Mint is impressive at first glance: Great application, slick user experience design, and an innovative idea that offers real-world benefits to the average Joe.
For those of you not yet familiar with Mint.com, TechCrunch offers the following description: "Mint is a personal finance application that lets users track and monitor their financials in one place without the need of routine maintenance or accounting knowledge. Their application tracks bank, credit union and credit card transactions and alerts users to upcoming bills, low balances or unusual spending. Mint’s patent-pending technology automatically categorizes transactions, so users know with precision where they are spending money, what their bank and credit balances are, and how much interest they have earned. Their application also helps people find ways to save money by constantly searching for deals on credit cards, bank accounts, etc."
Stop and Smell the Mint Leaves
I may have brushed over a key fact with a little too much nonchalance. Let's take a look at the summary above one more time. To use Mint.com, the user must provide access to personal bank accounts and credit cards. Although Mint.com claims that they use the same type and level of security as top banks, that feature should send up some red flags. Essentially, Mint.com is collecting and storing all your banking information.
Such practices raise a series of questions: Is it safe? What about identity theft? Do you really want to give your precious personal information to a start-up? (The company did win the $50,000 dollar award at TechCrunch40 - let's hope all that money is going towards security).
Even the Big Dogs Get Attacked
Think security breaches aren't all that common? Think again. Earlier this month, the respectable brokerage firm TD Ameritrade had to notify their clients that a hacker gained access to a portion of the company's client names, email addresses and phone numbers. Any one of TD Ameritrade's 6.2 million clients can expect spam email in their inbox, likely an attempt to promote a particular stock. Although highly advanced, TD Ameritrade had no idea about the breach until users began receiving spam at email addresses that they only use to receive messages from TD Ameritrade.
Although TD Ameritrade immediately denied the incident, further investigations forced the brokerage to later (and I mean much later) recognize the occurrence. The statement acknowledging the hack and compromise of personal client information was not released until the company could report that the issue was fixed - over a year after the incident took place. Many believe that the hack may have occurred as early as 2005, while the official TD Ameritrade announcement did not come until mid-September 2007. Not the finest moment for TD Ameritrade, to say the least. I'm no math whiz, but even I know: slow response + poor security = dwindling customer base.
If it is that easy to hack into a well-established company such as TD Ameritrade, can users trust that their precious information with the start-up Mint.com? Mint will face challenges as they attempt to gain the trust of mainstream, financially-savvy consumers. I would feel a lot safer if Mint's application was on a trusted site, such as Yahoo! Finance or Intuit. Do I smell a good buy?
The nobosh Bottom Line
One thing is for certain, hackers worldwide must be drooling over the opportunities provided by Mint.com; rather than being forced to apply their tricks of the trade across multiple sites, they can target their efforts on a single source of personal banking and financial information. A dream come true for hackers, but is it too great a risk for you?
For more on Mints Security practices click here.