Mint Misses on Data Privacy Protection
My marketing and technology infrastructure advisor, Roman, recently sent me an e-mail inviting me to try Mint. For those who may be unfamiliar, Mint is a personal finance management application available free on the internet. Mint allows its customers to centralize their banking, savings, credit card, and brokerage accounts to get a snapshot of where and how they are spending their money. And one of Mint’s most discussed features is that the application will search those transactions, and provide its customers with opportunities to reduce credit card interest rates and improve savings account interest rates.
Mint goes way beyond just reporting and budget tracking. Using a patent-pending search algorithm, Mint constantly searches through thousands of offers from hundreds of providers to find the best deals on everything from bank accounts to credit cards; cable, phone and Internet plans; and more. Mint’s suggestions are “unique to you” based on your individual spending patterns. For example, if you have $20,000 in a bank account that’s earning no interest, Mint might recommend a high interest rate savings account from ING or HSBC. Acting on that suggestion would give you an extra $900 in interest income over a year.
Mint.com - About Us
I originally tested Mint while it was in private beta, and while I liked its sleek interface, I was concerned about identity fraud risk from how it calculates opportunities to improve its customers’ interest rates. The application searches its customers’ financial transactions and uses that data to offer services from its partner organizations. To address these concerns, CEO Aaron Patzer states:
I’ll make a bold statement: You’re safer on Mint then with online banking. On Mint, you’re completely anonymous. We never ask for a name, address, or SSN - just an email. We know about your finances…but not about you. We’re also independently verified by Verisign, TrustE, and several outside agencies.
Aaron Patzer
Founder & CEO, Mint.com
What Patzer has not addressed is how a company operating for less than three years; Mint was founded in November 2005, can provide its customers with more security than long-standing financial institutions that have substantial risk management procedures in place. Personal financial data is extremely sensitive which is why financial institutions go to great lengths to keep it protected. Data security within a financial institution starts with website encryption, continues with intricate password management, and finishes with barring employees from accessing personal e-mail websites and social networking websites from behind the corporate firewall. This mitigates the risk that employees will inadvertantly disclose sensitive customer data. Additionally, financial institutions are regulated by a number of Federal and State regulatory agencies to ensure that they are maintaining sound data privacy procedures.
The U.S also has one of the most highly regulated banking environments in the world; however, many of the regulations are not safety and soundness related, but are instead focused on privacy, disclosure, fraud prevention, anti-money laundering, anti-terrorism, anti-usury lending, and promoting lending to lower-income segments. Even individual cities enact their own financial regulation laws (for example, for usury lending).
Wikipedia - Bank Regulation
In my humble opinion, it would be irresponsible to trust personal financial data to a company that does not follow the same data privacy precautions.
Posted on May 25th, 2008 | By: bootstrap economist | Filed under Banking, Web Technologies
Leave a Reply
You must be logged in to post a comment.