>

October 27, 2007

Geezeo: Financial Aggregator meets Social Network.

I recently had the opportunity to speak with Peter Glyman, Co-Founder of Geezeo, a new financial aggregator and account management site. As you can tell from my previous review of Mint.com, I am not a fan of services like this. My primary concern has always been the thought of putting all of my account information in a single place, and while this is not something I am comfortable doing, others may not have the same qualms, so I decided to move beyond that and take a look into the other concerns I had.

Q. One of your competitors, Mint.com, states that they do not actually store any customer financial data, they just gather it then Yodlee stores it. Is your set up similar to this, only using Cash Edge as the back end?

A. Cash Edge powers all of our account aggregation. We don't store the bank login information or account numbers, but we do store your transaction and balance information in an anonymous database so that we can analyze it. The connection to this database is encrypted and can only be made using your Geezeo password. Not even Geezeo developers or system administrators can access it. (This applies to our backups as well; no identifying information is in database).

Q. How long is user data kept once a user cancels their account? (Including the time until backups with their info is purged)

A. All of your financial data is destroyed immediately when you delete your account. We only keep two days worth of data in an encrypted backup in case our database server goes down. So your data exists in the backups for only two days after account deletion.

Q. How long does Cash Edge hold user information once an account has been canceled?

A. As soon as you click on the "delete" button, after your financial data and user data have been deleted, we make a call to Cash Edge to delete your account (and all included login information) from their server. So all the data is deleted at the same time (when you click the "delete account" button on our site).

Q. How often do you backup user’s information? Are backups kept off site? Is the location of the off site back secure?

A. We make complete snapshots of the database every 15 minutes and retain them only for 48 hours after which they are deleted. We use Amazon Web Services for all our hosting. Nothing is stored at Geezeo. Amazon offers a very secure, cost effective, scalable environment and has been a fantastic business partner for Geezeo.

Q. What are your thoughts on the concern that using sites like Geezeo may be dangerous because users are "putting all their eggs in one basket" by entering all of their financial data in a single place?

A. I think that's an individual decision. Some people will never be comfortable aggregating their accounts and for others, it's a non issue. Personally I don't believe that our users are put at any further risk by using Geezeo...but hey that's probably a little bit of a bias opinion. Cash Edge is an awesome partner...they power account aggregation for a number of large financial institutions and we are very confident in the steps they have taken to protect their customer's data. Also, I believe there is value to aggregating your data in one place. Aggregations makes it easy to link goals to accounts, offer analytics holistically not just at the single account level, offer proactive alerts and real-time checks of your balances via your cell.

Q. Is Geezeo purely ad revenue driven? Or do you receive revenue from the banks you work with?

A. Both. Soon we will be adding a section to our site where users can search for various financial products (Savings Accounts, Loans, Investments, etc). In addition to representing quantitative data like rate and fee info we also have a user product rating engine. "Would you recommend this product to a friend"? Users will be able to use this information to make their own choices about what products are best for them.

I think one philosophical difference we have with Mint's approach is the idea of channeling users to one specific product. I think it's presumptuous to think that just because your savings rate with your credit union isn't as good as another product that you should switch. How are we to know that you don't have a car loan or other products tied to that savings account that in the end offer you an overall better financial relationship with your bank? Instead we will identify areas for improvement that could be addressed by calling your financial institution or possible by getting into a new product that you may or may not find in our financial product section.

Q. Why use Geezeo instead of Mint.com, MS Money, or Quicken?

A. If you are looking for a safe and simple web-based solution to better track your finances then Geezeo is the right solution. Geezeo offers easy to use tools to view all your accounts on the go, see where your money is being spent and offers a community environment that can help you make better decisions. If you have an aversion to buying software and don't want to be told what financial products to have then Geezeo is probably the best choice.

Q. Can you provide some background on yourself as well as the other founder(s) of Geezeo? Specifically your experience in online financial data and security?

A. Shawn and I worked together for about 5 years at a company called GainsKeeper. GainsKeeper is a portfolio accounting product that is used by consumers via http://www.gainskeeper.com and offers enterprise solutions to major financial institutions. We do not have specific experience managing the data security but did stay at a Holiday Inn Express last night (Just kidding). If you would like a closer look at our professional profiles check out the LinkedIn links below.

http://www.linkedin.com/in/peterglyman

http://www.linkedin.com/in/shawnward


Some Interesting Facts about Geezeo:

  • Rather than a traditional collocation service, Geezeo uses Amazons EC2 Hosting solution which provides the ability to increase the hardware resources made available to the service should they ever hit their current capacity.
  • They also use Amazons S3 storage solution to ensure proper backups as well as a safe environment for data storage.
  • You are able to use your Gmail credentials on Geezeo via the Google Authentication API
  • In addition to the financial analysis, Geezeo acts as a social network so you can get advice from not only Geezeo, but other Geezeo users as well.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

October 23, 2007

Keeping Your (Windows Based) Computer Secure:

In today’s world you can do just about everything online. You can pay your bills, make banking transaction, you can have entire savings accounts at online banks. You can look and apply for jobs, apply for business licenses, and even order dinner to be delivered.

While all of this is incredibly convenient, it does put a lot of personally information out in the open and can be a risk. And while companies that allow you to manage your account online do everything they can to protect your data, if your home computer gets compromised, then nothing any of the company's does will help. So here are a few tips to keeping your computer nice and safe.

  1. Make sure you have a good anti-virus software installed. There are several to choose from, some , like AVG, are free. Others like Norton Anti-Virus and my favorite Kaspersky can be purchased. No matter which anti-virus you choose, be sure to keep it up to date. Remember that when you are buying an anti-virus, you are really buying a subscription to their updates, so at the end of the year, you need to renew that subscription. An updated anti-virus is key to maintaining a secure computer.
  2. In addition to an anti-virus, a good piece of anti-spyware/adware software is good to have. I recommend using Adaware or Spybot S&D. The difference between a virus and adware/spyware is how it propagates and its purpose. Each require a different method of removal, although
  3. Turn on your firewall. Windows XP and Vista both include a built in firewall, which is good for most home users. You can purchase more advanced ones, but like most things, the more features it has, the more complicated and can be and the easier it is to mis-configure.
  4. Always have a password on your user account. Many people think that because it is their home computer, there is no reason to have a password. But the problem is, if there is no password, people can connect remotely and will immediately have access to do what they please on your computer since there is no username/password for them to figure out.
  5. Always change the default password on everything. If there is no default password, set a password (windows XP has a built in administrator account with no password by default, be sure to set one)
  6. Use strong passwords. A good password will be 8+ characters long, include letters, numbers and special characters like @, #, $, %.
  7. Update your software. No one is perfect, so when software is released there are still lots of bugs and security holes in it. Be sure to download the security updates as they come out. In windows you do this by using “windows update” or “Microsoft update” which can be found under all programs in your start menu.
  8. Be smart about email. Don’t just open attachments from people that you have never heard from, don’t reply to that guy in Nigeria who wants to give you $30m. Ignore those nude photos of whatever pop star is in the new lately. Emails like this are only around to scam you. Don’t fall for it.
  9. Don’t click on those nice flashy banners people have on their website saying you won money or some awesome prize. They are also SPAM. Many of those links will lead you to another page and then download some spyware onto your computer so they can keep popping up advertisements.
  10. Just about everything online, like in life, that seems too good to be true, is. Use your common sense.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

Potential Points of Failure

One of the most important steps in creating a good security scheme is to minimize the number of points of failure. What is a point of failure? A point of failure is any point in a process in which the procedures in place can break down and cause a failure; essentially, they are weaknesses.

Points of Failure in Online Transactions:

In a recent review I wrote on Mint.com , I mentioned many of these points of failure, and because of the number of them, I became concerned with the overall security of the product. This does not only go for Mint.com, this goes for every process and every procedure we use in day to day business, I use Mint.com in this example only because I have wrote about it recently and it deals with a very important subject; your money.

The standard way people use online banking is they log in to their banks website, and thats it. So the process looks something like this:
Persons Home Computer -> Internet -> Bank Web Servers -> Bank Database Servers -> Internet -> Bank Live Transaction Servers

As you can see there are about 6 points of failure. What this means, is that if any one of these points is compromised, there is a potential to lose data.

When using an application like Mint.com the process looks like this:

Persons Home Computer -> Internet -> Mint.com Web Servers -> Internet -> Yodlee Servers -> Internet -> Bank Web Servers -> Bank Database Servers -> Internet -> Bank Live Transaction Servers

As you can see, the number of points of failure has now gone up to 10. I addition to the points of failure increasing the potential loss is also increased. The reason for this is because in the original method, if any of the steps after your home computer are compromised, you only lose the integrity of that single bank. In the method using Mint.com, if the steps after your home computer, but before the Yodlee server to your bank are compromised, you potentially compromise all accounts that you are using the application to track.

In both scenarios, your home computer is typically going to be the easiest to compromise, and the one that holds the most amount of your personal data. So in either case the risk will be the same. If someone compromises your home computer, they can just collect the passwords/usernames for all of your accounts. Your home computer is also the most likely to be attacked, the reason for this is because home computers are low risk targets, and an attack can be as simple as sending an email with a virus attached. All the attacker needs is to have the user open the attachment. Home users don't invest much into security typically, but a large company like Mint.com invests a lot into their security, and have staff monitoring for these types of activities, so the risk is significantly greater for the attacker should they go after a large target like Mint. The reward is also potentially greater, but the skill required to pull it off would be much higher. With all these factors the likely hood of a breach is relatively low on Mints side, but pretty high on your home computer.


Points of Failure on Home Computers and Networks:


Similar to the points of failures in online transactions, home computers have points of failures with in them. For instance, every user account on your computer could be considered a potential point of failure, because each one presents a point of attack for someone trying to crack a password or find an account with no password.

Another potential point of failure is your home wireless router (if you are using one). A large percentage of people who buy wireless routers don't know how to configure them properly and don't take the time to secure them. Because of this, anyone within range of the signal can not only gain access to the network (and potentially to all computers on it) but can gain access to the interface on the router as well.

If a person were to gain access to your routers interface, they could set it to use a server the attacker has set up as your DNS server. What this means, is every time you try and get to a web page, it will check with his server where that page is located on the internet. If the attacker were to set it up so every time you try and go to your banks website, it takes you to a clone of it that he has set up on his server, he can then collect your username/password for that site, and you probably wouldn't notice for a while since he could make it give a generic error saying the site is down once you submit the username and password. Most people will let that go for a few days if they don't suspect any problems. A similar attack could be preformed by sending you an official looking email and have the links point to a rouge site the attacker has set up (this is called phishing, and is probably the most commonly used email attack)


As you can see, these potential points of failure are both common and dangerous. In many cases the old saying "keep it simple" can help you prevent having the excess points of failures. Don't use more equipment and connections then necessary. If you don't need a wireless router at home, then don't get one. If you don't need 10 accounts on your computer, delete the ones that aren't used. And always do the best you can to keep your computer secure.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

October 22, 2007

Outlook 2007 doesnt work with Word 2003

So last week my boss decided we should upgrade our CEO to Outlook 2007, but he didn't want to upgrade the entire suite just yet because that would be too much change at a given time. I agreed or CEO isn't the greatest with change so I went a head and installed Outlook 2007. He really liked it. He enjoyed the new interface and the new features, but he did have one complaint. His auto correct/replace didn't work any more.

Here is why. When you are editing an email in outlook, it actually uses Microsoft word to do the work, the reason for this is MS Word has a much larger tool set then the one built into outlook (outlook does have its own for those that don't have word, but its not so good). Unfortunately, Outlook 2007 cannot use word 2003 for this. So what happens is you get stuck either with Outlooks word processing engine, or with Outlook trying to use word 2003 which it can't.

The fix was easy, install word 2007. Its not that big of a deal, but something to be aware of if you decide you want Outlook 2007 (because its awesome) but dont want to buy the whole office suite.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

October 20, 2007

CompUSA Using Social Networks?

So it looks like CompUSA is jumping on the Social Network Bandwagon and are now placing links to Digg, Facebook, and Del.icio.us on all of their products so you can share them with your friends. It amazes me just how much clout sites like Digg have, they literally can bring a server to its knees with traffic generated by user views. Very cool.


Photo Sharing and Video Hosting at Photobucket

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

Off Topic... National Health Care

I know this has nothing to do with technology, and is about as far off from my normal blog postings as you can get, but it’s my blog so I get to write whatever I feel like.

One of the biggest topics (aside from the war in Iraq) that the Presidential Candidates have to deal with is the idea of nation health care. Movies like Sicko portray the US Health Care System as inadequate and sub-bar.

Maybe it is because I have lived a health and lucky life. I have had no serious illnesses, no major injuries, and no extended hospital stays, so I have never dealt with an "inadequate" health care system. I remember going to the emergency room a few times, once for a gash on my arm that I needed to get stitches for, another because I had a bad case of tonsillitis and my throat and swelled up and it was hard to breath. Both times I was treated very quickly. My doctors have always been nice when I have gone in for physicals, or just being ill in general. I tore tenants in my hand, and they took care of me, I have a bad knee and Gout and I have always been taken care of.

In addition to this, my Mom has had several extended hospital stays because of severe back injury she sustained, and because of this needed several surgeries. They took good care of her in the Hospital, and the medical bills were taken care of by the state (she was injured while working a state job).

In fact, I don't know anyone who has had a horrible experience at the doctors or at a hospital. So for me, I just don't see this inadequate health system.

So maybe I have been getting this good treatment because I have always had health insurance. My dad is in a union with great benefits, so I got those until I was 21. But I had double coverage for several years because every company I have ever worked for has given me health insurance. Is this a rare thing? I mean I was 16 working at Blockbuster and even they offered me health insurance (and a number of other good benefits like tuition reimbursement). My current Jobs (yes I have 2) both offer health insurance. Heck my primary job offers 3 different types of coverage you can choose from. 2 are free and one costs me 12 dollars a month. (I picked the $12/month one because it allows me to see any doctor when ever I want for a huge variety of things as opposed to selecting a single "primary care" doctor who I would have to see) If I want to add my girlfriend on to my plan I can. You heard me right; we don't have to be married, just living together. That will cost me an extra $150/month I believe. But its great coverage. The only people I know who don't have health insurance are just lazy and don't have jobs. (Or have crappy part time fast food jobs). And in reality, if you are an adult, working a crappy part time fast food job, you need to take a look at your life and do better.

So what benefit would National Health care have for me? None. I would pay more taxes, so other people could get "free" medical. Why should I have to pay more so others can milk a government system because they are too damned lazy to work (welfare proves this over and over again). People in places like Canada who do have a national health care system still need to get extra insurance because their system doesn't cover everything good private insurance does. So it’s not like my company will stop providing health insurance, and then give me a raise which would then balance out the higher taxes. So really, all national health care will do is take more money from me to help people I don't know and who may not even need the help and are just lazy.

Don't get me wrong, I have nothing against helping those who really need help. I donate a significant amount of money to charities that I choose to support (usually ones that help fund education and medical research). I also work for a non-profit (where I take a lower salary then I would require from a larger for profit company) because I believe in the work they do and I want to be a part of that. So this isn't about not wanting to help people, it’s about being forced to help people and having no control over it.

The only national health care system I am willing to support would be one focused on children. Where a child would be qualified to receive health care up until age 18. Once they are 18, they are on their own. The reason for this is because a child doesn't ask to be borne, and should have to suffer because they have shitty parents who can’t get a job. If you can't get a job, you shouldn't be having a kid. And no, there is no excuse for not having a job, work a burger king if you have to, but you better damn well have a job. (Obviously there are exemptions to this like those who are disabled but they can get Medicare/Welfare) When you are 18, you can get your own job and your own health care. And don't give me that crap about being in school and not being able to work. I work 2 full time jobs AND still go to school, so it can be done (and it isn't that hard.)

It seems the people I hear complaining the loudest are those who just don’t have health insurance, here is what you do. Go get a job that provides it, or get a private healthcare provider. If your job doesn’t provide health care, or you just can’t afford it, then its time to get another job (a second one even) that will give you the extra cash so you can afford it.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

October 18, 2007

Gawker Media does it again.

LifeHacker/Consumerist are again promoting the use of a product without fully disclosing the risks of it. They are announcing that Mint.com is now out of beta and available for public use. See my blog post ere about the dangers of Mint.com

Don't, get me wrong. I love both Life Hacker and the Consumerist, and they usually have great articles and products. But to not inform users of the inherit risks of "putting all your eggs in a single basket" is just irresponsible.

Edit:

My mistake, they are not out of beta, they are 4 weeks into their public beta.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

October 14, 2007

Life hacker is now promoting trash.

There was a recently a post on Life Hacker about a service called "Verify Email Address". Please do not use this service as it is most likely a ploy to harvest email addresses. Not only is in inaccurate (it cannot verify the info if your mail server is set up to block the requests it sends...which it should be) but it is also owned by Email Marketing Pro. In addition to this, the "contact us" link on their website is broken (never a good sign when you can't contact a company), and they offer no guarantee that they will not collect or share the email addresses you enter. Please be careful with who you give email addresses to, I hate getting spam, and I'm sure you do to, so lets help stop it rather than help spread it.

From LifeHacker.com
"UPDATE: As several readers point out in the comments, it's very possible this site is a spam trap, so we're removing the link. Our apologies for not being more skeptical!"

It looks like they took down the link.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

October 12, 2007

Staying Sane - tips to keep you going in a crazy world.

My name is Jordan, and I am a workaholic. I am 22 years old, I work 2 full time jobs, and am in college. Life is crazy, and time is limited, but this is how I have kept it under control.


  1. Manage your time: Take an hour or 2 to look at your time commitments for the week and month. Every Monday, I sit down, open Outlook Calendar and plan my week. I first create broad categories. So I block out the time for my 2 jobs and school. Within those blocks I created sub-sections for the meetings I have planned. Then I block out any time I know I'll need to work on projects. Next I block out time for social engagements I have scheduled. Don't forget to schedule in time for commuting if you are traveling. Then set up some "buffer" time between meetings/projects so you don't fall behind when something "urgent" pops up. (In my field, something urgent always pops up) This in it self will make life run much smoother, I carry my smart phone with me all the time so I know when I have time to goof off and when I need to be headed to a meeting.

  2. Find something that relaxes you: Find something that you know will relax you when things get tough. For me, its music. I know that when I'm getting stressed out, or when I'm falling way behind schedule and am starting to worry my self I can pop in my ear phones and play some music and it will calm me down. Be stressed is bad for efficiency. You don't think clear and you waste time because you make more mistakes. So find something that you can do in your office (or close by) and do that when you get stressed. for some its meditation, others its taking a short walk. Find what suites you.

  3. Eat Right: I have a horrible habit of eating out a lot. I'm always running around and its just so much easier than to worry about carrying a lunch. But fast food and junk food slow you down. When I pack my lunch and bring nice healthy snacks I function better, I don't feel sluggish, and am in the mood to just keep working. You wouldn't put "regular" gas in your Ferrari would you? Of course not, so be sure you are filling yourself with "premium"

  4. Exercise: After a long stressful day, I'm usually exhausted. But going to lift weights helps me relieve that stress, and usually energizes me. Working out gives you more energy, and has been proven to make people happier. Exercising on a regular basis also provides some stability in your schedule so it helps you relax because its a little more control over your life.

  5. Be Social:Hang out with friends, go on dates (this includes people who are married or have a girlfriend/boyfriend.) After working so much, your friends, family and significant others miss you and probably would love some time with you. MAKE time for them. Its relaxing and great for your self-esteem.

  6. Make Time for Yourself: Make some time for yourself. Take this time to do what ever you want, take a nap, go fishing, read a book. It doesn't matter. Just don't work. This will help you center yourself and disconnect from everything for a little bit.

  7. Get Some Sleep: You need sleep. Period. I don't believe that everyone needs 8 hours of sleep (I know I don't) so sleep as much as you need to. I like to sleep for around 5 hours a night, and take an hour nap during the day (when I have time). At times I only get around 3 hours a sleep a night, and this is OK for a week or so, but after that I need to recharge some and go back to getting my 5 or 6 hours. Find a sleep patter that suites you, then stick with it. Your body likes stability and routine, it makes life easier.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

October 10, 2007

Mint.com: Great concept, bad execution.

There is a new service out that allows you the convenience of only having to visit a single place to view all of your financial data. You can see the balanced of all of your credit cards, see how much money you have in each of your banking accounts, and schedule reminders so you don't make any payments late. It sounds like a wonderful tool. Heck, they even claim to be secure! Lets take a look at their "How we keep you safe" section and determine just how secure they are.

From Mint.com (text in red are my comments)

"Mint works quite literally every day to make your data secure. Here's how:"

  • All data storage is encrypted. Not only are our hard-drives encrypted, our servers are in a secure facility protected by biometrics palm scanners and 24/7 security guards.

    I have worked with and visited several of these types of secure facilities. And yes, they do have palm scanners and 24/7 security. The problem is all the server racks are in a open area, in little lockers secured by combination locks. So as long as you are a customer of the facility, you have physical access to the lockers that have the servers. Breaking into a combo lock isnt all that difficult, and neither is becoming a customer of these facilities.

  • SSL prevents eavesdropping. Communication between your browser and Mint occurs using 128-bit SSL, the highest industry standard. This prevents hackers from being able to listen-in on or "tap" a conversation. Data is delivered to you and you alone.

    This is misleading. It does not prevent "hackers" from listening in on the conversation. What it does is make the data they collect look like garble because it needs to run through the encryption algorithms.

  • Bank-level standards are used. This includes encryption, auditing, logging, backups, and safe-guarding data.

    "Bank-level Standards" sounds great right? unfortunately Ive worked with a bank or two and their standards aren't that high, especially smaller credit unions. But backups don't protect your data, neither does logging or auditing. Logging shows things after the fact (so they can trace what was done) backups just save a copy of your info to another place (FYI: most backup servers are less secure than the live ones, so they are a target for people looking to exploit a company)

  • We hack our own site. Mint runs thousands of tests on its own software to ensure security. We scan our ports, test for SQL injection, and protect against cross-site scripting. We also update and patch our software all the time.

    Good, they do penetration testing. So assuming they have the best hackers in the world (they don't) and an army of them (they don't) they might find all the holes. (they wont)

  • Mint uses industry standard secure account aggregation. Mint uses Yodlee to connect to your financial institutions. This is the same back-end aggregation system used by Bank of America, Fidelity, and Microsoft Money. Yodlee’s security practices have been audited by the NSA, Visa, Mastercard, and numerous major banks.

    They are using a secure back end, which is a good thing. I have nothing bad to say about this. Although, this assumes they have it configured properly (which I think is a good assumption) and the rest of the server is configured securely.

  • Mint is independently verified secure. You don't have to take our word for it. Mint has been audited by Verisign, as following the industry security practices.

    It is good to know that they have out-side auditors looking at them, but even that doesn't guarantee the security, it helps, but companies like verisign can only test for flaws they know about. The good hackers look for flaws that people don't know about.



The main problem I have with Mint.com is that it's users are "putting all there eggs in a single basket". You are trusting a single company with all of your credit cards, all of your bank information, all of the user names/passwords for these accounts. Even if there security is flawless (which it wont be) this still has the potential for an employee of that "secure building" they leave there servers in walking out with a hard drive with all your data. Or one of Mint.com's employees taking it all. Online banking is a huge convenience, I do it, but if one of my accounts is compromised, then its just that one, its not all of them. The likely hood that my 3 banks, and my credit card companies all get hacked at the same time is next to nothing. But because Mint.com is this central point for all this information, they will be a target. And one little breach could mean all of your financial data is now in the hands of someone else. To top it all off, Mint.com is inherently less secure than most bank websites, because it needs to not only save your user name and password, it needs to then retransmit that info to different banks. So the normal 1-way hashes that have been the standard for password authentication wont work because they need to encrypt the data, then unencrypt it before sending it out. (yes they re-encrypt it before sending, but it still means that it is possible to get your real username/password)

Mint is offering a huge convenience (and a good product if you ignore the glaring security flaws), and it will get better. But is spending a little less time (heck even a lot less time) looking at your financial worth the risk of having all of that data stolen from a single location? I know I wont be using it.

UPDATE:
I'm glad to say I'm not the only one with these concerns. Check out nobosh.com's review

I'm also waiting on a reply from Mint.com directly to see if we can get some of this addressed. I will post any info I don't think is complete fluff here to keep folks updated.

I never heard back from them.

More info on their security and general practices can be found on the Mint.com Forums

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

October 8, 2007

Should you buy an Extended Warranty?

Anyone who has shopped in an electronics store has almost certainly been offered an "Extended Warranty" or a "Extended Service Plan" of some sort. The salesmen will happily tell you all the wonderful benefits of these services ranging from protecting your shiny new computer if the screen breaks, to curing cancer! So what is the real deal behind the warranties?

First, lets just clarify that a company will almost NEVER do something just to benefit their customers. Companies are there to make money. That is not to say that the products they offer have no value, but you need to realize that they have more value to the company then they probably do to you. So lets talk about some of these services and just how much value they add to the product you just bought.

Typically there are 2 kinds of extended warranties. 1 is a replacement plan (usually for smaller items like mp3 players, printers, etc) and repair plans for this like laptops. Lets talk about the repair plans first.

Repair Plans:

Depending on the company you go to, the terms are going to be different for the repair plan you buy, but in general this is what they will cover:

  • Defects in hardware
  • Defects in labor
  • Technical support for the product and all components included with it at the time of purchase
Thats it. Some more expensive ones will cover the following:
  • Software support
  • Accidental damage
  • Physical damage to the screen (if it has one)
  • In-home repair
  • Replacement of consumables (like bulbs in projection TVs and Projectors)
For those things you pay about a third of the price of the product (some times more some times less)

So for an additional 30% you are given the assurance that your product will continue working for the life of your warranty, without the hassle of dealing with a manufacturer, and usually for longer than the manufacturer will support it. But is it worth it? The answer is maybe, but in most cases no.

The truth is, the amount you pay for the warranty would cover most small repairs that may be needed once out of the manufacturers warranty. The times an extended warranty are really helpful are when you need expensive parts replaced, like the screen on the laptop or the bulb in a projector. These items in them selves cost more than the warranty usually doe so they are worth it. But for most desktop, they really aren't. Of course, if the assurance that down the line you wont have to pay more is something you want, this is may be something you want. In reality you should be thinking of these things like more of an insurance. Because thats what it really is, chances are you wont need it, and you should hope you don't need it, but without it, your going to be pissed that one day when you pay the $400 for a new screen.

Replacement Plans:

Replacement plans are a good deal in my opinion. I buy them on most of my gadgets. The great thing about a replacement plan is at the end of the term, you can make up some generic "intermittent" issue and have them replace your item with a new one. Most places will give you a credit in the amount of the item if they don't have it, so for the last several years I would buy replacements plans on my mp3 Player, when a new one that I liked came out id take it in say it was busted, get a credit for the amount I paid for the mp3 player then use it to buy the one I wanted. The wonderful thing about electronics is the price on them either drops, or their functionality goes up. So when I originally bought that 1 GB mp3 player for 200 bucks, I have eventually traded up for my iPod . Same thing for my PDAs, LCD monitors, and just about anything else that you can buy a replacement plan for. This is why I think replacement plans are worth it, as long as you remember to do that exchange.


But before you buy any plan (replacement or repair) be sure you know the terms and conditions. Unless a plan specifically says it covers physical or accidental damage, it will not cover it. Most plans do NOT cover you damaging the product or damage caused by misuse. Heck, most places will not do the repair if there are signs of misuse, even if it isn't the cause of the problem.

Example:
If you spill water or some other liquid on an electronic, it will usually cause some discoloration on the circuit board in side of it. Even if this spill did not cause the problem, the warranty will usually be void.

So be sure you know the terms and conditions. It really bothers me getting calls from people who have left the store I work for and then ask "what is this warranty I bought, what does it cover?" I just can't comprehend how someone spends several hundred dollars on something when they don't know what it is. Don't be that person.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

October 5, 2007

How to Buy electronics.

The art of scamming...errr selling

This is the reason people get ripped off in electronics stores. You have customers who walk in and don't know what it is they need, so they depend on the sales staff to tell them what they should get that will fit their needs. But instead, the sales person sells them what fits the sales persons needs, and there need to is meet a sales quota and make their commission.

I know what you are going to say. "But I asked the salesmen and they said they don't get commission". Now this was true...sort of. Stores like CompUSA don't have commission. What they do have are called Spiffs. A Spiff is a cash incentive in place to sell a particular item. The amount of a Spiff will vary from product to product and it is a way to get sales people to sell a particular item. For instance, I have seen TVs on clearance that the store is trying really hard to get rid of before the new model comes out. Because the urgency of trying to get them out the store, the management decides to attach a huge amount (I've seem Spiff's up to $100+) to encourage sales men to get rid of a particular product.

Warranties? you bet they have a Spiff attached. Typically the Spiff is about 10% of the cost of the warranty. Sign ups for digital services? Yup...they have them to. Some companies even offer a reoccurring Spiff on services that have a monthly fee associated with them. So as long as that customer is stays a customer, the sales men gets that Spiff each month.

Spiff's are a great incentive to sell a particular item, but so are threats. Retail companies due set quotas for their sales people. And when those quota's aren't reached, the employee get punished. Some frequent punishments are getting written up (stays on record and effects future raises), mandatory sales training (usually held nice and early on a Saturday or Sunday morning before the store opens), having to do stupid and kind of demeaning things (like wear a sand which sign, or a silly button or hat). So to avoid these punishments, sales people will do everything they can to make sales. On a slow day, they need big ticket items to hit their numbers, (You you have 5 customers and your quota is 5k they need to buy 1 k each. If you have 10 customers and your quota is 5k they only need to buy 500 worth of stuff).

Salesmen also deal with sales policies that are drilled down their throat like "SWAT" (Sell What is Available Today) which basically means, screw the customer if we don't have what best suits their needs. And they have steps they MUST go through with every transaction. So don't get mad at the sales person who asks you if you want the warranty, they have to ask, or they get in trouble. They also have to ask you if you want a whole bunch of accessories. The company sends secret shoppers that come in and take notes on the sales person. They make sure the sales person takes each step, and does it right. If they miss a step, or the shopper doesn't think they did it well enough..they get written up.

So when your options are "help the customer get what they need" or "work on the weekend/get written up" and "make more money" which do you pick? typically it goes "make money" then "don't get in trouble" and finally "help customers get what they need"

Now don't get me wrong, there are some good sales people who really do want to help the customer. Most of these guys are older and plan on being at their jobs for a while. They also typically have a higher hourly pay or a salary to keep them a float when sales are slow. These are the guys you want helping you. They will make sure you are taken care of (in a good way) And these guys also to make a good steady amount of money because they get referrals from good customers and have repeat customers. They dont make the most amount of money though.

The guys you want to avoid at all cost are the ones there to just make cash, and to make it fast. They will say just about anything to get you out the door with the most product in the least amount of time. They want to "help" as many people in a day as possible and can be really pushy because each customer is a bit more money. They will tell you need the best of everything, I bet you didn't know you need that media center computer, with a 500GB hard drive 4 Gb of RAM, and Blu-Ray burner just to check email. Well this guy will make sure you know it. He will also tell you setting this thing up is really complex, and nearly impossible for some people (sure if that person is blind and has no arms), he will tell you its well worth the $100 to have some else to come do it.(he gets a Spiff if they do)

So how do you protect yourself?

It's easy.

  1. First and foremost, do your research. Have an idea of what you want. Know what you plan on doing with your computer. If you know you are just going to be surfing the web and doing basic homework in word or excel, then you don't need all that great of a machine... think about it, both of those tasks can be done on a PDA. So figure out which software you want to use, go to their manufacturer's website and look at what the "system requirements" for that program are. That will give you a guideline for the kind of computer you need.
  2. Once you know what it is you want, shop around. Check online, check advertisements, ask friends who have the equipment you want where they got it. Prices online tend to be lower than an in store price, this is because online stores have fewer staff and much lower overhead than a brick and mortar store, so they don't need to mark a product up so much to make a profit. So expect to pay more in a store, but that doesn't mean you shouldn't look for the best deal.
  3. Get the deal. Shopping for electronics requires a bit of strategy. There are certain times when you can get a good deal. For instance, shopping at the end of the sales period. Managers have quota's too so they want to make their numbers or they don't get their bonuses.

    However, don't go in an expect them to slash the price, and don't demand they do it. I have NEVER given a discount to someone who says "give me 10% off or I'm not buying it". With a request like that, I simply say "have a nice day" and walk off. I have given discounts or given free accessories to people being nice. I know what my sales numbers have to be, I know the margin on a product, and I know what I can discount. A really nice person buying a printer and a replacement plan for it? (yes replacement plans are a good deal Ill explain why in another post) I've given them the USB cable and knocked 10% off ink for them. Why? because ink is about 15% margin, and a USB cable is about 90% margin. So before I ring it out, I drop it to "cost" then take the remainder out of the price of the printer. For the ink, I just cut 10% off. My numbers are squared away and the transaction has no red flags for management to catch and ask me about. I'm not going to get yelled at just to give you a good deal, sorry, I don't care that much. So if I can give you a good deal, and its no skin off my back, then it will be done.
Its that simple, Know what you want, know the prices, and be nice. You will get a good deal from a good person.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google

October 4, 2007

Welcome to our new home!

As some of you may know, we have moved to our new location here at Blogger. I moved from Wordpress becasue I didnt like the lack of flexability they had, and didn't like thier core code very much. Blogger gives users much more freedom to design their blogs and in the next few weeks I hope to do some "designing" to get ThinkSmarter looking a little better. Actually, I hope to get a friend of mine to do some designing since I have the artistic ability of a 3 year old (no really, I can barely color in the lines)

The other reason I moved to blogger was to help support Google. I love Google and all of their products, so why not use them! I moved my old posts over and will begin re-tagging them in the next few days. I'm bummed I couldnt bring over my comments to the posts becasue we had some really good ones and I like to keep those discussions alive, and available, but you win some you lose some. Well, I hope you all enjoy the blog.

Bookmark this post:
StumpleUpon DiggIt! Del.icio.us Yahoo Technorati Reddit Google