Just goes to show that winning a TechCrunch award doesn’t necessarily mean you’ve been endowed with an IQ above 100. You would think that since the biggest criticism of personal finance aggregator, Mint.com, has been potential security pitfalls, they would be a little apprehensive about doing things like, gee, I don’t know, SENDING CONFIDENTIAL INFORMATION OUT OVER AN EMAIL!! But NO! Apparently, “my friends at mint.com” believe in living dangerously. And that too, at my expense. Read on to find out why I’m so upset!
But first, the prelude. So I sign up at Mint.com, damning the torpedoes and ignoring the cries of warning raised loud and clear on a number of discussion forums. I bravely provide my Bank and Credit Card information. I even try adding my brokerage account; an attempt that thankfully fails due to Mint.com not supporting my Brokerage. Someone up there in Heaven must want to see me keep at least some of my financial information safe! Since I invest with the largest brokerage fund in the US (TD Ameritade), other than divine intervention (or a stupid list of priorities at Mint) it seemed quite odd that Mint would not work with them.
Anyway, so I sign up and start playing around with Mint. While the UI looks pretty slick, the usability leaves a lot to be desired. It’s great that the icons and graphics are high quality and they’ve got this nice curled-at-the-bottom-sticky note effect, but that doesn’t do me much good when the monthly remittance to Ameritrade from my checking account is recognized as a payment to some car mortgage company! For a moment, I thought someone was ripping me off. Only later, after some scrutiny, did I realize that the automatic categorization Mint.com was doing, was all wrong. Manual categorization of expenses was quite a pain and frankly, not something I am going to do with the hundreds of transactions across all my accounts. Fuggedaboutit.
The reason why I even went to Mint was to try out their “Savings” feature, which sounded attractive to me at first. The idea is that they’ll look at returns you are earning, say, on your Savings Account, and will suggest an an alternate financial institution to invest with that provides a better return. In theory, this could make you more money. However, in practice their software is quite flawed. My biggest “saving”, of several thousand dollars a year, was supposedly moving from Bank of America to E*Trade bank. Why? Because Mint.com told me I was earning 0% return on Bank of America savings and would actually earn 5% on E*Trade. 0%?? I thought I was getting 5%!!! Have they ?? After a little scurrying about and checking, turns out this is yet another bug and they just don’t pick up the right APY rate from Bank of America Advantage Savings. What a waste of time and a complete pain! Just go to Bankrate.com instead. No signup or security exposure and a more reliable database.
[CLICK THE IMAGE TO SEE MINT.COM's (VERY WRONG) SAVINGS RECOMMENDATIONS]
So in any case, at this point, the utility of Mint is questionable in my mind, and I’m thinking, is it REALLY worth giving someone all my financial information and usernames/passwords so that they can tell me that the money I am sending my stock broker is actually ending up to buy some invisible car I know nothing about?
But then, something quite appaling happened. An email arrived earlier today and the stupidometer I keep with me to achieve early warning against the inane and common-sensically-challenged among us, hit the ceiling and started sounding alarm bells… An email had arrived from Mint.com that listed out the current balances on ALL my accounts, and the vendor, date and amount of my last 5 transactions across all accounts!
ACTUAL NUMBERS, DATES, VENDOR NAMES! This is the stupidest, most insecure monthly reminder I’ve seen! The list of past transactions is super insecure, because many financial services institutions will use that as one of their security questions (I know my Bank does!) Emails are inherently insecure. They are sent in plain text, you can leave them open and they don’t “timeout and close”, they can be accidentally forwarded, and the list goes on. That is precisely why responsible financial institutions simply ask you to visit their website and often don’t even provide a link to click so that you are assured that this is not an attempt to phish. Clearly, it is way too much to expect this level of maturity and responsibility from a small startup.
So, the upshot of all of this is the following:
1) Mint.com is stupid
2) I am stupid for having provided my acount info to Mint
3) I am making ammends as fast as possible by cancelling my Mint account RIGHT NOW
4) My advice to you is, please NEVER signup at Mint and if you have an account, get OUT NOW!
P.S> As I try to cancel my Mint account, I find that there IS NO WAY TO DO IT. The only thing you can do is remove your Financial Services logins and hope that the information is actually being deleted permanently. What’s more, the feedback form on the Mint website doesn’t even have an option to get them to remove your account! Here it is:
So I have sent them an email anyway telling them that I’ve deleted all my accounts and expect them to remove the complete account with no archival of now-removed financial information! Let’s see what happens. What a mistake all this has been!