« Previous post
Next post »

October 7, 2007

Mint Rakes It In

Erick Schonfeld

86 comments »

picture-190.pngSince launching and winning the top spot at our TechCrunch40 conference three weeks ago, personal-finance startup Mint has been on a roll. On Friday, Mint was named Best of Show at the 2007 Financial Innovations conference (along with peer-to-peer lender Prosper and mortgage-finder Mortgagebot).

CEO Aaron Patzer reports to us that, in just the past three weeks, Mint has already helped organize more than $2 billion worth of people’s personal financial accounts, and identified more than $40 million in potential savings for those members. (Mint helps you find better interest rates on bank accounts, credit cards, and other financial products). Interest in the site spiked right after TC40. At one point, Mint was signing up a new member every five seconds. Not bad for a service from a previously-unknown startup that asks for access to all of your private financial data, including your bank and credit-card accounts.

Apparently, getting consumers to give up that level of privacy, has not been an issue so far. (The old axiom is true: people really will do anything to save a buck). Now comes the hard part. Getting all those people to keep coming back past the initial stage of curiosity.

Update: I asked Mint CEO Patzer for some more details on how many people are using Mint, and he responded with the following data. Keep in mind, this is only 18 days worth of data and thus should be treated as extremely preliminary (these are early adopters, so they may be more likely to embrace such a service and use it more often than a mainstream user):

—That $2 billion is spread across 50,000 registered users.
—About 70 percent (or 35,000) have come back more than once.
—Those who have been in the system at least a week (including beta testers), visit Mint.com 2-3 times a week.
—About 10 percent (or 5,000) come to the site every day.
—And 10 percent have signed up for mobile alerts.

(See also his comments below about the lengths Mint goes to secure customer data).

  • Sphere It

This entry was posted on Sunday, October 7th, 2007 at 1:01 pm and is filed under Company & Product Profiles. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Trackbacks/Pings (Trackback URL)

  1. The Savvy Boomer

    October 7th, 2007 at 11:22 pm

  2. The Personal Finance Weblog

    October 9th, 2007 at 12:20 pm

  3. Mint Myths Debunked — Broke Grad Student

    December 12th, 2007 at 5:48 am

  4. Some people clearly like the smell of Mint « The thing about useful stuff is

    March 8th, 2008 at 10:47 pm

  5. WinExtra » The browser platform - a security nightmare

    May 10th, 2008 at 6:37 pm

Comments

RSS feed for comments on this post.

  1. rfre

    October 7th, 2007 at 2:35 pm

    You’re right, getting people to come back past the initial stage of curiosity will be the hardest part. I signed up thinking it was a cool service, now I haven’t logged in since a week ago. I only have one bank account and two credit cards, so I didn’t find it that useful. It was nice to see the breakdown of how I am spending my money though. I might check back periodically just to see that.

  2. Rajuthan

    October 7th, 2007 at 2:36 pm

    I cant believe people give up all their banking info still

    http://www.rajuthan.com/

  3. Gabe

    October 7th, 2007 at 2:38 pm

    Well, there are a couple hundred individuals who singlehandedly could enable Mint to reach that milestone. My guess is that Oprah Winfrey ($2.5 billion net worth via Forbes 400) signed up.

  4. Noah

    October 7th, 2007 at 2:53 pm

    I signed up to try the service, but, since I only have a few credit cards and bank accounts, I decided it wasn’t that useful for me.

    As I had shared a lot of information, I decided it would be better to delete my account rather than let it linger. I spent about ten minutes looking all over their site, and I found that it is not possible to delete one’s account.

    I emailed their customer service department 5 times, and, after about a week, they deleted my account (or so they say…). Apparently the process took so long because they had to do it “manually”.

    For a service that requires such sensitive information, it is pretty damn irresponsible, even sleazy, to make it so difficult to delete one’s account. I definitely wouldn’t recommend them after this experience.

  5. Lance

    October 7th, 2007 at 3:14 pm

    I think 99% of people probably just don’t understand why it’s a bad idea to give their financial details to a website with no real history or reputation - they figure if it looks professionally designed, then it *must* be a reputable organisation.

  6. Em

    October 7th, 2007 at 3:20 pm

    Hope they blow crap Wesebe out the door.

  7. phenom

    October 7th, 2007 at 3:40 pm

    aren’t people worried about their most confidential data
    http://vidsonly.blogspot.com

  8. Tony

    October 7th, 2007 at 3:43 pm

    Lets hope they’re hacker-proof.

  9. Allen Stern

    October 7th, 2007 at 3:49 pm

    Great point Gabe - in fact, if the vc team behind mint use the system (they trust it right?), then they could hit that mark as well.

    What Erick fails to mention is how many “takes” or “spiffs” has Mint received from those supposed $40 million in savings nor how many users actually even click to view the offers. My bet is still that the offers will move to the front page within 6mos-1yr.

    #5 Lance - you are correct as well.

    I would still love to see a voting matrix of which panelists picked which startup at tc40 - would help me with research about the various companies.

  10. Stephen Lev

    October 7th, 2007 at 4:05 pm

    They might be a hit in presentation/demo market but no one is signing up to USE their service. Their service is just too scary in today’s hacker-feared market. Phishing, hacking, etc has instilled a lot of fear in people. Mint came at a bad time :(

  11. Björn Wilmsmann

    October 7th, 2007 at 4:07 pm

    Except for the privacy concerns the business idea actually is quite awesome. A service aggregating and analysing one’s financial transactions is a real killer. However, the privacy concerns outweigh those benefits by far.
    Even if you are gullible enough to entrust your most personal information to that company, how can you be sure some evil-minded crackers don’t steal your data? Mint claims to have as high a security level as your favourite online banking service. Sure, a startup claiming to have established security standards equalling those of corporate-size banks who spend millions per year in order to secure their servers and even then don’t always succeed…
    Apart from that, has anyone ever thought about that if Mint comes to aggregate a critical amount of data, intelligences services (or Inland Revenue, respectively IRS for that matter) will show some interest in this service as well?

  12. Steve Ballmer

    October 7th, 2007 at 4:12 pm

    This one is a little toooo dangerous for me to buy into, it’s a hacker’s dream!

  13. francine hardaway

    October 7th, 2007 at 4:46 pm

    I signed in and I think it is really a neat piece of software. Ease of use goes a long way with me, as does convenience and good information.

    Quite frankly, my info got hacked on eTrade, so no one is exempt. But Mint sends me an email once a week telling me what I’ve spent and when my bills are due. I have three bank accounts and four credit cards, so I find this useful. Would be more useful if I could dump my brokerage data into it, too. Before it, I used Quicken or Quickbooks — both are hackable, too.

  14. james dean

    October 7th, 2007 at 4:51 pm

    Not everyone is jumping for joy over Mint.com:

    http://www.nobosh.com/Article/.....fe%3F/712/

  15. Gopi

    October 7th, 2007 at 4:53 pm

    Instead of a web based they should deliver the service thro a client download (keeping all the data locally & offcourse encrypted). This would eliminate most of the hacker problems.

  16. Aaron

    October 7th, 2007 at 4:55 pm

    #4 Noah

    We’re setup to purge all accounts and transaction data from any user who requests to do so in about 24 hours (right now it’s a batch process). Within a week or so, you’ll be able to do it live.

    Aaron

  17. Aaron

    October 7th, 2007 at 5:03 pm

    To all those who are concerned over Mint.com security, a few points:
    1) You’re anonymous on Mint.com
    2) Our security is independently verified
    3) Email & text-message alerts help identify fraud immediately…and being proactive is the best measure.

    I’ll make a bold statement: You’re safer on Mint then with online banking. On Mint, you’re completely anonymous. We never ask for a name, address, or SSN - just an email. We know about your finances…but not about you. We’re also independently verified by Verisign, TrustE, and several outside agencies.

    We also have serious physical security. Our servers are in a secure, unmarked facility. To get in, you need to pass 3 biometric scanners, 4 locked doors, and several guards. We have our own cage so we’re physically separated from all other companies. Cameras monitor our servers and power supplies 24/7. The servers themselves have additional locks. The hard drives are encrypted. It’s like Mission Impossible (except without the electrified floors…maybe one day).

    Perhaps more interestingly, 90% of all fraud actually occurs offline, not online (e.g. someone swipes your card at a restaurant or from your mail). Because Mint sends proactive alerts for low-balance or unusually high spending, you’ll know right away. It’s better than logging into 4-5 different banks every day, or waiting 30 days for a paper statement before finding that something went wrong.

    Aaron Patzer
    Founder & CEO, Mint.com

  18. Noah

    October 7th, 2007 at 5:23 pm

    @ Aaron

    What possessed you not include the ability to delete one’s account in the initial version of the site? It’s an omission that is either incredibly stupid, or fairly evil.

  19. Chris

    October 7th, 2007 at 5:50 pm

    I tried Mint, but since my bank not only has a number and password, but also two questions post-login, I was not able to able to add my bank info. Without the ability to add my accounts, not to mention overseas accounts, (not many mind you!), this is a fairly limited service. Great idea, but I’ll check back later once some essentials are in place.

    Chris

  20. Chris

    October 7th, 2007 at 5:52 pm

    uh…well, I see that the post-login questions have been added…so, just the o’seas and I am good.

    Thanks!

  21. Sprezzatura

    October 7th, 2007 at 6:12 pm

    It’s utterly disingenuous to say that you are anonymous when your finances are not.

    If login information for a financial account is compromised, you can pull any data Mint does not retain from the compromised account. End of anonymity.

  22. mike

    October 7th, 2007 at 6:42 pm

    but the name…

    http://haveamint.com/ immediately jumped into my mind..

  23. Aaron

    October 7th, 2007 at 6:53 pm

    @ Sprezzatura

    Mint.com knows about your finances but does not know anything about who you are as a person. We don’t collect your name, address, or SSN. Just an email and a zip code (the zip code aids in categorization). If you’re truly concerned, use an email that does not contain your name.

    Aaron Patzer
    Founder & CEO, Mint.com

  24. cweeb

    October 7th, 2007 at 6:54 pm

    What the hell does anonymous have to do with anything ? If your hacked, and I learn your username, password, and mfa credentials to all of your bank accounts, then please explain to me why being anonymous matters one wit ?

  25. cweeb

    October 7th, 2007 at 6:58 pm

    A bold statement ? “safer than online banking” How about a dumb statement.

    Banks have been regulated/forced to provide multi factor authentication. You all are busy subverting MFA via screen scraping. Yip yip, awesome.

    As for all the physical security whoha, any hosting center worth a salt has a list like this, so whoop dee do.

    And then after telling us how great you are, you do a head fake with the 90% of fraud occurs offline stat, definitely true, but we’re talking about online here. Are you trying say that online fraud/hacking is not that big a deal? Tell that to TJMax.

  26. cweeb

    October 7th, 2007 at 6:59 pm

    Where’s a top 10 dumb security statement list when you need one.

    Hey, just use an email that does not contain your name.

  27. Aaron

    October 7th, 2007 at 7:00 pm

    @ Chris

    Yes, for banks requiring two-factor authentication, you will see additional security questions. In the beginning we did not always pass those through. Now that we do, you can link to just about any bank.

    For an additional security measure, we’re working with banks to pass through the custom pictures sometimes associated with two-factor authentication. That should be available sometime next year.

    As for international support, it’s on the roadmap…but after investments, student loans, mortgages and a few other features.

    If any of you out there know the financial systems, regulations, and infrastructure in Europe and would like to help us accelerate there, drop me a note.

    Aaron Patzer
    Founder & CEO, Mint.com

  28. Anatoly

    October 7th, 2007 at 7:01 pm

    @Aaron, I dont understand the anonymity thing. The bank account has the individuals name, email, address, etc. So by having access to the bank account, Mint has access to non-anonymous infomration as well.

  29. Fake Dave McClure

    October 7th, 2007 at 7:04 pm

    Ya’ll worry too much.

  30. Wade M

    October 7th, 2007 at 7:05 pm

    Hi Aaron,

    It’s very reassuring to see a company have external audits. What do you me by “Security”?

    You’ve rattled off a lot of physical security measures, which are the least likely to be compromised. The most obvious attacks take place over the network and application.

    What’s your password complexity?
    How many invalid attempts can a user have in a certain period?
    What’s your application coding like? Is there a secure application lifecycle?
    Do you have IDS/IDP’s or Application Firewalls(Cisco ACS), stopping bogus queries?
    What’s your Denial-of-Service Mitigation like? If the service takes off, that bad guys will DOS you.
    What’s your application logging like?
    What’s your sever access like? 2 factor auth for local access?

    Companies like Google every few weeks are getting caught out by XSS and application holes. I find it hard to believe your “Security” is secure.

    Also of course you want the big companies to tell you your secure, the less they rock the boat, the happier you are. There’s a fairly big trend for the large guys to find nothing, but those in the know, the boutique companies like Security-Assessment.com to find 50+ holes where “the big guys” find nothing.

    Food for thought.

    –Wade

  31. Aaron

    October 7th, 2007 at 7:14 pm

    @ Anatoly

    We have a read-only connection to the banks which does not pull in your name, address, etc. It doesn’t exist on our servers.

    For that matter, neither do your bank user names and passwords. Mint.com uses Yodlee for account aggregation. Yodlee is the back-end piping that connects all the banks, credit cards, and brokerages together. They’ve been around for about a decade, and are used by Bank of America, Fidelity, Microsoft Money, and Mint.com to provide the raw transactions and balances. They’ve never had a major security breach, and with clients like BofA, Fidelity, Charles Schwab, and HSBC, they’re audited all the time.

    So are we. Not just by Verisign and TrustE. Mint.com works with Cryptography Research (www.cryptography.com) for security and network architecture…CRI’s Paul Kocher invented SSL 3.0 btw. We’ve also hired a number of “white knight” hackers to attempt system penetration. They have been unable to access user data. We also check the system routinely for SQL injection, cross-site scripting, and open-port attacks.

    Also, keep in mind our VP of Engineering, David Michaels, ran PGP’s secure email product for 5 years, Java server security at Sun, and financial services at ShockMarket. We designed Mint.com for security from the ground up.

    Aaron Patzer
    Founder & CEO, Mint.com

  32. Allen Stern

    October 7th, 2007 at 7:17 pm

    Having built the first Citibank online credit card processing system and a former Fortune 100 auditor I know a bit about this stuff.

    My first question for Aaron is:

    How many of the banks and other financial institutions have you spoken with regarding security? What I mean is this: when your system is hacked, and I go to xyz bank and tell them that $xx has been stolen, they will ask me for the details. When I explain that I am using a 3rd party system which I gave my userid/pwd to, will they still help me with my claim or will they insist that I deal with you since I provided my details to you?

    Especially since your terms clearly state that you are acting as my agent.

  33. MikeW

    October 7th, 2007 at 7:21 pm

    Interesting that a person’s bank balance is high-up on the list of things they likely check very regularly (especially small business owners who need to know what checks have cleared).

    Not unlike mail. Could be a very-frequently used app.

  34. Allen Stern

    October 7th, 2007 at 7:26 pm

    Some of the questions asked to get ING setup in Mint:
    – Customer Number
    – Login PIN
    – your Social Security Number
    – Four digit year of your birth date
    – your mailing address zip code
    – Four digit month and day of your birth
    (and I saw your msg about ING and the difficulty - but how many of your customers fill in everything?)

  35. MikeW

    October 7th, 2007 at 7:27 pm

    And BTW - sure, security is important, but the illusion of security is enough for most people who basically don’t care enough to look under any hood.

  36. John W.

    October 7th, 2007 at 7:27 pm

    The number one thing to realize about Mint is that their business model is disingenuous and flawed. It’s a company built for the advertisers, not the users. To that end they have provided some nifty pie charts (quite possibly the worst of all types of charts) and some annoying auto-categorization all in the name of getting you to give them access to your financial transactions. All of this is built on top of a privace policy and terms of service that are about as ironclad as a bowl of jello. Moreover the whole idea that they go to Yodlee who fetches 2 or more day old financial data is rediculous and will be over in about 12 months. That’s when banks will basically change the rediculous model of Yodlee-like companies that scrape data to what consumers really want: You go to your online bank account, tell them you want your OFX data sent to this URL every 12 hours or whenever there is activity. You give them a url and a login for the receiving url and vioala–your data is sent where you want, safely, without giving out your online banking password. This will make all kinds of companies that can create better software than mint (oh, it IS awful, this mint) and the consumer will have the power to determine where it goes. So what if you pay $1.00 a month for the privilige—it’s a great model for the consumer and the banks (or any company that wants to deliver statements) and then say goodbye to mint! Plus the Mint killer is coming in November…. I’ve seen it and it’s amazing! It’s WAY more powerful and WAY cooler…

  37. 5Tacos

    October 7th, 2007 at 7:32 pm

    Aaron,

    I’ve heard, visited and researched Mint’s website, which makes me a potential customer. I won’t lie, I have my questions about the security but I’ve held off deciding until I hear more about the company.

    As a TC reader(thanks mike), , I get the chance to research Mint again only this time, the Mint blog responses are seemingly a back and forth session between Mint and the TC audience, over layers of security within Mint.com.

    I’m not sure if you’ve hired a marketing person yet, you probably should.

    One of the first things you don’t do in with your market, is get defensive about your product. Whether your choosing to argue or not, it seems that way to me and because of this, now I think Mint really isn’t SECURE.

    Make a “statement” about the level of your security (and here is where you make the “BOLD” statement) and then get your butt going on how to show your customers that Mint’s SECURITY is bar none.

    Everyone remembers the famous Colonel Jessup speech in A Few Good Men but for th above conversation, it also bears another great comment:

    Lt. Weinberg: “I strenuously object?” Is that how it works? Hm? “Objection.” “Overruled.” “Oh, no, no, no. No, I STRENUOUSLY object.” “Oh. Well, if you strenuously object then I should take some time to reconsider.” (courtesy of http://www.imdb.com)

    Stop arguing and start proving “MY” personal financial information is “SAFE”!

  38. Ryan

    October 7th, 2007 at 8:00 pm

    Hey, maybe Mint and Sleep.FM - The Social Alarm Clock could cross market.

    Be awakened to audio messages pertaining to your financial details on Mint

    “Wake up, wake up…I’m sorry to say but your broke, you really need to get up and go to work!”

    LoL

  39. PJ Brunet

    October 7th, 2007 at 8:07 pm

    I see Mint getting more powerful, in a way I like that my bank sees Mint checking my account, this tells my bank we (all Mint users) will take our business where we find the best deal.

    “Mint uses Yodlee to connect to your financial institutions. This is the same back-end aggregation system used by Bank of America, Fidelity, and Microsoft Money. Yodlee’s security practices have been audited by the NSA, Visa, Mastercard, and numerous major banks.”

    I’ll guess my bank knows about “Yodlee” and hopefully doesn’t allow it to skim too much info. But this tells me the banks need to offer multiple access levels of online banking as web tools become more popular/useful/powerful.

  40. Allen Stern

    October 7th, 2007 at 8:07 pm

    Ryan - that was the funniest thing I have heard all day!

    “You just made a buttload of cash on the google stock, sleep in another hour”

    or

    “You are a blogger - you aren’t allowed to sleep”

    thanks for the funny!

  41. David Litsky

    October 7th, 2007 at 8:13 pm

    @Aaron (17)
    This is a progressive idea, but ultimately your service will be a predecessor to similar services that are offered by the country’s banking institutions. IMHO, Mint is targeting the middle/upper middle class market, who have shown interest in products such as theirs by using online banks such as ING. While refreshing that the CEO of an unknown web startup can come onto an open web forum to talk about security, but the problem of being an “unknown brand” will linger in the head of the consumer.

    “I’ll make a bold statement: You’re safer on Mint then with online banking. On Mint, you’re completely anonymous. We never ask for a name, address, or SSN - just an email. We know about your finances…but not about you. We’re also independently verified by Verisign, TrustE, and several outside agencies.”
    Aaron Patzer
    Founder & CEO, Mint.com

    The success of Mint and Wesabe in the tech community demonstrates a need for consolidation of a personal finances, but your target market is afraid of you. They have no idea who you are and why they should trust you. In Mint’s case, we are “anonymous” but they have sensitive data that is being shared with outside companies. It is difficult for us to trust a company whose revenue generation model is to disclose that data to advertisers.

    @techcrunch
    Instead of using Mint, I am going to use Virtual Private Bank (http://virtualprivatebank.com) which is a free service offered by Commerce Bank (http://commerceonline.com). - -To be transparent, I am an employee of the Bank.- - Virtual Private Bank (VPB) is the finished product in a market that Mint has just entered, and includes the following features:

    * A comprehensive view of all financial information in one place, no matter where that financial information is held.
    * Access to your complete financial information 24/7 from anywhere with an Internet connection.
    * Access to numerous reports and calculators to enable you to get a better understanding of your financial picture.
    * The Vault, which acts like an online safe deposit box, gives you one safe place to scan and store personal and private information.
    * Tracking of frequent flyer miles and rewards points in one place plus set alerts to receive a notification when redemption levels are reached.

    As a nationally regulated financial institution, data privacy is a top priority. Below is an excerpt on security from the FAQ:

    “What security is in place to protect my data on Virtual Private Bank?

    VPB is a non-transactionable system, no money moves in or out of VPB.
    VPB has numerous security features to ensure your data is secure including:
    * Firewalls
    * Watchfire’s AppScan Technology
    * Certified Hackersafe
    * 128 bit encryption
    * 24/7 monitoring
    When you log on for the first time, you will be asked a Security Question. The security response is used to validate your identity in the event of a forgotten password.

    All data is stored at SunGard Data Systems, the most secure facility available in the industry and the home to data from the 500 largest companies in the country.

    You can view the Security video (https://virtualprivatebank.com/learnmore.htm) for more information on the system’s security.”

    With Mint’s market covered by regulated financial institutions, there are three other “markets” available: high net worth, subprime, and consumer. The first two markets are outliers, the former because they have professionals managing their money, and the latter because financial tracking is not a primary concern. That leaves the consumer market as a prime target because they are not skeptical of new technology, and tend to “embrace the chaos”.

    What surprises me is that with all the talk of personal financial aggregation, Geezeo and their iWant Facebook application have slid under the radar. Geezeo started as a simple concept: check your account balances through SMS, 24/7. Their service takes advantage of a simple technology available to most people in their target market (non-skeptical consumers), and they employ college students (a significant portion of their market) to help build brand recognition. For Security Geezeo uses CashEdge, who provides services to large financial institutions including Bank of America, Citibank, HSBC, Wachovia, and Royal Bank of Canada.

    Geezeo has expanded its service to offer features similar to their competitors including a blog, discussion groups, and categorization of transactions, but was first to take the next step and build a Facebook application. iWant helps users set goals, recruit donations, and monitor their banking accounts setting Geezeo apart because they have created an intuitive application that is easily accessible to 40 million+ consumers.

    “Your premium brand had better be delivering something special, or it’s not going to get the business.”
    - Warren Buffett

    With a number of competitors, the only thing special about Mint is its vanity.

  42. Ryan

    October 7th, 2007 at 9:19 pm

    Thanks, Allen

    There is a ton of cross promotional Sleep.FM plans on doing. Stuff that is very amusing, but at the same time useful!

    Hmmm, Im going to write a list….. LoL

  43. dave mcclure

    October 7th, 2007 at 9:42 pm

    [disclosure: i'm an investor in / advisor for Mint]

    fyi, the back-end service Mint is using for account aggregation is Yodlee, which is also used by a few well-known financial services & banks such as Ameriprise Financial, AOL, Bank of America, Fidelity, JPMorgan Chase, Merrill Lynch, and Microsoft.

    i also wonder if all of you folks in the comments are as concerned & as inquisitive about your local banks and medical institutions, which have just as much if not more access to sensitive data, and probably much more lax security procedures than Yodlee or Mint.

    however, all security concerns aside, my alter ego #29 FDM took the words right out of my mouth. security is a feature, but it’s not the only feature. and for many users of Mint who don’t have a lot of money — indeed, who might be a single mom with 2 kids — saving money on bills & having a better handle on how they spend their finances might be a helluva lot more important than biometric security measures & two-factor authentication. she’s probably a lot more concerned with how to save $1000 in the next 6 months that she can spend on new clothes, a bike for the kids, and maybe trying to pay off some credit card bills.

    Allen: no disrespect, but the guy who built the first Citibank online credit card processing system isn’t exactly the target user for Mint. we hope you find it useful, but if it doesn’t meet your security requirements, then by all means don’t use it.

    meanwhile, there are plenty of busy people out there who could use a better way for them to track their finances, help them save some money, and remind them when they need to pay a bill to avoid late fees.

    while those folks are concerned about security too, we’re pretty confident we’ve done our homework to provide them a high level of assurance their information is being handled responsibly.

    just my .02,

    - dave mcclure
    http://500hats.typepad.com

  44. former NC beauty queen

    October 7th, 2007 at 9:49 pm

    I’m pretty sure that using a service like Mint, where I hand over my account number and password to a third party, would break the terms of my bank’s online access agreement. As such, my bank would not be responsible for any fraud in my account and I would stand to lose a lot of money. Not something I would want to risk.

    And Aaron, what you are missing re: anonymity is that once a hacker has some anonymous account numbers and passwords, they can log into the bank’s site and get the name, address, SSN etc.

  45. former NC beauty queen

    October 7th, 2007 at 9:53 pm

    dave mcclure wrote: i also wonder if all of you folks in the comments are as concerned & as inquisitive about your local banks

    I’m concerned about the security of my bank but the big difference is, if my bank has a breach, they are responsible for fraud in my account. If I give away my account and password, I’m responsible. Check your bank’s service agreements!

  46. Speechless

    October 7th, 2007 at 10:22 pm

    I like FBI website. What if Mint.com went bankruptcy and stole your account for health care purpose what would you do?

    Ohhh…. So, busted….

    Avoiding Credit Card Fraud:

    * Don’t give out your credit card number(s) online unless the site is a secure and reputable site. Sometimes a tiny icon of a padlock appears to symbolize a higher level of security to transmit data. This icon is not a guarantee of a secure site, but might provide you some assurance.
    * Don’t trust a site just because it claims to be secure.
    * Before using the site, check out the security/encryption software it uses.
    * Make sure you are purchasing merchandise from a reputable source.
    * Do your homework on the individual or company to ensure that they are legitimate.
    * Try to obtain a physical address rather than merely a post office box and a phone number, call the seller to see if the number is correct and working.
    * Send them e-mail to see if they have an active e-mail address and be wary of sellers who use free e-mail services where a credit card wasn’t required to open the account.
    * Consider not purchasing from sellers who won’t provide you with this type of information.
    * Check with the Better Business Bureau from the seller’s area.
    * Check out other web sites regarding this person/company.
    * Don’t judge a person/company by their web site.
    * Be cautious when responding to special offers (especially through unsolicited e-mail).
    * Be cautious when dealing with individuals/companies from outside your own country.
    * The safest way to purchase items via the Internet is by credit card because you can often dispute the charges if something is wrong.
    * Make sure the transaction is secure when you electronically send your credit card numbers.
    * You should also keep a list of all your credit cards and account information along with the card issuer’s contact information. If anything looks suspicious or you lose your credit card(s) you should contact the card issuer immediately.

    I saw Lifelock on TC. Now, Lifelock founder quits….

  47. Lateefx

    October 7th, 2007 at 10:39 pm

    Gosh…if T.C. users were the target market Mint would be at the gallows. But since it isn’t, perhaps they do have the chance to target not only single moms (as Dave McClure suggested) but most middle class households. The graphic representations of your cash flow and ease-of-use rivals that of the latest Quicken software for personal finance.

    Security, however, is crucial - DUH! And the CEO’s responses sounded a bit scripted.

    Nevertheless, like it or not, the internet will house ALL of your financial data and everything else about you SOONER OR LATER…and many financial institutions like Bank of America provide customers with not only increased Fraud Protection and Security features for Online transactions, but also Fraud/Identity Theft Resolution where they reimburse stolen funds.

    Don’t get stuck on the SSN issue….your SSN is Already Everywhere on the net and most ‘techies’ can tell you how to find anyone’s SSN.

    Besides, trans

  48. Mint is very scary product.

    October 7th, 2007 at 10:42 pm

    You know….

    This great country still fighting war on terrorism, counterfeits money, drugs, and anything illegal. What if Mint.com’s information accidentally ship to axis of evil, Columbia drug lord, terror funding groups, telemarketing groups, and bad guys?

  49. Steve

    October 7th, 2007 at 10:45 pm

    Aaron, it is great to see you on the thread. This is a big improvement from last time. And, I always respect Dave’s comments, even though some might argue that he is saying there are more important features at Mint besides security. Obviously, he didn’t mean that or that a mom with 2 kids wasn’t smart enough to care.

    I am wondering, though, why no one from Mint will answer Allen’s question about fraud protection. It was posed over and over after TC 40 here and on other blogs. A straight answer (even if it is “we are working on agreements with banks to cover you in the future”) would go a long way toward building trust. I can understand sidestepping Wade’s points, although I think that these should be answered too on your site, but you can’t keep dodging Allen or the beauty queen.

  50. Stephen Lev

    October 7th, 2007 at 10:51 pm

    Mint’s business model is: spam you with customized offers. They look at your bank statements, find your weak spot and exploit it for the benefit of their real customers: service companies.

  51. Steve Ballmer

    October 7th, 2007 at 10:59 pm

    “The number one thing to realize about Mint is that their business model is disingenuous and flawed. It’s a company built for the advertisers, not the users. To that end they have provided some nifty pie charts (quite possibly the worst of all types of charts) and some annoying auto-categorization all in the name of getting you to give them access to your financial transactions.”

    Yeah! What he said!
    http://fakesteveballmer.blogspot.com

  52. Mom is correct!!

    October 7th, 2007 at 11:09 pm

    Any dumbasses here sign up MINT.COM?

    Oh man…. Have you heard of IRS tax?
    Wake up and smell the coffee. Use your mother’s common sense — Never give out information to any quality startup that isn’t FDIC & bank approval. Your mom will tell you… I don’t care MINT had super secure code. It’s just word…

    I feel sorry for people who sign up that product. It will not help you get rich or make you feel rich.

  53. Mom is correct!!

    October 7th, 2007 at 11:21 pm

    Also, my mom said, “When you become billionaire or millionaire entrepreneur.
    I think you should watch Firewall or Ransom movie. It can happen to anyone in real life.”

  54. Mo Kakwan

    October 7th, 2007 at 11:35 pm

    I’d love to use the site, but I do want to see the answer to the question that Allen (#32) is asking before I go anywhere near sign up.

  55. Jimbo

    October 8th, 2007 at 12:23 am

    No one can hack me on Mint.com — I’ve got norton!

  56. Json

    October 8th, 2007 at 3:38 am

    I suspect that the more scrutiny Mint gets over security, the more apt they are to get hacked–if only to prove a point.

  57. Allen Stern

    October 8th, 2007 at 3:48 am

    Dave- I appreciate you replying to me by saying I am not the target user and ignoring my question (as it appears Aaron has).

    Also interesting to learn that you are an advisor and investor in Mint. Good luck with the graphing social conference that tc (and others) are sponsoring this week!

  58. dweezel

    October 8th, 2007 at 5:54 am

    @Dave McClure
    It doesn’t matter how secure Mint is, if your target market doesn’t trust you, you won’t get very far. Why will Joe Customer use Mint versus a product offered by their bank? Targeted advertising to save money? Word on the street is that your targeted advertising isn’t very accurate…

  59. ContextWeb Blog

    October 8th, 2007 at 6:07 am

    Aaron,

    I enjoy your company’s product (success = server crashing with first big PR blast) and look forward to future innovations from you all.

    John

  60. Alan

    October 8th, 2007 at 7:14 am

    The $40M in identified savings is inflated - it recommended that I sign up with Verizon FIOS (great! oh, right, that’s not available in my area), Time Warner triple play for $99 to save on my phone/internet/cable - ok, so I already have Time Warner, and that price means I need to give up HD, DVR, HBO, and other channels. Last it recommended I sign up for a different Amex card than the one I have, but it was a wash, no savings.

    Anyway, good service, something I’ve been waiting for, but I’m still going between wesabe, yodlee, mint, and geezeo to see if any can really replace MS Money for me. So far I’m spending most of my time in wesabe.

  61. TDavid

    October 8th, 2007 at 7:22 am

    All this talk about security is meaningless if there is insurance in place if something bad does happen with a third party vendor and client’s accounts. Mint is the one acting as an “agent” therefore they should be fiscally responsible for the money.

    I’d like to see Mint step up to the plate and offer an insurance policy to any member who is a victim of Mint fraud/theft/hacking and loses money for every penny lost. Not a limited FDIC $100,000 but the full amount of the money, whatever is in the hacked account.

    Lloyds of London would probably take that risk, albeit at an expensive premium for Mint. If they are serious about their business and the level of protection they are affording their clients, this should not be an unreasonable request.

    Therefore the question is: has anybody at Mint looked into providing this type of insurance policy?

  62. Damien M.

    October 8th, 2007 at 7:35 am

    @Aaron
    Thank you Aaron for taking the time to respond here.

    I signed up immediately because I’m very bad at tracking my finances. And then I read some more comments about the dangers of putting this account information through the website. So then I was wondering if I had made a mistake.

    Thanks for helping to alleviate at least some of those fears.

    And the people here complaining about the offers and being for companies and not the user? They haven’t emailed me or anything, and it’s just put at the bottom of the screen. If that’s what they need to do to offer this service for free, I’m fine with that.

  63. Bob

    October 8th, 2007 at 8:52 am

    So to summarize Aaron and Dave, Mint’s target audience is people who don’t care a lot about security and it’s plenty secure enough for them. And no answers about the difficulty of deleting your account from Mint or if your bank will still cover you for fraud if you use Mint. Very reassuring. Please do yourselves a favor guys and hire someone less glib to do your PR. You’re not winning many people over with your answers.

  64. Steve

    October 8th, 2007 at 9:50 am

    Speaking of PR, does anyone know who Mint uses? Granted, they aren’t handling the comment backlash well (here, Consumerist, the first TC post), but 1) I don’t think that is their fault and 2) the story placement, awards, etc have been amazing.

    I’m guessing that Mint is paying them a small fortune, but they seem to be worth it. This is the best marketing for a poor product I’ve seen since Spock.

  65. Anatoly

    October 8th, 2007 at 10:06 am

    @Aaron, I dont think you understood what I meant. You may have a read only connection via Yodlee, but its the same username and password that I use to access my bank.

    The point remains that if someone got a hold of my username and password from hacking into mint/social engineering/disgruntled employee etc., they could easily withdraw money, and there would be nothing I could do about it after the fact.

    In the case of a bank hack, the bank would be liable for the money..

  66. Aaron

    October 8th, 2007 at 10:08 am

    @TDavid, former NC beauty queen

    By law you have:
    - $0 liability for credit card fraud,
    - $50 liability for bank fraud (if you notify your bank within two days)

    Again, 90% of all fraud starts offline (http://www.informationweek.com/windows/showArticle.jhtml?articleID=178600217), for example when someone takes your credit card at a restaurant, or digs through your mail. Sadly, a large portion of fraud is actually committed by friends and family members.

    Mint.com helps keep you safe by providing email and text-message alerts for:
    - Low balances (e.g. someone is draining your account)
    - Unusual spending (e.g. someone buys $1000 in electronics in a day)
    - Low available credit

    If there are any anomalies, Mint.com shows you right away. The alternative is to a) login to every single credit card, checking, and savings account every day to check for fraud, or b) wait 30 days until a paper statement arrives before noticing an issue.

    By taking a proactive approach, Mint.com actually helps protect you from the vast majority of fraud - better than just about any website out there.

    Aaron Patzer
    Founder & CEO, Mint.com

  67. Aaron

    October 8th, 2007 at 10:23 am

    Concerning whether using Mint.com violates your bank terms & conditions:

    Consider that Quicken and Microsoft Money ask you for the exact same credentials as Mint.com, and have been for the past 10 years. MS Money even uses Yodlee to make it’s connection to banks (same as Mint.com, BofA, and Fidelity).

    The problem with those tools is they cost $30-$80, sunset their products every 2-3 years to force an upgrade, require an hour to setup, and take an hour a week to maintain.

    Mint is like an extension to online banking: pull all your accounts together in one place, finally see where your money goes, get alerts on anything out of whack, and find savings opportunities worth an average of $1,000/user.

    Aaron Patzer
    Founder & CEO, Mint.com

  68. Astroturf

    October 8th, 2007 at 10:49 am

    I use yodlee, and though it isn’t great, it is what i have set up. I wish mint were around when i set yodlee up. I don’t have anything worth stealing anyway :)

    btw, can you guys tell us one more time about how you use yodlee and what other companies use their service as well? It isn’t clear yet. Does BofA use yodlee?

  69. phil

    October 8th, 2007 at 1:50 pm

    “We have a read-only connection to the banks which does not pull in your name, address, etc. It doesn’t exist on our servers.

    For that matter, neither do your bank user names and passwords. Mint.com uses Yodlee for account aggregation. Yodlee is the back-end piping that connects all the banks, credit cards, and brokerages together. ”

    So where are the user names/passwords stored? Yodlee? They have to be stored SOMEWHERE… and

  70. David Litsky

    October 8th, 2007 at 3:20 pm

    “Again, 90% of all fraud starts offline (http://www.informationweek.com/windows/showArticle.jhtml?articleID=178600217), for example when someone takes your credit card at a restaurant, or digs through your mail. Sadly, a large portion of fraud is actually committed by friends and family members.”
    Also, at every level that someone touches your financial information, fraud can occur. I am curious how advertisers see our personal financial information in order to offer us services that will save us money. Even with the good press from TC40 and Finovate, you have an uphill battle and I wish you luck.

    I still maintain that if given an opportunity to choose between Mint and a service offered by their financial institution, customers are more likely to choose the latter. At their bank, they don’t have to worry about their financial information being used by third parties.

  71. Allen Stern

    October 8th, 2007 at 3:41 pm

    Aaron - thanks for not answering my question :)

    And fyi - Quicken/Money allow me to import my data which is something you do not so it’s not the same.

    Maybe we can do an interview on CN Aaron where we can get to the bottom of some of the issues raised here.

  72. willy

    October 8th, 2007 at 4:04 pm

    Can anyone explain to me how did Mint manage to obtain the cooperation of all thses thousands of banks and credit card companies?
    What’s in it for them? The prospect of customers getting advice on lower rates? Beats me.

  73. Aaron

    October 8th, 2007 at 8:04 pm

    @David Litsky

    Mint never gives your information to third party advertisers. We have a proprietary database of financial offers, interest rates, and communications (phone, tv, internet, wireless) providers. The matching is done in software, anonymously.

    Your information never leaves Mint.com. If or when you click through on a savings opportunity, no information is passed except that the click came from Mint.com.

    Mint does make a small referral fee from advertisers on some offers. That’s what keeps Mint free. Whether we have a relationship with a provider in no way affects our ranking algorithm – we find users the best interest rate or lowest price regardless.

    What this means in the end is Mint only makes money if we can find ways for the user to save money. And we think that’s pretty revolutionary. The only ads you see are ads that make you money…think about how different that is as a business model.

    Aaron Patzer
    Founder & CEO, Mint.com

  74. Jusatry

    October 8th, 2007 at 8:10 pm

    Aaron,

    While the security issue doesn’t bother me too much, one issue I have found with your product (touched on by @Alan) is that the offers you make are often not competitive with or comparable to what we are getting, you just don’t have a way to know that!

    For example, I have a Capital One card with 1% back. You see my Capital One account with ? for a cash return, and “offer” me a 1% back card (a *savings* of $250/year!). There needs to be a way to user input the specifics of current accounts and products before you offer to “save” me all that dough!

    The website is very pretty and the charts make tracking my spending super easy - thanks for that!

  75. Aaron

    October 8th, 2007 at 8:30 pm

    @Jusatry

    Fair point. Within the next month or so, we’ll be able to accurately capture the rewards earned on just about every credit card. Then, we’ll be able to accurately reflect the fact you are earning 1% back on your Capital One card.

    Right now without rewards (we show your current rewards as “unknown”), it’s not always an apples-to-apples comparison. It will be soon!

    For what it’s worth, putting a mathematical model around all the complexity, tiered rewards structure, and nuances of credit cards is very difficult. We’ve filed two patents on it already and gone further than anyone has gone before. We’ll go further still!

    Thanks for the feedback.

    Aaron Patzer
    Founder & CEO, Mint.com

  76. John W.

    October 9th, 2007 at 6:30 am

    I think what Aaron and the venture capitalists behind Mint miss is that any society that lives in and around the 1% they get back on rewards cards churning from one cell phone provider to another, or moving their checking account around to save a few bucks, is absolutely, without a doubt, the saddest sort of society one can imagine.

    Trying to muck up new markets for banks and cell phone companies is so awful and boring that it makes my head want to pop off. It’s simply a sign of the times where we have turned into a culture of vultures and business models like Mint are inevitable.

  77. Brian Crozier

    October 9th, 2007 at 8:08 am

    Interesting model, time will tell. It is all about trust.

    We are in the online debit payment business and have found that online Buyers who trust the online Seller have no problem using their online bank to make a secure debit transaction. Our payment service does not share or store the consumers bank information, just a payment confirmation to the Seller.

    Brian Crozier
    Co-Founder & VP UseMyBank

  78. Susannah R.

    October 9th, 2007 at 8:25 am

    There are some very genuine criticisms of Mint.com from a security point of view. I am not sure an online service is the best way to deliver this functionality. I believe Intuit, for instance, is much better positioned to provide this capability in a desktop application.

    If you read reviews such as http://techlahore.wordpress.co.....com-sucks/ you will find that not only are there functional issues with mint.com, it is quite apparent that the level of maturity with respect to security, is also not there.

  79. Tracy

    October 9th, 2007 at 2:02 pm

    This looks like an awful lot of sensitive information I have to enter to make this work- - info that my bank already has. What a pain. Why can’t I just do this at my bank?

  80. MikeBuck

    October 12th, 2007 at 7:02 pm

    I was real impressed by the idea, but the site is awful. No way it belongs on the TC40.

    First off, too difficult to get your accounts setup. Lots of retries needed to get stuff working.

    Secondly, un answered requests for help for certain accounts they said they support. For one CapOne savings.

    Third, lack of response big time from support. The typical “we are so busy” crap.

    Finally, a high level of arrogance to add other banks/services. Basically said hey that is a small bank/institution - tough luck.

    I also think you should be able to remove the accounts immediately.

    TC looks bad, very bad on this one. Losing your edge there MA

  81. doc savage

    October 18th, 2007 at 11:40 am

    I’ll start by saying I currently use Yodlee and Wesabe.

    I was turned off by Mint just because the very first question was something akin to “please give me you bank account number and password”.

    Looking at today’s screenshots and review up on lifehacker.com I’d say that mint looks really interesting and potentially useful to me.

    I love how yodlee moneycenter can show me literally everything and the reporting is even decent.

    Wesabe is cool and actually very powerful, but a lot more work and lot more “in the works” than yodlee at this point.

    In my first 12 hours using yodlee and wesabe, I actually got my budget report I was looking for quicker with wesabe.

    Since then, yodlee is prooving to be both more reliable and easier to keep up to date with. That said, I’m still running both in parallel.

    I am tempted to try mint as well, but wondering what it offers me that yodlee doesn’t. And then if I need that additional functionality.

    I know the online quicken is coming soon, but have no faith that they will get it right.

    Wesabe stores the account numbers and passwords on a local “uploader”, which really downloads and uploads … but the model for storing passwords is more like quickens.

    But when I log into Yodlee, it feels more secure to me, with the multi-screen passwords.

    Personally, in the defense of mint.com — I’d venture to say that their website is way more secure than the average person desktop computer is.

    I think it is counter-intuitive to give out information to a website — but it is far easier for a hacker, spyware or key-logger to get your information from your home PC than from a professional website, IMHO.

    Another thing not really mentioned in these comments is that we all need to be changing out passwords prety regularly. If your really worried about mint or a hacker getting this information, you can protect yourself by selecting secure passwords and changing them regularly.

    I would also mention that sites like http://www.clipperz.com and http://www.passpack.com are also places where it would seem the last place to send your private information, but which are actually really secure.
    I think mint and clipperz are example of “the future” … whereas
    quicken and using the same password everywhere (like most people do) — are example of the poor ways of the past.

    Savage

« Previous post
Next post »