October 10, 2007

Mint.com: Great concept, bad execution.

There is a new service out that allows you the convenience of only having to visit a single place to view all of your financial data. You can see the balanced of all of your credit cards, see how much money you have in each of your banking accounts, and schedule reminders so you don't make any payments late. It sounds like a wonderful tool. Heck, they even claim to be secure! Lets take a look at their "How we keep you safe" section and determine just how secure they are.

From Mint.com (text in red are my comments)

"Mint works quite literally every day to make your data secure. Here's how:"

  • All data storage is encrypted. Not only are our hard-drives encrypted, our servers are in a secure facility protected by biometrics palm scanners and 24/7 security guards.

    I have worked with and visited several of these types of secure facilities. And yes, they do have palm scanners and 24/7 security. The problem is all the server racks are in a open area, in little lockers secured by combination locks. So as long as you are a customer of the facility, you have physical access to the lockers that have the servers. Breaking into a combo lock isnt all that difficult, and neither is becoming a customer of these facilities.

  • SSL prevents eavesdropping. Communication between your browser and Mint occurs using 128-bit SSL, the highest industry standard. This prevents hackers from being able to listen-in on or "tap" a conversation. Data is delivered to you and you alone.

    This is misleading. It does not prevent "hackers" from listening in on the conversation. What it does is make the data they collect look like garble because it needs to run through the encryption algorithms.

  • Bank-level standards are used. This includes encryption, auditing, logging, backups, and safe-guarding data.

    "Bank-level Standards" sounds great right? unfortunately Ive worked with a bank or two and their standards aren't that high, especially smaller credit unions. But backups don't protect your data, neither does logging or auditing. Logging shows things after the fact (so they can trace what was done) backups just save a copy of your info to another place (FYI: most backup servers are less secure than the live ones, so they are a target for people looking to exploit a company)

  • We hack our own site. Mint runs thousands of tests on its own software to ensure security. We scan our ports, test for SQL injection, and protect against cross-site scripting. We also update and patch our software all the time.

    Good, they do penetration testing. So assuming they have the best hackers in the world (they don't) and an army of them (they don't) they might find all the holes. (they wont)

  • Mint uses industry standard secure account aggregation. Mint uses Yodlee to connect to your financial institutions. This is the same back-end aggregation system used by Bank of America, Fidelity, and Microsoft Money. Yodlee’s security practices have been audited by the NSA, Visa, Mastercard, and numerous major banks.

    They are using a secure back end, which is a good thing. I have nothing bad to say about this. Although, this assumes they have it configured properly (which I think is a good assumption) and the rest of the server is configured securely.

  • Mint is independently verified secure. You don't have to take our word for it. Mint has been audited by Verisign, as following the industry security practices.

    It is good to know that they have out-side auditors looking at them, but even that doesn't guarantee the security, it helps, but companies like verisign can only test for flaws they know about. The good hackers look for flaws that people don't know about.

The main problem I have with Mint.com is that it's users are "putting all there eggs in a single basket". You are trusting a single company with all of your credit cards, all of your bank information, all of the user names/passwords for these accounts. Even if there security is flawless (which it wont be) this still has the potential for an employee of that "secure building" they leave there servers in walking out with a hard drive with all your data. Or one of Mint.com's employees taking it all. Online banking is a huge convenience, I do it, but if one of my accounts is compromised, then its just that one, its not all of them. The likely hood that my 3 banks, and my credit card companies all get hacked at the same time is next to nothing. But because Mint.com is this central point for all this information, they will be a target. And one little breach could mean all of your financial data is now in the hands of someone else. To top it all off, Mint.com is inherently less secure than most bank websites, because it needs to not only save your user name and password, it needs to then retransmit that info to different banks. So the normal 1-way hashes that have been the standard for password authentication wont work because they need to encrypt the data, then unencrypt it before sending it out. (yes they re-encrypt it before sending, but it still means that it is possible to get your real username/password)

Mint is offering a huge convenience (and a good product if you ignore the glaring security flaws), and it will get better. But is spending a little less time (heck even a lot less time) looking at your financial worth the risk of having all of that data stolen from a single location? I know I wont be using it.

I'm glad to say I'm not the only one with these concerns. Check out nobosh.com's review

I'm also waiting on a reply from Mint.com directly to see if we can get some of this addressed. I will post any info I don't think is complete fluff here to keep folks updated.

I never heard back from them.

More info on their security and general practices can be found on the Mint.com Forums

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google