Personal Finance

Mint.com now in Canada

  • Last Updated:
  • Nov 30th, 2011 10:29 am
Tags:
None
Banned
Feb 10, 2010
789 posts
37 upvotes
I decided to take matters into my own hands and email mint to see what they have to say about canadian banks position on use of their service. Response to follow when i get it.

"

Dear mint.com

I would really like to start using Mint.com, but I have some security concerns.

I'm willing to trust your site, but it seems my bank (and most banks in canada likely) doesn't feel the same way about it.

"As a TD Canada Trust Access Card Holder, you've agreed to not provide your confidential information to third parties. This would include divulging our password and Access Card number to Mint.com. So, this would include companies that try to aggregate your financial services under one roof.

We view the aggregation of services as a security issue and generally do not support it, so while you may be able to access your accounts initially, there will likely come a time when your information becomes blocked."


I am not willing to use mint.com if my financial institution views it as a security threat and a breach of my terms of service with them.

My main concern is that if there were a security breach on any of my accounts, even if mint.com was not connected in any way, my bank would point to the fact that I gave my information to a 3rd party as breach of my agreement and blame me for it.

What steps is mint.com taking to coordinate with canadian financial institutions so that canadians can use the site without fear of reprisal from our banks?


You can tell me how safe mint is all day, I will NOT use your site if my bank specifically tells me that it is a security breach and violation of my terms with them.

This is a very serious issue that mint needs to address.

Thank you,

"
Member
User avatar
Aug 31, 2009
305 posts
206 upvotes
BC
rivet wrote:
Jan 11th, 2011 12:25 pm
I am missing lots of transactions on my MBNA smart cash credit card using mint.com, any one else has this problem?

I had a similar problem and it caused me to stop using the site for a couple of weeks as the data was not complete and therefore not reliable. Just for fun, i removed and re-added my MBNA SC card today and it picked up the transactions that were previously missed. Granted, this would be a huge hassle to remove and re-add accounts every time a transactions is missed, but at least it worked, which is a good sign. I have since learned that you can add a transaction manually at mint, so if they do happen to miss 5-6 transactions every month, then it wouldn't be too bad to add them manually.

The only fear I have about mint is if it means I am breaking the agreements that I have entered into with my bands and CC companies (without reading the fine print of course). If someone hacks into my account and somehow rips me off $40,000, then my banks say I breached my agreement with them (which I have never read) by providing a 3rd party with info, then I am royally screwed. I am just growing so tired of tracking my spending by using MS Excel one entry at a time.

So sad that I choose laziness over security! And now that I have already joined mint and added accounts, even if i were to now close my mint account, i would assume that, legally, the damage has already been done and I am now screwed forever.
Newbie
Dec 4, 2006
35 posts
jslwc wrote:
Jan 11th, 2011 6:49 pm
So sad that I choose laziness over security! And now that I have already joined mint and added accounts, even if i were to now close my mint account, i would assume that, legally, the damage has already been done and I am now screwed forever.
Hmm... What prevents you from logging into your accounts and CHANGING THE PASSWORDS on them after you delete your Mint account? Banks themselves tell you to change passwords every now and then. I'm sure they keep logs on WHEN passwords were changed.

All these issues would be a lot easier to handle if banks (and other institutions) realized that there is value for us in financial aggregation services and create "read-only" passwords that we could use in these sites.

Like I said earlier, I REALLY REALLY like Mint, but will not use it if it means running afoul of the agreements with the financial institutions that hold my money.

As always, YMMV.
Deal Addict
Dec 28, 2006
4995 posts
260 upvotes
Kanata
I really like the easy of use and interface of mint.com, much better than an old version of quicken I tried. However, it misses too many transactions every months which is really hard to manually correct all of them. By the way, can I download statement transactions manually and load on to mint like quicken and microsoft money can? That will still be easier than input every single transaction
Banned
Feb 10, 2010
789 posts
37 upvotes
will2009wpg wrote:
Jan 11th, 2011 2:47 pm
I decided to take matters into my own hands and email mint to see what they have to say about canadian banks position on use of their service. Response to follow when i get it.

"

Dear mint.com

I would really like to start using Mint.com, but I have some security concerns.

I'm willing to trust your site, but it seems my bank (and most banks in canada likely) doesn't feel the same way about it.

"As a TD Canada Trust Access Card Holder, you've agreed to not provide your confidential information to third parties. This would include divulging our password and Access Card number to Mint.com. So, this would include companies that try to aggregate your financial services under one roof.

We view the aggregation of services as a security issue and generally do not support it, so while you may be able to access your accounts initially, there will likely come a time when your information becomes blocked."


I am not willing to use mint.com if my financial institution views it as a security threat and a breach of my terms of service with them.

My main concern is that if there were a security breach on any of my accounts, even if mint.com was not connected in any way, my bank would point to the fact that I gave my information to a 3rd party as breach of my agreement and blame me for it.

What steps is mint.com taking to coordinate with canadian financial institutions so that canadians can use the site without fear of reprisal from our banks?


You can tell me how safe mint is all day, I will NOT use your site if my bank specifically tells me that it is a security breach and violation of my terms with them.

This is a very serious issue that mint needs to address.

Thank you,

"

Pathetic response from Mint:

"Hello William,


Thank you for your email expressing your concerns, we take the safety and security of our users financial information very seriously.

It is our understanding that the sentiment you share below from TD Canada is commonly shared amongst financial institutions in Canada, and it will really be up to you decide.

If you haven’t already, I’d suggest you visit our site to read more about how Mint.com keeps your financial data Safe & Secure. You can find that information here: http://www.mint.com/features/security/

Please let me know if you have any additional questions.

"
Jr. Member
Mar 9, 2010
180 posts
Halifax
Im not disagreeing with the potential security problems, but I wonder how many banks are pissed that people wont be using their banks website as often

They use their websites to sell new or different products so they would be against anything that steers customers away from it.

Mint also highlights/flags banking fees that Im sure the banks dont want attention drawn to. And then with mint searching for better deals its no wonder the banks dont like Mint at all.
Banned
Feb 10, 2010
789 posts
37 upvotes
nuclearjack wrote:
Jan 14th, 2011 8:02 am
Im not disagreeing with the potential security problems, but I wonder how many banks are pissed that people wont be using their banks website as often

They use their websites to sell new or different products so they would be against anything that steers customers away from it.

Mint also highlights/flags banking fees that Im sure the banks dont want attention drawn to. And then with mint searching for better deals its no wonder the banks dont like Mint at all.

Oh sure, the banks are definitely out for themselves.

You still need to use your banks website to actually do anything though. And your bank is the one who can bring consequences down on you for using mint if they really want to.
Sr. Member
Mar 17, 2008
581 posts
140 upvotes
Ally.ca is now supported but it's not working correctly for me, there is a very weird bug:

I have always received my direct deposit pay in Ally and when Mint started to work for most Canadian banks (but not Ally.ca), I started to transfer it entirely to my PCF account for Mint to take that amount as my Income.

Ally.ca
(1234.56) $ --> to PCF
+1234.56 $ --> from employer

but here's what shows up in Mint:
[MINT]
[ALLY]
+123.56 $ --> "Internet transfer to CANADIAN IMPERIAL BANK OF COMMERCE HISA account XXXXXXX1234"
+1234.56 $ --> DIRECT DEPOSIT PAY "From BLAHBLAHBLAH~ Future Amount: 1234.56 ~ Tran: ACHSD"

+789.12 $ --> "Internet transfer to CANADIAN IMPERIAL BANK OF COMMERCE HISA account XXXXXXX1234"
+7890.12 $ --> DIRECT DEPOSIT PAY "From BLAHBLAHBLAH~ Future Amount: 7890.12 ~ Tran: ACHSD"

+345.78 $ --> "Internet transfer to CANADIAN IMPERIAL BANK OF COMMERCE HISA account XXXXXXX1234"
+3456.78 $ --> DIRECT DEPOSIT PAY "From BLAHBLAHBLAH~ Future Amount: 3456.78 ~ Tran: ACHSD"

I see the pattern but it doesn't make any sense, and the transfer out is positive when it should be negative

But the overall balance is good
Deal Addict
User avatar
Oct 24, 2004
4848 posts
437 upvotes
Toronto (Central)
Anyone know when the 'Goals' feature like there is on the US-site will be implemented?
Sr. Member
Sep 25, 2007
507 posts
32 upvotes
Toronto
will2009wpg wrote:
Jan 11th, 2011 2:47 pm
"As a TD Canada Trust Access Card Holder, you've agreed to not provide your confidential information to third parties. This would include divulging our password and Access Card number to Mint.com. So, this would include companies that try to aggregate your financial services under one roof.

We view the aggregation of services as a security issue and generally do not support it, so while you may be able to access your accounts initially, there will likely come a time when your information becomes blocked."

Which banks have said this is a security threat? TD? Anyone else? I suppose every bank has a policy somewhere in the fine print about a similar issue but just hasn't said anything specific about Mint?

I'm trying to not have to turn off Mint and change all my passwords. Just when I get it working right with all my banks...
Deal Fanatic
Feb 1, 2006
9099 posts
214 upvotes
I decided to just use Mint.com for tracking my spending going forward, so I removed my bank and other info. I didn't feel using it for other stuff was providing much value to me, and with the potential risks, just not worth it.

I am, however, really happy with the usefulness of having all my credit cards linked there, and being able to see every month what I'm spending in each category. I put nearly every expense on credit cards, don't use debit at all, cash very little, so this covers 99% of my spending. Before this, I was downloading to Excel and consolidating myself, which was a pain.
Newbie
Apr 26, 2010
9 posts
2 upvotes
Montreal
I'm an experienced software developer and so when I started looking for ways to automate my monthly budgeting, I found mint's auto-classification of transactions highly interesting... I mean, the data entry drudgery is largely eliminated, and you get all those nice pretty charts and tools for free.

However, the way that mint is linked to my bank account is not at all secure. They say it's read only access, but they are lying. They collect your access card number and web banking password. Each night they connect to your account and screen-scrape the information. screen-scrape means that they essentially automate what you would do yourself as a web banking user, capture the information presented on screen, and enter it into their database. This nightly recurring login means that they absolutely MUST be keeping your password in plain text somewhere. They cannot use a secure one-way hash. They probably encrypt it, but then, the nightly syncing application needs to have a decryption key in order to read it back plain text.

So essentially, your webbanking login and password is permanently stored by them in plain text readable format in some database somewhere. A hacker or disgruntled employee can get this information and log in to your web banking account as if they are you and perform transactions.

The mint application may be read only, but it stores the same credentials that can be used for full access.

When signing up, I got to the page asking for my TD easyweb access card and web banking password, and I almost fell off my chair! It was an instant deal-killer for me and I immediately deleted my account without entering anything. Requiring this kind of authentication is amateur at best, criminal at worst. They are preying upon the gullibility of people.

So, yes, mint has some nice automation and pretty charts... but ask yourself this question:

If a stranger on the street offered to automate your budgeting and make nice charts for you in exchange for your web banking password, would you give it to him?

This is essentially what mint is. The features are not worth the risk.
Deal Addict
Mar 2, 2005
1804 posts
161 upvotes
codon wrote:
Feb 20th, 2011 2:02 pm
I'm an experienced software developer and so when I started looking for ways to automate my monthly budgeting, I found mint's auto-classification of transactions highly interesting... I mean, the data entry drudgery is largely eliminated, and you get all those nice pretty charts and tools for free.

However, the way that mint is linked to my bank account is not at all secure. They say it's read only access, but they are lying. They collect your access card number and web banking password. Each night they connect to your account and screen-scrape the information. screen-scrape means that they essentially automate what you would do yourself as a web banking user, capture the information presented on screen, and enter it into their database. This nightly recurring login means that they absolutely MUST be keeping your password in plain text somewhere. They cannot use a secure one-way hash. They probably encrypt it, but then, the nightly syncing application needs to have a decryption key in order to read it back plain text.

So essentially, your webbanking login and password is permanently stored by them in plain text readable format in some database somewhere. A hacker or disgruntled employee can get this information and log in to your web banking account as if they are you and perform transactions.

The mint application may be read only, but it stores the same credentials that can be used for full access.

When signing up, I got to the page asking for my TD easyweb access card and web banking password, and I almost fell off my chair! It was an instant deal-killer for me and I immediately deleted my account without entering anything. Requiring this kind of authentication is amateur at best, criminal at worst. They are preying upon the gullibility of people.

So, yes, mint has some nice automation and pretty charts... but ask yourself this question:

If a stranger on the street offered to automate your budgeting and make nice charts for you in exchange for your web banking password, would you give it to him?

This is essentially what mint is. The features are not worth the risk.

+1. My thoughts exactly.
Newbie
Aug 10, 2009
47 posts
5 upvotes
codon wrote:
Feb 20th, 2011 2:02 pm
I'm an experienced software developer and so when I started looking for ways to automate my monthly budgeting, I found mint's auto-classification of transactions highly interesting... I mean, the data entry drudgery is largely eliminated, and you get all those nice pretty charts and tools for free.

However, the way that mint is linked to my bank account is not at all secure. They say it's read only access, but they are lying. They collect your access card number and web banking password. Each night they connect to your account and screen-scrape the information. screen-scrape means that they essentially automate what you would do yourself as a web banking user, capture the information presented on screen, and enter it into their database. This nightly recurring login means that they absolutely MUST be keeping your password in plain text somewhere. They cannot use a secure one-way hash. They probably encrypt it, but then, the nightly syncing application needs to have a decryption key in order to read it back plain text.

So essentially, your webbanking login and password is permanently stored by them in plain text readable format in some database somewhere. A hacker or disgruntled employee can get this information and log in to your web banking account as if they are you and perform transactions.

The mint application may be read only, but it stores the same credentials that can be used for full access.

When signing up, I got to the page asking for my TD easyweb access card and web banking password, and I almost fell off my chair! It was an instant deal-killer for me and I immediately deleted my account without entering anything. Requiring this kind of authentication is amateur at best, criminal at worst. They are preying upon the gullibility of people.

So, yes, mint has some nice automation and pretty charts... but ask yourself this question:

If a stranger on the street offered to automate your budgeting and make nice charts for you in exchange for your web banking password, would you give it to him?

This is essentially what mint is. The features are not worth the risk.

As a software developer myself, I am embarrassed with your post. Everything is done in a secure environment and protected with full level of encryption. If someone were to "hack" your account, they would not be able to get the information. The only way is through data server access which is protected similar to banks (access cards, recognition, bypass security, more encryption, etc). Mint.com hires many hackers to make sure the system is hack-proof and there has yet to be an incident where the hackers got in.
× < >

Top