Mint Misses on Data Privacy Protection

My marketing and technology infrastructure advisor, Roman, recently sent me an e-mail inviting me to try Mint. For those who may be unfamiliar, Mint is a personal finance management application available free on the internet. Mint allows its customers to centralize their banking, savings, credit card, and brokerage accounts to get a snapshot of where and how they are spending their money. And one of Mint’s most discussed features is that the application will search those transactions, and provide its customers with opportunities to reduce credit card interest rates and improve savings account interest rates.

Uploaded with plasq’s Skitch!

Mint goes way beyond just reporting and budget tracking. Using a patent-pending search algorithm, Mint constantly searches through thousands of offers from hundreds of providers to find the best deals on everything from bank accounts to credit cards; cable, phone and Internet plans; and more. Mint’s suggestions are “unique to you” based on your individual spending patterns. For example, if you have $20,000 in a bank account that’s earning no interest, Mint might recommend a high interest rate savings account from ING or HSBC. Acting on that suggestion would give you an extra $900 in interest income over a year.
Mint.com - About Us

I originally tested Mint while it was in private beta, and while I liked its sleek interface, I was concerned about identity fraud risk from how it calculates opportunities to improve its customers’ interest rates. The application searches its customers’ financial transactions and uses that data to offer services from its partner organizations. To address these concerns, CEO Aaron Patzer states:

I’ll make a bold statement: You’re safer on Mint then with online banking. On Mint, you’re completely anonymous. We never ask for a name, address, or SSN - just an email. We know about your finances…but not about you. We’re also independently verified by Verisign, TrustE, and several outside agencies.
Aaron Patzer
Founder & CEO, Mint.com

What Patzer has not addressed is how a company operating for less than three years; Mint was founded in November 2005, can provide its customers with more security than long-standing financial institutions that have substantial risk management procedures in place. Personal financial data is extremely sensitive which is why financial institutions go to great lengths to keep it protected. Data security within a financial institution starts with website encryption, continues with intricate password management, and finishes with barring employees from accessing personal e-mail websites and social networking websites from behind the corporate firewall. This mitigates the risk that employees will inadvertantly disclose sensitive customer data. Additionally, financial institutions are regulated by a number of Federal and State regulatory agencies to ensure that they are maintaining sound data privacy procedures.

The U.S also has one of the most highly regulated banking environments in the world; however, many of the regulations are not safety and soundness related, but are instead focused on privacy, disclosure, fraud prevention, anti-money laundering, anti-terrorism, anti-usury lending, and promoting lending to lower-income segments. Even individual cities enact their own financial regulation laws (for example, for usury lending).
Wikipedia - Bank Regulation

In my humble opinion, it would be irresponsible to trust personal financial data to a company that does not follow the same data privacy precautions.

My bootstrap business experiment

One week ago I had lunch with my marketing and technology infrastructure advisor, and he asked me to describe the name “bootstrap | economist” in my own words. While in my mind I knew exactly why I chose the name bootstrap | economist, I found it challenging to accurately portray my thoughts in words and syllables. I rediscovered a post I made in March discussing my reasons for starting bootstrap | economist, but found that it lacked explanation of how I chose the name:

I started bootstrap | economist because I had a lot of ideas and I wanted to set them free on the web. I have been sharing parts of my life online for years, but this was my first time not hiding behind corporate firewalls and forum moderators. I had been keeping an offline journal for several months prior to starting bootstrap | economist, and realized that if I published my thoughts I would have an opportunity to help others and not just myself.
a (re)introduction

I chose bootstrap for the philosophy utilized by many web technology startups, where aspiring chief executive officers rely on wit and intuition to build viable businesses instead of substantial investments by venture capitalists. This philosophy is particularly important to me because my wastrel spending in college has limited my access to credit. Without the safety of a credit card behind me to fund temporary shortfalls in my personal working capital, I have had to carefully juggle my cash to ensure that it lasts throughout each pay period. I chose economist; a term typically reserved for those who specialize in the science of economics, in memorandum of my grandfather. He himself was an economist, humbly serving the United States government in his earlier years, and sharing his knowledge to students in South Florida and Kingston, Jamaica until his unexpected death in December 2003.

When combined, bootstrap | economist is a business mentality challenging entrepreneurs to understand the internal and external drivers of their industry and develop fiscally responsible business processes. While reflecting on my earlier post, I neglected to mention that bootstrap | economist foregoes intensive audio and visual multimedia in favor of a low-bandwidth design. This provides my writers and I with a global printing press, easily accessed by developing internet communities who do not benefit from the high bandwidth internet services many of us take for granted. And at less than fifteen dollars per month to operate, modest advertising income of twenty dollars per month provides bootstrap | economist with an operating profit of 25%.

Facebook denies Google access to its customers’ identities.

Article courtesy of my friend Michael Arrington, TechCrunch

More details on Facebook’s banning of Google Friend Connect from the Facebook API earlier today. I spoke with Facebook Chief Privacy Officer Chris Kelly and Google’s Director of Engineering David Glazer about the banning to get a fuller picture of the conflict.

Here’s an example of how Friend Connect (more details) works in practice. A third party site may want to add social elements to their service. They can integrate with Friend connect and allow users to sign in. Those users choose a social network where they keep their profile (Orkut, Hi5, GTalk and, until today, Facebook) and log in via the social network’s API. They then become “members” of the site, using Google’s terminology. If any of their friends from their social network also become members of that site, those friends are shown on the site and you can interact with them. To see it for yourself, click “log in” at the top of this sample site, IngridMichaelson.

Facebook has taken the proper stance to maintain its $15 billion valuation by limiting access to its customers’ identities on third-party websites. Facebook aspires to be the social network where customers can broadcast their true identity, and that requires a level of trust between Facebook and its customers. To gain this trust, Facebook allows its customers excellent control over which other users can view their Facebook profile, and how much of the Facebook profile is visible to those users. Facebook continues to earn the trust of its customers; evidenced by its heavy usage, and it would be irresponsible of the Company to allow third-party websites access to its customers’ identities.

Bankbook

Just more than one (1) year ago I joined Cambrian House, an idea-sharing web community based in Calgary Canada. Today I read on TechCrunch that Cambrian House has been purchased by established venture capital firm Spencer Trask, who will undoubtedly attempt to develop several of Cambrian Houses seven thousand (7,000) ideas. I only had the gall to post one (1) idea to the community, and want to share it with my readers prior to Spencer Trask dimming the lights at Cambrian House.

My idea is to come up with a marketplace where customers can submit their proposals, budget for the project, income statements / balance sheets, tax returns and personal financial statements of the borrower, and other pertinent information; then put the project out to bid. My thought is that a risk rating can be developed from this data.

The bidders on the projects can be individuals or financial institutions and would work similar to Prosper. Revenue can be generated by advertising as well as charging a fee to the financial institutions for using the service.

As always, comments are encouraged.

twitter + netvibes

Twitter is a a mini blogging tool that asks one question: What are you doing? The service allows you to follow users or be followed. Posts are short; 140 characters to be exact, and can be sent or received through the web, standalone programs such as Twitterific, text message, or the AIM instant messaging client. The service has been used in a number of manners including posting articles, documenting trips / events, and letting your friends in the area know where you are.

Netvibes was introduced to me one weekend by my friend Brad Levinson, and offers its users the ability to cater the web to their needs through RSS feeds. Content pages are organized by tabs and the pages are customizable from one to four columns.

And here are three (3) examples of how I use the two web applications together.

Customer Service in the Information Age

In his post, Why I say I’m a Blogger, Dave Winer follows up his Comcast diatribe from a few days earlier, with a subdued explanation of how he expects blogs to change how corporations interact with their customers. In the former post Winer states:

One of the reasons I believe in blogging is that it can reform business, giving power to the users, where we were powerless before. If I didn’t have a blog what could I have done to get Comcast to pay attention? Tell my friends and relatives? Sure, they know that isn’t very powerful. But when any customer could also be a publisher, well that does change things. This new power to publish can help us all get a better deal.

Most companies have left the sheltered view that business needs to be done on their terms, and will adapt certain policies and procedures to ease customers’ concerns. Companies whose framework depends on customer feedback to alter their future strategies will certainly take into account what is being discussed on the blogs, but they will also scour other online sources known for their customer feedback including but not limited to feedback forms at their official website, discussion threads within the webforum community, and product reviews at online retailing giant Amazon.com. Additionally, these companies will continue to take advantage of offline sources of feedback such as letters, phone calls, and faxes. Regardless of the medium that the feedback is generated, customers should understand that the process can be reversed when Companies feel that the limits of their product(s) and/or service(s) are intentionally being challenged.

When Winer’s original complaint about Comcast was circulating throughout twitter, I asked him if bandwidth could possibly be a scarce resource and his response alluded to him not necessarily knowing the answer. But Winer is not alone. Over the past six (6) months I have discussed the subject of bandwidth limitations with a number of my undergraduate colleagues from Drexel University, a Philadelphia University that favors science, technology, and innovation. My colleagues; whose concentrations varied from computer science to information systems, could explain in great detail the technicalities of how the internet works but were unable to provide me with a concrete answer on whether or not bandwidth is a scarce resource. According to Green Living Online’s article Greening the Internet, bandwidth is a scarce resource due to the sheer energy usage required to keep it running. The article states:

The Internet keeps us connected, helps us share information and reduces travel time. But it also has a big carbon footprint. It is estimated that globally it takes about 868 billion kWh of electricity per year to power. That’s a whopping 14 power plants worth of energy and about three percent of all the energy consumption in the USA, which adds up to a lot of energy and a lot of CO2 emissions.

Winer’s topic is just one conversation in this tangled web of how customers and companies are interacting with each other. On what feels to be a separate planet from the blogs and twitter, are the automotive webforums which is where I was introduced to the concept of blogging nearly ten (10) years ago. One of the hot topics from when I owned a car that is still discussed today, is automotive dealerships and insurance companies going to drag strips to catch pictures of their customers’ cars being used for non-street purposes. In a recent post at automotive webforum Myspecv.com, Moderator Kevin (RedDragonV09) puts out a WARNING To Warranty and Insurance Policy Holders Going to the Track!

A few weeks went by and my friend calls me all pissed off. He says to me, “Dude, you were right! The [CENSORED] dealership sent me a letter telling my that they are voiding my entire drivetrain’s [CENSORED] warranty! And they got [CENSORED] pictures too man! My car is going down the track in this one!” I know that this happens, but honestly I was surprised that it actually happened. I was kind of sickened to hear this news. But no where near as sickened as my friend was. He was so [CENSORED] furious.

And to think that was the end of it. 2 days later, he got another letter from his insurance company, which was Geico, the same insurance company I used back then. They canceled his policy. He had to go to another company and get another policy almost immediatly because the next day his bank that financed his car called him and said that they were notified that the car did not currently have insurance and that they needed him to insure it and to have a copy of the policy faxed to them as soon as its insured or they will repossess the car if he doesnt comply in 30 days.

So, as a warning to all of you that go to the drag strip. If you have a warranty and would like to keep it, or if you just have an insurance policy and dont want to be caught on the track, take the 5 minutes to remove them before you go down the track and the 5 minutes to put them back on. And cover your VIN while youre at it.

And just because youve been to the track many times and youve never gotten the letter, doesnt mean it cant happen to you. I found this out on a local Nissan forum in Washington where a guy had went to Pacific Raceways in his new 350Z and they voided his warranty this way. His insurance didnt get canceled, but he warranty was GONE!

Personally, I feel that drag strips provide a regulated environment for drivers to test their vehicles off of public roads, but understand that it is the right of the automotive dealerships to cancel warranty coverage on vehicles that have been used outside of the scope of normal use. Tying back to Dave Winer’s issue with Comcast, it can be debated that he was using Comcast outside of its intended use. As he states in this post, Winer uses more bandwidth than the average internet user:

I figured out why I use so much more bandwidth than the average Internet user. I have five computers, all Macs, all sucking down FlickrFan pictures once an hour. That adds up to quite a few gigs. It would be easy to cut back. Not sure I will though, cause I hate to be lectured and threatened by companies I pay $180 per month to.

which is further backed up by this photo:

In one corner, you have a customer knowingly using a great amount of bandwidth and in the other corner a company that is sensitive about how customers use its bandwidth due to the regulatory and environmental risks they face from such usage. I will digress the question of who is “right” in this case to the myriad of conversations floating around on twitter. But to those individuals that are looking for more open and honest communication with companies, caveat emptor.

Banking in an internet cafe

It’s a typical Saturday in Philadelphia and I once again find myself sitting in my local ING Direct Cafe (”the Cafe”), a retail bank masquerading as a coffee shop and internet cafe. The Cafe caters to the coworking generation with its shared office space, cafe culture, and double-agent barista-tellers offering sage savings advice with your purchase. The front of the Cafe is mixed with round tables and plush chairs, and is peppered with families, students, and professionals sipping the afternoon away people watching. I am at the four-person granite bar where the mood is like my corner pub, with NASCAR on the high definition television above me and a nervous home buyer named Sandy sitting next to me. Sandy is taking advantage of the free wifi to make the final decisions for her purchase, and isn’t shy to share her story with the non-threatening internet nerd sitting next to her. The other two seats are now empty, but serve as a revolving door for patient patrons waiting to take advantage of the Cafe’s eight internet terminals.

Per ING Direct’s website, their approach to banking is backed by ING, a Dutch-origin global financial institution that offers banking, insurance and asset management to sixty-million customers. The Cafe is an excellent complement to ING Direct’s no-frills retail model, passing the savings from a limited bricks and mortar presence onto its customers through higher-than-normal returns on their various demand and long-term savings products. Additionally, the Cafe offers added value to its customers by making the typically mundane experience of retail banking more enjoyable. But while I have been sitting here, I have noticed that customers typically come for the food, beverages, and internet, and shy away from talking about ING Direct’s financial services. There are several possible reasons for this including a hesitancy for potential customers to discuss their personal finances in public, current customers taking advantage of the ING Direct’s self-service nature and handling issues at home, or that customers simply want the Cafe’s ancillary services and aren’t interested in an online retail bank. In my humble opinion, the Cafe should offer a private room where the employees may discuss their products privately with potential customers.

Overall, the ING Direct Cafe is a unique alternative to the traditional retail banking model, and offers several needed services for the urban customers that they serve.

01.02 | my day job

01.02 | my day job
Lets talk about how I can offer a wide range of financial services to the web community and why I dropped off the grid for a few months.

01.01 | a (re)introduction

01.01 | a (re)introduction
A jumbled mess of a video to get comfortable with speaking to a camera.

a (re)introduction

Are you thinking about purchasing your first investment property? Are you already an investor seeking to refinance your properties? Do you have a large-scale project in mind? Not sure where to start? I can point you in the right direction. Have no idea what LTV is? Go ahead and ask. I am here to help YOU. If you are looking for an independent analyst, you have come to the right place.
An Introduction

I started bootstrap | economist because I had a lot of ideas and I wanted to set them free on the web. I have been sharing parts of my life online for years, but this was my first time not hiding behind corporate firewalls and forum moderators. I had been keeping an offline journal for several months prior to starting bootstrap | economist, and realized that if I published my thoughts I would have an opportunity to help others and not just myself.

On the bus yesterday morning, I caught Michael Arrington’s notice that he was ranting on new media publishing politics.

And writing good content is only half the battle. You have to figure out the complex, dynamic web of politics between bloggers and mainstream media before you post to know where to get support. And you’ll need support in the form of links from other prominent bloggers. An early push can take a post and make it a headline on TechMeme, which leads to page views and notice by sponsors. But since blogging is almost by definition a conversation between bloggers, fights tend to break out over emotional issues. Cliques develop. Can you count on them to support you down the road?
- Michael Arrington, TechCrunch

I learned this lesson early on when Michael’s incredibly popular weblog, TechCrunch errantly credited me as the designer of FlashElementTD, an addictive web game I used to pass the slow days at work. When the story was published, I saw an immediate spike in traffic to my blog; which at the time was located at davidlitsky.com, and how quickly their posts were syndicated throughout the web. I subscribe to the Charles Foster Kane philosophy of “trying everything to see what works” and took an inch of a gesture and made myself an unwelcome guest by using their comment system as a soapbox for my perceived-to-be brash opinions. One of many mistakes that I chalk up to my entrepreneurial spirit.

But as I face new challenges in my career as a blogger with a full time job, I have recognized that I face different challenges than many of the other bloggers in this expansive social network. I am a financial risk manager for an east coast bank which provides me with an opportunity to meet numerous entrepreneurs across a wide range of industries, but because of regulation to protect our customers’ privacy, I choose not to speak about my experiences.

A few weeks ago, I re-read a May 2006 interview between then Risk Management Association (RMA) President and CEO Maury Hartigan, and RMA Board Member Bharat Masrani. At the time, Mr. Masrani was vice chair and chief risk officer of TD Bank Financial Group. In the interview, Mr. Masrani speaks about the risk of negative publicity which has the potential to cause a decline in the firm’s value, liquidity and customers. This risk; also known as reputational risk, is derived by all other risks that a firm identifies and manages including, but not limited to credit risk, market risk, operational risk, and regulatory & legal risk. When asked if there are any observable metrics or criteria in the area of reputational risk, Mr. Masrani responded:

My first answer is a simple one, and it’s a good test. Let’s say the bank undertakes a particular activity, in lending or management or in selling or manufacturing or trading a product. If that activity appeared on the front page of a business journal, would the bank be able to stand up and say, “You know what? I’m comfortable with that.” That’s what I would call the newspaper headline type of test. Am I going to be proud when this is announced? Am I going to be comfortable if this appears in print?

This particular quote reminded me of my eighteen (18) months as a risk manager for the Delta Rho chapter of the Alpha Epsilon Pi fraternity. A rewarding but thankless job, it was up to the risk management committee to identify and mitigate the high-risk behaviors of college-aged men that “just want to have a good time”. As an undergraduate student, most of us are self-absorbed and may not fully understand the consequences of our actions, and how they may negatively affect our organization.

But I digress. When I started blogging, I was appalled by what people were saying about members of their community. Although at the time it acceptable for me to use my words as inauspicious instruments, I chose to bite my tongue if I had nothing nice to say. This came off as creepy, weird, and fake to my friends that had brought me into the blogging community, but I felt that my reputation was more important to me than a few cheap links that would do very little to sustain the growth of my blog. I went against the grain, but as noted biographer and historian David McCullough says,

We need leaders, and not just political leaders. We need leaders in every field, in every institution, in all kinds of situations. We need to be educating our young people to be leaders. And unfortunately, that’s fallen out of fashion.