Mint.com and Vanguard Online Fraud Policy

Have a question about your personal investments? No matter how simple or complex, you can ask it here.
Post Reply
Topic Author
James Cody
Posts: 10
Joined: Sat Apr 03, 2010 11:56 am

Mint.com and Vanguard Online Fraud Policy

Post by James Cody »

I’ve been researching a lot of past threads about Vanguard’s Online Fraud Policy, and it seems that a somewhat unsettled issue in this forum (and elsewhere) is whether using mint.com or another aggregator of financial information violates the Online Fraud Policy (because you’ve given your username and password to another person) and thus causes you to lose protection of the policy. So I emailed Vanguard and asked them. The response is copied and pasted below.

It seems to me that using mint.com should not lose the protection of the policy because Vanguard and mint.com have an agreement pursuant to which Vanguard allows mint.com to aggregate financial information from Vanguard. But Vanguard appears to have decided otherwise. The way I read the response below, if your account is hacked because you gave your username and password to mint.com, Vanguard may choose not to reimburse you. I was going to email for clarification on that issue – if I give my username and password to mint.com, but my account is hacked not because of that, but because of spyware or pharming or whatever, is the policy effective? But then I figured, what’s the point. I don’t know enough about online security to know if you can even determine how the account was hacked (something you did, a screw up on Vanguard’s end, a screw up on mint.com’s end, or some other way?). And regardless, it just seems like it’s too easy of a basis for Vanguard to avoid liability, so it’s not worth the risk.

It’s too bad – I think mint.com was a really convenient service, and in fact it helps me fight fraud because it takes me 30 seconds every morning to review transactions for all my accounts to see if anything inappropriate has happened. But I think the safest thing is to delete all my accounts from mint.com (including credit cards and checking accounts – I already use different passwords for financial accounts, email accounts, work accounts, and all other accounts, and I don’t write any of it down, so it’s too much for me to remember different passwords for all my different type of financial accounts), delete my mint.com account, and then change all my financial account passwords.

I still am following up with a reply email to recommend (1) that Vanguard rewrite their Online Fraud Policy to make it more clear with respect to mint.com-like services, and (2) that Vanguard provide their accountholders the opportunity to use a security token authenticator, which seems to be a mostly foolproof way of preventing anyone from accessing your account online. I’ll keep you updated on their response.
Thank you for taking the time to contact us.

Vanguard takes the security of your account very seriously, and we apply
strict security measures before releasing information about a specific
account or processing a transaction.

Our online policy does not protect against unauthorized transactions that
may occur from sharing your username and password with a third-party
service. We will review all cases of possible fraud on a case by case
basis; however, we can make no guarantees that you will be reimbursed. Our
policy only protects online accounts handled through Vanguard. Outside
aggregators may open you up to possible fraud which we cannot protect
against.
Topic Author
James Cody
Posts: 10
Joined: Sat Apr 03, 2010 11:56 am

Re: Mint.com and Vanguard Online Fraud Policy

Post by James Cody »

Below is my reply with my two suggestions:
Thank you very much for your response. If I may, I would like to make two recommendations. First, I suggest that Vanguard revise its Online Fraud Policy to make it clear that sharing your username and password with mint.com or similar services can result in being unprotected by the policy. I've done quite a bit of research and read many articles and searched many forums, and it seems like no one is clear whether using mint.com violates the policy, particularly because Vanguard does have an agreement with mint.com allowing mint.com to read financial information at Vanguard. I think it would be very useful to people to clearly know that they shouldn't use mint.com if they want to ensure that the policy to be effective. Second, I would highly recommend that Vanguard start letting accountholders buy from Vanguard and use security token authenticators with their accounts. Etrade, for example, allows this service, and the authenticators are a pretty foolproof way to ensure that no one can hack your online account. I think it would put many accountholders at ease to have such a service.
User avatar
prudent
Moderator
Posts: 7990
Joined: Fri May 20, 2011 2:50 pm

Re: Mint.com and Vanguard Online Fraud Policy

Post by prudent »

They need to implement a type of restricted login that could view your account but not initiate transactions.
User avatar
tfb
Posts: 8397
Joined: Mon Feb 19, 2007 5:46 pm

Re: Mint.com and Vanguard Online Fraud Policy

Post by tfb »

prudent wrote:They need to implement a type of restricted login that could view your account but not initiate transactions.
To make people not come to Vanguard.com as often and get everything from mint? How would Vanguard convey the Vanguarding message then? Not sure why Vanguard would want to spend money on doing that.
Harry Sit has left the forums.
Post Reply