Online Financial Tools and Security

A long while back (was it really 2008), I wrote an overview of the web-based personal finance tools available at that time. I didn’t really give a strong recommendation to any of them, though I did end up serving as an advisor for a time with Wesabe.

Today, Mint.com is clearly the frontrunner in this field, but there are many other services that offer similar financial tools via the web. Many banks have incorporated similar tools into their online services, and other similar services such as TurboTax can be done fully via the web.

Personally, I don’t use any of them.

Why not? Mostly, it comes down to information security, as I briefly touched on in the article linked to above.

It’s not that I doubt the security policies of any of the sites. I think Mint, TurboTax, and other such web-based tools have stellar security policies, and I genuinely believe that they’re all doing the best they can to preserve the sanctity of your personal information. I’ve reviewed a lot of security policies and a lot of security histories over the years and I know that when you’re dealing with financial data, you’re not only buried behind a lot of regulation, you’re also dealing with an absolute requirement for your customers. This is not something any of them want to mess up in any way, and they’ve all taken powerful steps to keep you safe.

That’s not the point.

The reason I avoid using such tools is that all it takes is one mistake from one person for your information to be stolen. For one bright, shining example of this, take the loss of 100 million credit card numbers by a card processor in 2009. Even though the business had incredibly strong security policies, a hacker still managed to scrape off up to 100 million credit card numbers and related information from that company’s database. How did it happen? Most likely, one information security professional didn’t set up one security protocol correctly, and that was enough.

So, how does that affect whether I use such tools? The more places where you use your personal information, the greater the chance you have of getting your information or even your identity stolen.

Let’s say Alice has her personal information available to only one business in the country, her bank. She’s very careful about letting out any of her data anywhere else.

Let’s say Bob, on the other hand, has accounts at ten different financial institutions and uses several different tools to access those accounts. As many as twenty different companies with twenty different security policies have access to Bob’s data.

Let’s now say that personal data is lost by some company in America. Because Bob has his information with so many different institutions, Bob is twenty times more likely to be affected by this loss of data. By having so many accounts, Bob is putting himself at additional risk.

With every account you open where your personal information is used, you increase your risk of falling prey to a random act of information loss, whether it be someone breaking into a computer network or someone losing a backup tape.

Because of that, I’m very wary of the number of businesses that I share my information with. Unless there is a strongly compelling reason to share my personal data, I don’t share it.

For me, none of the online tools offer enough value to be worth increasing that risk, at least in my eyes. Mint might be awesome, but it’s not worth that additional risk to me. Neither is TurboTax Online or any of the other similar services.

It’s for this same reason that I use a single credit card with identity theft protection for most of my purchases.

I just want to minimize my risk of having my information out there when something goes wrong with information security somewhere, and my general recommendation to others is that they do the same.

If you enjoyed reading this, sign up for free updates!

Loading Disqus Comments ...
Loading Facebook Comments ...
  1. Ryan says:

    This reads more like a criticism of having many different accounts than of Intuit or aggregation services.

    I don’t think it’s even possible for anyone to be an “Alice” in today’s world. Even if she does all of her banking/credit cards/mortgage through say Bank of America, her information is also in the computers of TransUnion, Equifax, and Experian. Plus either Visa/Mastercard, depending on which card she has with BoA. Then there’s the information the US government makes available online like social security, selective service, tax refund status, etc.

    Mint doesn’t even know the actual password to my ING account because ING lets you make a separate code that you can cancel at any time.

    I think that if using Mint or a similar service finally lets you get rid of your debt/grow your net worth and get a better handle on your spending, then it’s worth it. Is ONE more company really that big of a deal when a dozen or so most likely already have your information?

  2. jim says:

    Basically Trents argument boils down to limiting your exposure. But I don’t think that avoiding the safer institutions is the best way to limit your exposure. Rationally you should avoid the less safe institutions first and foremost. Unfortunately our daily use of credit cards and banking information is not very secure. Every random clerk, waiter or other businessperson who touches our credit card could lift that number easier than any hacker could break into Mint. Every company we buy anything from with anything but cash is as exposed and probably more susceptible to a breach of security as Intuit. A hacker could probably crack most of our bank account passwords faster than the time it took you to read this paragraph.

    THe biggest security breaches get headlines cause they are the biggest breaches. Little companies with security problems don’t get news cause they are little. THe individual people stealing financial info don’t get any headlines cause that happens day in an day out every day.

    Its like trying to make yourself immune from any crime. You can take some sane precautions but you can’t eliminate all crimes.

  3. deRuiter says:

    Put a freeze on your credit information with the three companies: Experion, Trans Union and Equifax. It’s fast, it’s dirt cheap, and your identity can’t be stolen. The credit reporting agencies hate this because they are paid each time they divulge your information to anyone. Foil them for pennies! Freeze your credit. This also stops you from making frivolous applications for credit cards and loans you really don’t need because of the hassle of the pin, unfreezing credit for a certain time, etc. With the freeze in place, no one can open loans in your name, open credit cards, hijack your information, move your credit to a new address, nothing!

  4. michael bash says:

    What IS my “personal information”? What items does it include? RSVP & thanks

  5. jackowick says:

    Trent uses Mint as an example in the opening and closing statements, but THIS article is about limiting exposure, not a review or criticism of Mint.

    Not every article is written for every reader. Some people are reading this advice for the first time, whether they’re a 21 year old looking to start on a path of good habits, or a middle aged person looking to correct their mistakes, or someone of any age who has perhaps never been the primary financial decision maker in their life.

    I recently switched celular phone companies and re-re-re-registering all this data for your name, address, emails, pins, etc, is really getting old. It just made me think how easy it is for something to be exposed by a bad day of digital maintenance by a company, so I read this article as yet another affirmation that “you need to always be in control of your data, as much as possible, to reduce risk.”

    You can’t ever bring risk to zero, unless you’re a non-participant in a behavior.

    With all that said, hey deReuiter, I never thought about “the Freeze”. Are there any cons to this if you are freezing yourself?

  6. lurker carl says:

    The biggest con to the Freeze is you have to unfreeze with each credit bureau before obtaining a new line of credit and refreeze when you’re finished. Think credit card application, home loan, refinancing, etc. The fee to freeze, unfreeze and refreeze with each bureau varies by state.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>