Why does Mint need my bank login information (username and password)?
Mint needs this information to establish a secure connection with your bank, credit union or credit card company. This enables Mint to download and categorize your transaction information securely and automatically.
(transiit: That word "automatically" worries me. Hang on to that for a moment.)
Can Mint employees view my online banking username and passwords? Do you store my bank login information on your servers?
No, Mint employees can’t view your banking username and passwords. We do not store this information at Mint. Your banking login credentials are securely stored by our online financial service providers. Your Mint login credentials are not shared with these providers.
(transiit: remember "Automatically"? They don't store it, but they've got automation down? But what a great pass-off, your information is stored by their "online financial service providers" Who are they? Did you catch that Mint.com was giving your bank login to a third party? Good news, your Mint.com login is not shared with those providers.)
Am I at greater risk of someone stealing my identity by using your service?
No, as Mint does not require any personally identifiable information for you to create an account. Mint only asks for the following:
* Email Address
* Zip Code
At no time do we ask you for information that would be required for a hacker to steal your identity, such as your full name, bank account numbers, credit card numbers, billing address, telephone number or Social Security number.
(transiit: By their nature as a web service, they can determine your IP address. If the RIAA/MPAA can identify and subpoena those dirty, dirty filesharers from a single data point (tongue in cheek), do you feel comfortable that your email address doesn't identify you? If you're comfortable with that, go poking around your financial institution's online banking interface. Does it give details like your name, bank account numbers, credit card numbers, billing address, or telephone number? (I'm really, really hoping it doesn't have your SSN anywhere, but hey, we're not talking one single institution, go look for yourself))
Can Mint employees view my bank account numbers or credit card numbers?
Mint uses only your account login credentials for access to your account information and Mint does not store these credentials.
(transiit: I sincerely hope they are being honest here...but...first, it takes them on their word that they don't store any information. second, it doesn't account for any information stored outside of policy. What if a developer leaves some debug flag on that logs all transactions? What if a rogue developer leaves a backdoor in for their own purposes while employed by Mint.com? I guess they could mitigate such things through rigorous engineering processes, but we're still taking their word for it.)
How can I protect my Mint account?
* Don’t share your Mint password with anyone.
* Make sure that your password is complex, including both numbers and capital letters.
* Be certain that you have virus protection and a firewall on any computer you use to access Mint.
* Don’t install programs from people or companies you don’t know.
* Learn to prevent identity theft and identify Phishing attempts.
(transiit: cookie-cutter answer.)
If someone does manage to steal my Mint log in information, can they access my bank accounts and credit cards to make any transactions?
No, as Mint provides a strictly “read only” view of your transaction information. Your online banking user names and passwords are never displayed after you enter them during your first session.
(transiit: What does "read only" mean? They can only "see" your recent transactions? Remember, they already said they don't store your login info, so how do they keep up with that view?)
How can I close my Mint account?
1. Login to your Mint account.
2. Go to “Your Profile”.
3. Locate the “delete Mint account” option under “More Options”.
4. Your Mint account data will be removed within 48 hours.
(transiit: Um, ok.)
Where can I find out more about the technology that protects my information?
* Mint’s Privacy and Security Policy
* Mint’s Security Technology and Practices
(transiit: and here we are.)
They also provided a nice video explaining how much the founder cares about security.
Here's the thing, the financial institution that I bank with is really big on tacking on features that make them seem like a better value for hanging onto my money when I'm not actively using it. So in the last year or so I've seen them add on things like "online bill payment" and "transfer money to an outside account". Mint.com might have a great model of how their portion is "read only", but if you've got access to my login, I already know of ways that you could transfer my deposits somewhere else. Assurances that they don't store the information ring a bit hollow with their claims of automation, and that thing about "our online financial partners" storing my login information...well, frankly, it scares the shit out of me. I've no clue who they are, and as Mint.com's current reputation is "We say we're secure.", I can't say I trust them either.
Frosting on the cake is the video. I might be paranoid, but that doesn't make Mint.com any more trustworthy. What I see is a long chain of people that I'm supposed to trust...it only takes one employee to make a YouTube video, and it only takes one employee to break that chain of trust.
From my standing, I protect my bank account by not readily giving out any details to anyone without a strict need-to-know. You might feel differently, all I'm suggesting is that you're increasing your risks, even with such a "convenience" as Mint.com.