Where do you draw the line when putting your information online? Many people have gotten used to entering credit card and bank info online in order to pay bills and buy products. How about managing all your money?This question threw itself at me when I took a look at a new site called Mint, which was created to help people handle their finances. You enter information about your credit cards, bank accounts, and/or credit unions, and Mint parses your expenses for you. It lets you know how much you're spending on food, gas, and entertainment. It helps you create a budget. It sends you alerts about bills that are coming due, or bank balances that may be too low to cover this month's expenses (a service that alone would be worth its weight in keyboards -- how many times have you had to pay hefty overdraft fees?). And it helps you find better deals on credit cards and other financial services.
Sounds like a really cool idea, especially for those of us who are not particularly talented in minding our money. So what could possibly be wrong?
The folks who work at Mint obviously understand that they are dealing with their users' finances. Its Privacy and Security Policy statement is carefully and clearly written, and doesn't (as far as I could tell from a single reading) contain anything that would indicate that they would put any of my financial information in any unauthorized hands. Yes, they deal with third parties -- they've got to make their own money somehow -- but they say they will not give out any information without express permission. There is also a separate page entitled How Mint Keeps You Safe that promises privacy, safety, and security.
And yet -- when it came to signing up and trying it out, I balked.
The ironic thing is that I already do quite a bit of online bill-paying. My automobile insurance and my charge accounts, for example, are all paid via online transfers from a bank account to the vendor in question. Is it because Mint is a new and relatively untried company rather than an established, years-old vendor? If so, that wouldn't be terribly logical on my part -- many of the recent security breaches that we've read about in the news were committed by companies that are quite old enough to know better. A company like Mint, where the founders are well aware of the security issues of the Web, might actually be more secure than, say, AT&T (which is included on the list of security breaches kept by the Privacy Rights Clearinghouse).
Whatever the reason, I hope that Mint, and other online service organizations, can get past some of their potential users' qualms about the safety of their data. If they can assure their customers that they take data protection seriously -- and mean it -- then they can provide us with some important tools.