It seems to me that using mint.com should not lose the protection of the policy because Vanguard and mint.com have an agreement pursuant to which Vanguard allows mint.com to aggregate financial information from Vanguard. But Vanguard appears to have decided otherwise. The way I read the response below, if your account is hacked because you gave your username and password to mint.com, Vanguard may choose not to reimburse you. I was going to email for clarification on that issue – if I give my username and password to mint.com, but my account is hacked not because of that, but because of spyware or pharming or whatever, is the policy effective? But then I figured, what’s the point. I don’t know enough about online security to know if you can even determine how the account was hacked (something you did, a screw up on Vanguard’s end, a screw up on mint.com’s end, or some other way?). And regardless, it just seems like it’s too easy of a basis for Vanguard to avoid liability, so it’s not worth the risk.
It’s too bad – I think mint.com was a really convenient service, and in fact it helps me fight fraud because it takes me 30 seconds every morning to review transactions for all my accounts to see if anything inappropriate has happened. But I think the safest thing is to delete all my accounts from mint.com (including credit cards and checking accounts – I already use different passwords for financial accounts, email accounts, work accounts, and all other accounts, and I don’t write any of it down, so it’s too much for me to remember different passwords for all my different type of financial accounts), delete my mint.com account, and then change all my financial account passwords.
I still am following up with a reply email to recommend (1) that Vanguard rewrite their Online Fraud Policy to make it more clear with respect to mint.com-like services, and (2) that Vanguard provide their accountholders the opportunity to use a security token authenticator, which seems to be a mostly foolproof way of preventing anyone from accessing your account online. I’ll keep you updated on their response.
Thank you for taking the time to contact us.
Vanguard takes the security of your account very seriously, and we apply
strict security measures before releasing information about a specific
account or processing a transaction.
Our online policy does not protect against unauthorized transactions that
may occur from sharing your username and password with a third-party
service. We will review all cases of possible fraud on a case by case
basis; however, we can make no guarantees that you will be reimbursed. Our
policy only protects online accounts handled through Vanguard. Outside
aggregators may open you up to possible fraud which we cannot protect