Why I Cancelled Mint.com

For anyone who has been following this blog for the past two years or more, everyone and their kitchen sink and uncle's cousin knows what a huge fan of automated online solutions I am.  For example, I have recently switched over most of my accounts to Tangerine, and as of 2017 I'm able to automatically invest each month quickly and efficiently through my robo advisor account.  This way, when my paycheque comes in, all  of my necessary transactions occur automatically and the information could get downloaded into my Mint app right away.  I could see where I was at with a quick glance whenever I wanted.  No actual time or energy required!

All of the recent research on decision making and willpower is pointing to one truth: that the fewer active decisions we have to make every hour, day, and month, the better our will power is and the higher the probability we will make better decisions.  That's why using automated online solutions is such a massive advantage – it makes good decisions automatically, and it takes none of your finite willpower reserves.  Paying yourself first used to be a mumbled truism that folks struggled with as they had to make active choices each month.  Now my cheque comes into my Tangerine account (which costs me $0 per month) and then on the first of each month a pre-authorized amounts get transferred to Wealthsimple on my behalf.

When it comes to great online tools and keeping my budget and various accounts in order, there is no other app in Canada that does quite the same thing as the Mint app (Mint.com).

I use mint to access my information when I do my net worth updates, to check how I'm doing on my credit card bill so far, (and usually it quickly helps me to go “woah! that's a lot of spending this month, I better tone it down”), and to see how I'm doing toward my mini-financial goals of getting a new car (no don't worry, not a new-new car, an old-new car, do you know what I mean?) and funding my trip to Africa (2017 update: Used a small loan from Borrowell to fund this trip – and paid it off a couple months after).

I loved the design of it, the functionality of it, and the ease of it.

However, there is one thing that I didn't like.

And unfortunately this is a big thing.  A big big thing: My personal information!

To find out whether you should stick with Mint or maybe try another popular budgeting app such as YNAB (You Need a Budget) click here to take our quiz and determine which one is right for you.

Why I Broke Up with Mint.com

Why I stopped using mint.comDon't get me wrong.  Mint.com was fantastic.  We had a great relationship.

He was dependable.  Always delivered.  Was considerate of my need for organization and time management.  Was considerate of my laziness when I was too lazy to check each account individually.  He was damn good looking.

The problem was, I just couldn't see a long-term future with him.

He was like a ticking time bomb.

Sure, he offered commitment… but there's always the what if…

What if unbeknownst to me, he cheated on me with a suave cyber hacker?  I wouldn't be protected and that cyber hacker would run away with all my money.  The dependability and the protection that mint.com offered would be gone.  That reality was just too scary to contemplate.

My mint.com would just shrug his strong chiseled shoulders, avert his eye contact, and say “uhh I don't know what happened.  I'm sorry it happened.  I didn't know it was coming.”  Meanwhile, the banks would say that the breach happened with a third-party provider (mint.com) and they would say that can't do anything about it.

Well, an apology isn't good enough!  My bank account could be wiped out from super computer geniuses I wouldn't be protected.  I always practice safe banking – I need to have protection!

Yes, I've Joined the other Wary Financially Savvy PF Bloggers

I know there are a lot of PF bloggers who are wary of Mint.com.  Many have either not signed up ever with mint.com because they have enough financial diligence to track their expenses through Quicken or YNAB or something similar.

MoneySense magazine (you know I love them) contacted the big five banks in Canada and asked about this issue and they confirmed that “You are responsible for any losses from any use by a third party that provides an online account aggregation service.”

When you give your banking account numbers and passwords to a third party.. if any sort of fraud happens, you wouldn't be protected because essentially you are breaching the contract with your big bank.

Intuit owns Mint.com.  It's safe.  But if something WERE to happen, you wouldn't be protected.

The Vancouver Sun did a great series on Mint.com including one on the safety of Mint.com.  The servers are heavily protected in the Intuit facility and you need a hand print on a fancy door in order to get into the room (yeah just like the movies).  He said that the benefits of mint.com probably outweighs the risks.

However, the possibility of your own mint.com account getting hacked into is easier (people just need to find your password).  However, once they get in, they won't be able to do anything with your money since mint.com is essentially a read-only aggregator of your accounts.

If you have a few hours to spare you can go into detail on the safety of mint.com on the website by Jason Owens.  He also details how he would go about hacking into your mint.com account as well.  It's all way over my head, but it's very scary nonetheless.

I'll Miss mint.com

I won't lie.  There are some days that I really miss mint.com.  The break up was tough on me.  I really loved him.  It had to be done though…

Finding a replacement for Mint.com
My favorite replacement to mint.com is undoubtedly You Need a Budget App. It does come with a price, but the amount of support you would be getting in any form makes it worth it. The best app on the Canadian market in my humble opinion.

Readers, do you use mint.com? 

67 Comments

  1. Jason St-Hilaire on July 2, 2013 at 1:17 pm

    I stopped using Mint.com for the same reasons as you did. I really liked having all my purchases automagically sorted. However it was sometimes having problems connecting to my banks’ websites. And that security breach is just there, waiting to happen.

    I now resort to an homemade Excel sheets with a few bells and whistles to track my net worth and my investments. I tried using YNAB for a while but I find it tedious. Maybe I’ll get to it seriously some day…



  2. Donna P on July 2, 2013 at 2:27 pm

    What if the PFM tool was offered through and secured by your financial institution? Would that make a difference?



  3. Anton Ivanov on July 2, 2013 at 3:17 pm

    The same logic can be applied to pretty much anything – digital privacy and security concerns have always been there (and will continue to always be there). Using Quicken to download your account transaction data, online tax preparation software to file your taxes, or making any online purchase is just as risky as using Mint.com.

    You can make an argument that it’s a magnet for hackers, since it stores so much financial account information in one place, but banks have been targeted by attacks for decades and learned to adapt. Intuit is not a new company and I’m sure they will continue to stay on top of security with Mint and they have been with their other financial software applications.

    I will be staying as a Mint customer.



  4. schultzter on July 2, 2013 at 3:38 pm

    I asked my bank about that a while back and never connected my Mint Canada account to my bank because of that.

    Also, where are the servers located? Canada or the US? Because if they’re in the US then there’s no Canadian privacy laws protecting your information either. Never mind hackers!!!

    Interestingly, RBC uses Yodlee (similar to Mint) so I assume the 3rd party disclaimer doesn’t apply since Yodlee is accessed directly through RBC’s banking site. Although the fact their servers are US-based does concern me somewhat.



  5. Cassie on July 2, 2013 at 8:00 pm

    Nope, I’ve never used mint. While I post financial updates at the end of every month, I post aggregate numbers, so they’re of limited usefulness to someone trying to get into my accounts. Having everything laid out in detail online in one spot just waiting for a hacker hankering for a challenge? That makes me nervous to say the least. I get that some people like it, but its not for me. I have most of my account numbers memorized anyway, so it’s really not that hard for me to check my accounts quickly.



  6. Maya on July 2, 2013 at 8:19 pm

    My husband and I had a huge fight over using mint, I did not want to sign up for it for the exact reason you described, I just didnt think it was worth the risk.

    The compramise I came up wit is that we gave them DH’s old bank account info that only had a little bit of money in it, and we linked it to all our credit cards. since 90% of our spending and bills go through our credit cards I can still use mint for our monthly budgeting. I add our paychecks and the few transactions that come from our bank account manually. It’s a little labour intensive, but it means I have to constantly be on it, which means I’m constantly checking on our spending which keeps us in line.



  7. Sousou on July 4, 2013 at 3:32 pm

    Hi,
    I was a big fan of mint until recently. I read the security policy and found out that their servers keep some of your records even after you delete your account. But I should also mention that mint notified me, way before I could notice it in my bank account, when my credit was fraudulently used.
    I would still be using it if I didn’t have big investments.

    Cheers!



  8. Young on July 6, 2013 at 3:04 am

    @Maya- That sounds reasonable. I am reconsidering this Mint.com breakup thing and maybe just having the credit card bill on there wouldn’t be a bad idea I wonder.



  9. Young on July 6, 2013 at 3:05 am

    @Cassie- I have about 80% of my account numbers memorized but then it pains me when I can’t access the rest because I can’t find my booklet of account numbers lol.



  10. Young on July 6, 2013 at 3:05 am

    @schultzter- interesting! Never heard of Yodlee..!



  11. Young on July 6, 2013 at 3:05 am

    @Anton- Thanks for sharing the Pro Mint perspective! 🙂



  12. Young on July 6, 2013 at 3:06 am

    @Donna P- I think it would for me. As long as it’s not third party.



  13. Money Beagle on July 8, 2013 at 8:56 am

    I have a spreadsheet that I have developed and tweaked over the past ten years, and it’s so customized that I know there’s nothing that could replace it. So, I never jumped on the Mint bandwagon. I can see and understand your reasons. Security is huge.



  14. Ron P on July 12, 2013 at 2:39 pm

    You might want to take a look at GNUcash (www.gnucash.org/). Free opensource software. Runs on Linux, Mac, and Windows.



  15. Greg on July 15, 2013 at 7:14 pm

    I use YNAB, so all fianacial info is on my computer and there are no account password details stored anywhere. I also only have one bank account since you use YNAB to allocate the money, not different accounts. Mint is simpler, buy YNAB is safer and better for budgeting.



  16. Peter on July 17, 2013 at 7:57 am

    Of course banks continually like to remind Mint.com users that bank accounts are not protected from any losses due to a third party that provides an online account aggregation service. The reality, however, is that it seems that banks are more fearful of the transparancy that Mint.com brings in respect to the charges that each and every bank quietly charges their customers. Mint.com easily allows its users to see whenever a bank charges any fee.

    The reality is that:

    1) Intuit, the owner of Mint.com, also provides the same security software for each and every one of the banks;

    2) Even if one were to hack into a mint.com account, you would have no access to any funds; and finally

    3) If one were to access someone’s funds, they would need to hack into the person’s bank account as Mint.com would not provide any necessary information to access any account.

    I am risk adverse as well, however, the transparency of all banking transactions and fees, ease of use and security that mint.com brings in my mind outweighs the opinion of the banks telling me that Mint.com is unsafe.



  17. maggie on July 17, 2013 at 11:31 am

    Hi there,

    Just curious if you then took the extra step to change your bank accounts (i.e., close the old ones and open new ones). If there ever was a breach to your account, would your bank know that you had once given a third party access to your account and on that basis can they then deny any claim for stolen money? Just wondering how the agreements work in such a case. I know if you have your debit card compromised for example, they ask you whether you’d ever given your PIN to anyone.

    Interesting post.

    Cheers!



  18. […] problem with not having Mint.com is that I can’t see my credit card spending as […]



  19. Bobby Smith on August 1, 2014 at 8:42 am

    I work in information security. If/when Mint gets popped all your bank accounts won’t be zeroed out. Even if a breach occurs at a third party, if money is stolen from you, your bank should replace it and run an investigation. Fraud is fraud no matter where it comes from. I use Mint for all my information and have no intention of stopping. For those of you who are thinking you’re safer to use a homegrown spreadsheet… trust me it’s a LOT easier to get into your box then it is to pop Intuit’s servers.



  20. Bruce on October 27, 2014 at 9:42 pm

    UBS wants an explicit confirmation of this risk exposure now:

    As per your request, you authorize and direct UBS Financial Services Inc. (“UBS”) to allow Intuit access to your OLS account. In consideration of UBS complying with your request to enroll in this service, by entering your OLS User Name and password and by clicking the box below, you agree to hold UBS harmless from any loss or damages that you may incur as a result of providing Intuit with your User Name and password, including mistaken identity, unauthorized access to your account, unauthorized use of Bill Pay, Funds Transfer and other means to transfer money and securities, unauthorized acquisition and use of your personal information by others who may access your accounts via OLS.



  21. Jawn Dough on November 4, 2014 at 11:41 am

    Bobby, this is incorrect. Your card holder agreement doesn’t protect you from fraud caused by negligence. If you give away your login details to a third party, you forfeit any protection the bank offers. There was a story years ago of a Canadian who was victim of fraud and never got a penny from the bank because he admitted that his wife knew his PIN.



  22. Stephen on November 21, 2014 at 11:16 am

    I’ve been using Mint for about three years. I originally had these same concerns. But since then, my financial institutions have added the third layer of protection to their website. The third layer requires you to enter a security key or secret question if you log on from an unrecognized computer. Since Mint doesn’t have this information, neither would a hacker. Unless they were already sitting at my personal computer … in which case me and my roommate would need to have a little chat 😉



  23. Rick on December 10, 2014 at 10:12 am

    The really stupid thing is that there are lots of ways that something like Mint could be done without having to give it your banking password. The banks would have to get onboard with the idea that you should be able to give your info to third party websites via their website. The problem is with the banks, not with Mint. Doesn’t help those who would like to use Mint though. The thing I don’t get is why Mint doesn’t have capability to upload a spreadsheet/CSV file – it would be easy enough to create that capability, and then I wouldn’t have to enter my password, I could just download my data from my bank and upload it to Mint …

    For the record, I do use Mint, but just for my credit cards and one chequing account. If those were hacked, it could be a pain, but my financial loss would be quite limited. And between those, my monthly cash flow is 100% covered, I just have to track my investment activity and net worth elsewhere (spreadsheets).



  24. Ruslan on January 19, 2015 at 11:34 am

    Absolutely valid concern, however there are banks that allow to create a read-only guest account which works great for third-party applications like Mint. I won’t name banks I know that provide such feature just not to make any awkward advertising here, but we can discuss privately.

    And if there are some destructive actions made through read-only guest account (which functionality is provided by the bank), the bank is responsible for it.

    That’s how I started to happily use Mint.com and plan to do so as well.



  25. Cory on March 8, 2015 at 12:52 pm

    So we love using mint because it will track our expenses effortlessly



  26. Kyle on March 9, 2015 at 6:17 pm

    I’ve always wondered why it had to be envelopes Cory. Maybe there is an app opportunity there for you?



  27. NameWithHeld on March 20, 2015 at 11:22 am

    Ya I tend to agree with both of you but lean towards the side of why expose myself even more..

    In other words, just because a burglar can break into my house through the window doesn



  28. Divya on May 21, 2015 at 8:33 pm

    I came across this webpage because I googled ‘mint.com for Canada’ and wanted to become a member to get a better understanding of my finances. I haven’t used any of these softwares before and I’m new to this too.
    My question to you is – what are you using now? Is there something you recommend?
    I read your concerns about mint.com and I agree with them; however, for now, I will create an account with it just to experience it 🙂



  29. AntiHacker on June 18, 2015 at 3:06 pm

    It is more likely that your computer will get infected while you are browsing the internet for whatever you browse for, and that your credentials will be stolen that way.

    Mint and all the other budgeting apps encrypt your passwords. So even if they were hacked, now the hackers have to crack encryption to get your password.

    The solution is simple people…and here it is…use MULTIFACTOR or TWO step authentication for your banks. So when you go to login, you have to use your password and another piece of information that is only good for one use. Some banks give you a little device with numbers on it that change every few seconds, other banks text you a code to your phone. Other banks only allow access from a specific IP address or a specific computer.

    Meaning, you need your password, but you also need to use a one time passcode to access your accounts, or access your accounts from a specific location/computer. So even if mint.com or any other app is hacked, and they manage to decrypt the data and get your password, it is useless.

    I like the comments everyone has made, and Young, you bring up some great points, i just wanted to let everyone know that there are some things you can do to lower the likelyhood of getting hacked.

    Also, protect your email account. I mean, you receive statements and account info in your email right? How many of us have gone paperless? Use multifactor for your password and tell your banks to enrypt and password protect your statements when they send them to you.



  30. Horstradamus on June 21, 2015 at 6:14 pm

    Yodlee’s database is located in Canada near Toronto; not the U.S.



  31. schultzter on June 21, 2015 at 10:49 pm

    What gives you that idea? I couldn’t find anything on their web site to indicate where their database is located – but they offices in the US, India, Australia, and the UK, but not in Canada.



  32. robmausser on July 18, 2015 at 3:52 pm

    There is literally zero…zero way that anyone could ever use Mint.com to steal your money.

    This is because its a one way street. Mint is only allowed from the API (that is what your bank uses to add their service to Mint) to view the status of your funds and transactions. Thats it.

    Now, someone could hack Mint but all they would get would be your financial history, which may be unsettling to you. But they could never get your money.

    They would have to hack each of your individual bank accounts first.

    I know you add your banks to Mint by logging into your bank information on that add account page, but that is being handled by your bank, not with Mint. Once you log in, your bank gives Mint a special access hash that is unique to you, your bank and Mint. Its cryptographic, meaning by itself it has no meaning, it can’t be used to hack your bank and even if they could, like I said, it only gives someone access to view your transactions.

    So rest easy that its impossible on a physical level for hackers to take your money with Mint.

    It would be much easier for them to do it straight from your online bank websites, which I am sure you now log into individually on your computer. If I was a hacker trying to take your money, I would much prefer this approach.

    You are actually making yourself more vulnerable by using each of your online banking websites rather than just Mint!



  33. c0d3m4u5 on August 26, 2015 at 4:54 am

    You are more likely to have your bank account compromised by malware you unknowingly download to your PC or by phone and internet scams than by Mint getting compromised.



  34. Cory on September 14, 2015 at 7:49 am

    Update: I’ve joined a startup and we’re making this idea a reality! Rather than overspending every month because I’m using mint, envudu gives you a card that helps you manage the money you actually have! See how much you have to spend before the end of the month (when it’s too late). Check out our website and let me know what you think! www.envudu.com



  35. Ryan on October 16, 2015 at 11:40 am

    I don’t have a lot of money and working on paying down debt and staying in a budget, so my risk is pretty low already.

    Mint.com really helps with seeing where my money is going and the benefit far outweighs the risks for me.



  36. Gabriela on November 7, 2015 at 4:41 pm

    I canceled because both of my credit cards were hacked within days of starting the use of Mint.com. I have charges in over hundreds of dollars charged in states not even close to mine and a facebook charge of $250?!?!?! Thank goodness my banks are great and took care of everything right away. canceled mint.com account so quick.



  37. Lee on December 8, 2015 at 11:36 am

    What robmausser says just above. I’ve used Mint for 3 years with absolutely zero problems. Even getting passwords to my logins for bank, etc, isn’t going to do any good as I’ve taken other steps to ensure that my accounts are safe (PINs texted to my cell phone for example).



  38. J Randomme on January 7, 2016 at 8:25 am

    Hang on a second. You say your accounts will be wiped dry, and then you say “However, once they get in, they won



  39. Schultzter on January 8, 2016 at 9:58 am

    It’s two issues I think:
    1. The Mint web interface won’t let you do any thing (read-only) but Mint has your passwords, so if some one hacked the Mint server database and got your password they could then log into your actual bank’s web site and conduct transactions.

    2. If they only got into your Mint account they would still be able to gather enough personal information to then call your bank and impersonate you. Things about your bank account that should only be available to you via the bank’s systems (web, ATM, statements, etc) but are now on Mint too because they copied it or you entered it.

    For me the killer, no matter how good Mint’s security is, is that your banking agreement makes you liable if you give your password to anyone else. If the bank is hacked then at least my money is insured, but if Mint gets hacked I doubt they are insured and I know I definitely don’t have insurance against Mint getting hacked.



  40. Rob Bairos on January 14, 2016 at 8:39 pm

    Its more likely you have malware on your computer siphoning off your keyboard strokes, or shopped at some online website with poor security.
    In that case, deleting your mint account would have little effect.



  41. J Randomme on January 17, 2016 at 11:56 pm

    Thanks for clarifying, and the author needs to hear that this IS a fantastic article (great work, really), but the mere ‘read-only’ access was confusing in the context of a security threat of accounts being ‘wiped’. Again thanks for the response. As a freebie, some personal insurance/renter’s insurance packages in Canada now include e-theft/ID-theft coverage. Where your bank will not cover you, your personal insurance may! (But it’d be subject to a deductible fee of course). I am not sure if they would have an issue with the banking passwords on third-party sites and deny you coverage however. That’s something each person would have to look into when purchasing personal insurance.



  42. Kyle on January 18, 2016 at 8:20 am

    That’s good information J Randomme. I may have to look into that a little deeper as an article idea!



  43. Brian on January 19, 2016 at 12:22 am

    Oddly enough, you don’t seem to spell out exactly why you stopped using Mint.com, in an article titled “Why I Cancelled Mint.com.” You go into potential security concerns, but then immediately dismiss them in detailing Intuit’s apparently top tier security platform.

    This article is missing a conclusion. So what is it?



  44. mint user on January 23, 2016 at 3:24 pm

    This concern is completely mitigated if you use banks that have a “Saver ID” like Capital One 360 (previously ING). They offer a unique password that only allows read only access to your bank. This is the code you give Mint instead of your real password so your money is in no danger.



  45. Jacques on February 22, 2016 at 1:40 pm

    So how is keeping your information on a spreadsheet, notebook, day-planner, quicken, or YNAB any different? It all can be considered third party.

    Its simple, if you get hacked you don’t tell your bank you use Mint. Like Bobby said, it is a lot easier for a hacker to get your personal files then crack mints intense security
    .



  46. robmausser on April 13, 2016 at 10:00 am

    @Schultzter

    Mint does not have your passwords. They have a unique, unencryptable hash key that was created by your bank account in order to connect Mint to your bank.

    You enter your login information with your bank, and your bank sends a unique API key to Mint.

    That API key can only access certain bank info in a read only format. It can’t be used to get into your account.

    Mint never stores your passwords for your bank.

    Do you really think your bank would let a third party app have this information?



  47. Anthony Cho on April 27, 2016 at 12:34 pm

    4/27/2016

    I’m still using Mint despite the irky privacy statement below. I’m not concerned about security issue at all (I update mine every few months), but I’m more concerned about their transferring customer data to an acquiring company if they’re sold.

    “If Mint or its assets are acquired by another company, or in the event of a merger, consolidation, change in control, transfer of substantial assets, reorganization, or liquidation, we may transfer, sell, or assign to third parties, information concerning your relationship with us, including, without limitation, personal information that you provide and other information concerning your relationship with us. Such 3rd parties will assume responsibility for the personal information collected by us in connection with our business operations or through our Sites and such third parties will assume the rights and obligations regarding such information as described in this Mint Privacy Statement.”



  48. Laura on May 13, 2016 at 10:08 pm

    Note that in the Privacy Statement mint.com can “at their sole discretion” turn over your account to any law enforcement or regulatory agency. Just because you have nothing to hide does not make this violation of the 4th Amendment okay. Check out the documentary “Terms and Conditions May Apply.” I’ve been using Mint to figure out my financial situation after a separation, but I don’t see how it makes sense to continue with Mint.com with such a one-sided (“screw the user”) privacy policy.



  49. Juliette Giannesini on May 15, 2016 at 8:54 pm

    I wanted to adopt Mint but I found out it doesn’t synchronize with Scotiabank bank account. Considering the bank publicly said that it found Mint risky for all the reasons you mentioned in the article, I’m assuming they aren’t trying to fix the glitch.

    So I canceled the Mint account I had just opened, and I’m back looking for a good budgeting software!



  50. Anthony Cho on May 16, 2016 at 11:14 am

    Juliette,

    That’s interesting because I’m using Tangerine chequing/savings/TFSA accounts on my Mint account and they’re owned by Scotiabank.

    Can you share the URL where I can find more information about the Scotiabank’s statement for my own reference?

    Thank you.



  51. MrSLM on May 19, 2016 at 9:13 am

    Found this post while searching for mint finance Canada 🙂 I’ve seen the service recommended time and time again by bloggers, and even by some coworkers, but having a setup where one site knew all my passwords and info felt a bit like playing with fire. I can probably whip something up in python to automagically sort everything, it’ll just take some time and effort.



  52. Angela on June 5, 2016 at 10:35 pm

    Hey! Does merely closing the mint account resolve the issue with the banks so that you become protected for fraud again? Or are there any further steps you must take?



  53. Alejandro Martinez on August 31, 2016 at 8:27 am

    I’m no conspiracy theorist, but then again I’ll be right now… because it’s been a long time and I see no progress.
    The easy way to remedy this is to have a read-only password for your bank accounts, a password that cannot let you use your account, only “see it”, this password is the one that should be given to Mint.com not the full access send, wire, pay bills password.
    Easy fix, no advancements on that.



  54. Ev on September 1, 2016 at 12:45 pm

    The article makes no sense, whenever it was published. Banks have for years now made it so that computers that previously haven’t accessed a bank account require a 2nd form of authentication. In other words, I could list all my financial institution’s passwords online and it wouldn’t make a damn bit of difference, as someone logging into a bank with those passwords will be required to enter the 2nd form of authentication (e.g. enter a code from a text message to an pre-authorized phone, answer a security question, etc.). So unless you’re dumb enough to have a security question whose answer is easily searchable online (like your birthdate), then basically Mint isn’t any more of a risk than keeping your passwords on your computer, which can frankly be a lot more easily hacked than Intuit. By a long shot.



  55. theSPOOLER on September 7, 2016 at 2:58 pm

    The banks that provide a read only password sound like a great idea.

    For those that don’t, it seems to me simply changing your banking password after adding an account on Mint will mitigate any issues. If the banking username/password is truly only provided to authenticate who you are (like showing your driver’s license or passport), once the token (unique number that lets your bank trust Mint) has been saved by Mint, your password should no longer be needed to pull your banking data into Mint. Now you can sleep at night.



  56. Jim Somerville on October 19, 2016 at 11:40 am

    This should be a technical solution. OAuth2 is a mechanism that most tech services like Google, Microsoft, Facebook, etcetera utilize for a user to allow a third party to access content from their site. User credentials (username/password) are not stored or entered in the external site, permission must be granted by the end user, and permission can be revoked by the user at any time.

    In this case, it would be the banks providing OAuth2 capabilities for integration with Mint. Banks probably do not want to create this capability. They would blame OAuth2 for not being sufficiently secure. But, this is likely a red herring argument to disguise the real reason: banks want you visiting their sites so they can sell you new services.



  57. nancy on November 23, 2016 at 3:33 pm

    We used to LOVE Quciken until it sold. 2016 is a disaster, no support, just the same thing over and over. Will update, then it won’t. Crap software. Anyone using Wifi on their PC or other device can be hacked. I NEVER make purchases on a phone, for instance, too easy to hack. Quicken needs some good competition. Sadly none’s there. I may try Mint, as others rated it pretty good.



  58. Doug Mehus on November 27, 2016 at 8:17 pm

    First, in the interest of full disclosure, I don’t use and have never used Mint. However, I think it’s a valuable, easy-to-use and time-saving personal finance tool that should not be discounted and to which I’m warming.

    The issue I’d had was, by giving your username and password for a bank account, regardless of their security practices (which seem as good or, in some cases, better, as they offer optional two-factor authentication, than the major banks) , you may be invalidating your “security guarantee” with your major bank. However, as I understand it, RBC’s own internal “RBC Finance Tracker” and many credit unions’ money management tools use a “third-party service to aggregate” your balance and transaction histories from your various external bank accounts once linked. This is the same as Mint so I’m not sure their argument holds any water anymore if they’re doing the same. Similarly, they also partner with SecureKey Concierge and the Government of Canada to use your online banking sign-in details to access Government of Canada services. It’s a bit different but, nonetheless, similar.

    Moreover, even when I worked in the bank, I would occasionally tell people that happened to use a money management service such as Mint and happened to have their bank account compromised, to just tell the bank they didn’t use any service such as Mint if asked. It’d be extremely difficult to prove and, so long as your bank account was legitimately compromised, you should have a right to have the funds reimbursed by your bank at its expense. No?

    Cheers,
    Doug



  59. Peter on January 10, 2017 at 4:37 pm

    This article applies only to Canada. In the US, under federal regulations, banks are liable for any unauthorized spending even if the user transmits the login information to a third party as long as the user did not authorize the third party to conduct transactions.



  60. Brian on March 7, 2017 at 2:16 pm

    I feel you. Now that Mint.com added bills, I’m outta here. I.e. They went from the relative safety of read-only to murky land of read-write. On a side note, I have yet to find a local application that acts like Mint with regard to online accounts. Most of the software out there is ledger software and I LOATH ledger software. I want a solution that simply shows my current balance from my bank and uses the transactions simply for budgeting.



  61. Doug Mehus on March 8, 2017 at 11:28 am

    The curious thing about the “Big 5” banks and/or major credit unions that loathe personal finance apps like Mint, which I have no problem with so long as they can prove they meet strict security standards in terms of usernames & passwords at the same or higher level than the average of the “Big 5” banks and/or major credit unions, is they’ll launch similar personal finance-consolidating “tools” that sign in to your external bank accounts to consolidate your personal finance information into a single “dashboard” (i.e., BMO, RBC and First West’s various divisional “brands” all offer this service, among others). Aren’t they “compromising” your banking agreements with other financial institutions? If anything, I think that should mean Mint should be an appropriate exemption from that section of one’s banking agreement – or at least a valid argument in court should a consumer be forced to sue their bank that would deny reimbursement for fraudulent activity on their account. 🙁



  62. Suzanne on April 28, 2017 at 9:03 pm

    Doug is right. Banks would rather you use their dashboard and import all of your other accounts to their convenient PFM software because they will use the information to market products to you. I know this because I work for a bank and just sat through a demo of software that would give that capability to our marketing department.



  63. alon on June 10, 2017 at 7:22 am

    When a user is required to sign up to the company web site and hand over his/her account numbers, user name, password etc …it raises a major concern about security and data usage.
    I believe that perhaps private information should remain private and not stored or viewed by anyone else than the actual owner of the information.
    That is why i use Geltbox money – it doesn’t use any third party Aggregation site.



  64. Brian Clendinen on June 15, 2017 at 3:56 pm

    A mint breach would actually not be a big deal if my banks offered physical security token authentication for any withdraws that were not done via check or atm card. That way even if they were able to log into my account they could not transfer any money unless they someone broke the banks servers which kept my specific security token (or physically stole my token). I would pay extra ($50 to $60 a year but not over $100 a year) for this service but only very large account holders and business are given this option in America. I have been told this it normal practice for consumers in European banks. So its really the banks fault that they suck and don’t allow me to have extra security even though they could charge me for it.



  65. Anthony on June 20, 2017 at 11:13 am

    This is a non-issue with strong passwords. If you don’t use password managers like LastPass or Dashlane to generate strong passwords and get your bank accounts hacked, it’s your fault.

    I’ve been using Mint since 2011 and have never had a security issue.

    Enjoy Mint.



  66. sthomas on July 24, 2017 at 6:38 pm

    I’m considering using Mint but want to get some more information before deciding. Can anyone give me an opinion on how safe they think this would be when linked solely to a credit card? I exclusively use my CC to make purchases (I get cash back, +more secure) but I’m not sure who would be responsible in the case of a data breach, my cardholder or Mint.

    Also, can anyone tell me what sort of fees they racked up by using Mint? Thanks!



  67. kotoula01 on September 28, 2017 at 6:30 pm

    My son signed up for mint and had $1200 stolen out of his account thru a mint hack in Calgary. The bank would not reimburse him so he was just out the money. I wouldn’t use mint because I know someone personally who has been hacked. Luckily that account didn’t have more or he would have lose more.



Leave a Comment





77 Shares
Pin5
Tweet12
Share43
Share
Email
+117