over $1.
I also "pull" my accounts on Vanguard, Yodlee, FIDO, etc. on a daily basis. I'm well aware of what is happening in my account (and my wife's) on a daily basis.
If anything, it is more timely than anything that happened in the "old days" of receiving monthly paper statements.
But if you don't "trust" the system? Then fine; do what you must, in your situation (I'm not here to "convert" you in any manner )...
- Ron
-
- Posts: 757
- Joined: Tue May 15, 2007 5:58 am
Words of wisdom. It is not possible for any outsider to assess the risk. While probably nothing untoward will ever happen, if it does, you might be ruined. How could a mere convenience benefit be worth that risk?downshiftme wrote:How can any service that you give your passwords to be safe? Of course it's not safe. I'm sure they have procedures to guard the accounts and they used to make a big deal about the fact that they do not store the passwords (they pass them to another company to store. lol)
Many people use the service and seem to feel the risks are acceptable. I think this is far too much risk for me and I would never give them access to my accounts. YMMV.
The history of thought and culture is ... a changing pattern of great liberating ideas that inevitably turn in suffocating straightjackets... |
--Isaiah Berlin
With that logic, you should keep your money buried under your house. Any company is open to being hacked, including your bank, credit card companies, investment accounts, etc. (not just mint).CaptMidnight wrote:Words of wisdom. It is not possible for any outsider to assess the risk. While probably nothing untoward will ever happen, if it does, you might be ruined. How could a mere convenience benefit be worth that risk?downshiftme wrote:How can any service that you give your passwords to be safe? Of course it's not safe. I'm sure they have procedures to guard the accounts and they used to make a big deal about the fact that they do not store the passwords (they pass them to another company to store. lol)
Many people use the service and seem to feel the risks are acceptable. I think this is far too much risk for me and I would never give them access to my accounts. YMMV.
- Steelersfan
- Posts: 4129
- Joined: Thu Jun 19, 2008 8:47 pm
I really like the convenience of accessing cash using my debit card from an ATM, both in the U.S. and when I travel to Europe. Is there a risk? Someone inside the bank or somewhere between the ATM and my bank could steal my account number and password. Sure there's risk, but the convenience way outweighs the risk.
I think that risk is actually greater than giving some information aggregator the right to access my account balance and transaction history.
Disclosure - I worked in technology for a large financial institution who provided both ATM access and information aggregation.
I think that risk is actually greater than giving some information aggregator the right to access my account balance and transaction history.
Disclosure - I worked in technology for a large financial institution who provided both ATM access and information aggregation.
Not the same thing. You have legal/fiduciary protections with banks and brokerages. You have government protections and regulations with banks and brokerages. Mint and similar sites are just marketing programs to offer you a service to sell a product, they are not regulated financial institutions. It seems Mint was trying to sell itself, which is a common marketing program for internet websites. They develop a service that drives consumers to their website and when they reach critical mass they market themselves out to the highest bidder, in Mint's case it was Quicken. Fortunately Quicken is a fairly transparent company, but they are just using their aggregator as a marketing tool to sell you software.With that logic, you should keep your money buried under your house. Any company is open to being hacked, including your bank, credit card companies, investment accounts, etc. (not just mint).
If your bank gets hacked you have a substantial probability of getting your money back and you will have the full force of the court systems to help you, not so with some internet aggregator.
Maryanne
-
- Posts: 183
- Joined: Mon Dec 08, 2008 9:30 am
- Location: Tulsa, Oklahoma
milnt.com
Giving a limited power of attorney to strangers is simply stupid.
Re: milnt.com
I'm with you there.... And what ever happened to your bank not being responsible if you give out your password and it's used to harm you... Once you give out your password to a third party all bets are off and you have no recourse to recover any funds. Good luck.Larry Johnson wrote:Giving a limited power of attorney to strangers is simply stupid.
I agree with you that it's too risky for a 3rd party to know your user name/password for other accounts. But, if anyone has outside accounts linked to your Vanguard acccount they do ask for your login info for the 3rd party site. This is if you want VG to refresh your balances from the 3rd party account. However, I do not know if the limited power of attorney language is in VG's terms of use.downshiftme wrote:How can any service that you give your passwords to be safe? Of course it's not safe. I'm sure they have procedures to guard the accounts and they used to make a big deal about the fact that they do not store the passwords (they pass them to another company to store. lol)
Many people use the service and seem to feel the risks are acceptable. I think this is far too much risk for me and I would never give them access to my accounts. YMMV.
Francis
-
- Posts: 757
- Joined: Tue May 15, 2007 5:58 am
The first step you might take is to abandon that black and white, either/or approach, in favor of a recognition of assessing levels of risk against varying benefits. While we all know that it is impossible to reduce risk to zero in most cases that hardly implies that risk reduction is futile.aadwen wrote:What program can I buy that can do all of this safely with no risk?
Providing your passwords to another company that does not have a fiduciary responsibility to you merely for the benefit of reporting your transactions with less effort that using Quicken waves a big red flag in my face. We know that most of the hacking (97% is one number I have seen) attacks institutions nots pc desktops on which you are dutifully running a firewall and virus checker. So, providing a rich target for just such an effort seems foolish to me especially when the benefit is something I can provide myself with a little effort and very little cost.
The history of thought and culture is ... a changing pattern of great liberating ideas that inevitably turn in suffocating straightjackets... |
--Isaiah Berlin
- Steelersfan
- Posts: 4129
- Joined: Thu Jun 19, 2008 8:47 pm
That's all very true. But how many hacks have been done exploiting userid and passords stored at sites where they've been stored and used to retrieve (in a supposed read only basis) accounts on another site? My knowledge certainly isn't total, but I don't remember hearing of any. Other types of hacks? Many, and serious ones too.CaptMidnight wrote:The first step you might take is to abandon that black and white, either/or approach, in favor of a recognition of assessing levels of risk against varying benefits. While we all know that it is impossible to reduce risk to zero in most cases that hardly implies that risk reduction is futile.aadwen wrote:What program can I buy that can do all of this safely with no risk?
Providing your passwords to another company that does not have a fiduciary responsibility to you merely for the benefit of reporting your transactions with less effort that using Quicken waves a big red flag in my face. We know that most of the hacking (97% is one number I have seen) attacks institutions nots pc desktops on which you are dutifully running a firewall and virus checker. So, providing a rich target for just such an effort seems foolish to me especially when the benefit is something I can provide myself with a little effort and very little cost.
I use mint.com to track credit card expenses only
I use mint.com to track my expenses only. Specifically, I have mint tied in to my credit cards, but *not* my checking, savings, or retirement accounts. Since I run most all of my expenses through credit cards the mint analytics are very useful for looking at spending habits. It has completely replaced my old spreadsheet budget.
I figure that in a wost-case scenario I'm pretty safe since credit card companies are usually good about reimbursing fraudulent charges. With cash accounts it's usually not so easy, so I keep them far away from mint.
I figure that in a wost-case scenario I'm pretty safe since credit card companies are usually good about reimbursing fraudulent charges. With cash accounts it's usually not so easy, so I keep them far away from mint.
There are always tradeoffs. I probably have accounts at something like 10-15 financial institutions. Aside from my primary checking account and my brokerage, I just don't log into most of them very often. Consider the risk if some money went missing from one of those accounts, due to theft or bank error or something else. Mint's aggregation provides a safeguard, so I will be aware of any problematic transactions much quicker than if I had to wait until the monthly statement arrived in the mail -- and that assumes that I'd even notice the error on the statement.
I also like that I can have Mint automatically email me if I get charged any bank fees or transaction charges. A $20 or $30 garbage fee is exactly the sort of thing I would miss on a complex statement with many transactions.
I also like that I can have Mint automatically email me if I get charged any bank fees or transaction charges. A $20 or $30 garbage fee is exactly the sort of thing I would miss on a complex statement with many transactions.
Yodley is great
After hearing about Yodley on this Post (Ice-9), I linked all my accounts (Quite a few) on their Website. This went very smooth, except 1 or 2 accounts which I am still working on.
DW has been using Quicken, which I find difficult to work with. Yodley gives me a very useful, accurate & up to date Summary.
I will keep you posted of any negatives.
Warm Regards
DW has been using Quicken, which I find difficult to work with. Yodley gives me a very useful, accurate & up to date Summary.
I will keep you posted of any negatives.
Warm Regards
In the case that mint / yodlee's servers get hacked and your logon data stolen (and is somehow stored unecrypted / poorly salted ), I would imagine that bit of verbiage still wouldn't matter. You didn't provide the user ID and password to the thief, who is initiating the transfer.Cloud wrote:From my bank:
And do not provide your User ID and Password to anyone else! If you do, we will consider any transactions initiated by someone to whom you have given your User ID and Password to have been authorized by you.