A long while back (was it really 2008), I wrote an overview of the web-based personal finance tools available at that time. I didn’t really give a strong recommendation to any of them, though I did end up serving as an advisor for a time with Wesabe.
Today, Mint.com is clearly the frontrunner in this field, but there are many other services that offer similar financial tools via the web. Many banks have incorporated similar tools into their online services, and other similar services such as TurboTax can be done fully via the web.
Personally, I don’t use any of them.
Why not? Mostly, it comes down to information security, as I briefly touched on in the article linked to above.
It’s not that I doubt the security policies of any of the sites. I think Mint, TurboTax, and other such web-based tools have stellar security policies, and I genuinely believe that they’re all doing the best they can to preserve the sanctity of your personal information. I’ve reviewed a lot of security policies and a lot of security histories over the years and I know that when you’re dealing with financial data, you’re not only buried behind a lot of regulation, you’re also dealing with an absolute requirement for your customers. This is not something any of them want to mess up in any way, and they’ve all taken powerful steps to keep you safe.
That’s not the point.
The reason I avoid using such tools is that all it takes is one mistake from one person for your information to be stolen. For one bright, shining example of this, take the loss of 100 million credit card numbers by a card processor in 2009. Even though the business had incredibly strong security policies, a hacker still managed to scrape off up to 100 million credit card numbers and related information from that company’s database. How did it happen? Most likely, one information security professional didn’t set up one security protocol correctly, and that was enough.
So, how does that affect whether I use such tools? The more places where you use your personal information, the greater the chance you have of getting your information or even your identity stolen.
Let’s say Alice has her personal information available to only one business in the country, her bank. She’s very careful about letting out any of her data anywhere else.
Let’s say Bob, on the other hand, has accounts at ten different financial institutions and uses several different tools to access those accounts. As many as twenty different companies with twenty different security policies have access to Bob’s data.
Let’s now say that personal data is lost by some company in America. Because Bob has his information with so many different institutions, Bob is twenty times more likely to be affected by this loss of data. By having so many accounts, Bob is putting himself at additional risk.
With every account you open where your personal information is used, you increase your risk of falling prey to a random act of information loss, whether it be someone breaking into a computer network or someone losing a backup tape.
Because of that, I’m very wary of the number of businesses that I share my information with. Unless there is a strongly compelling reason to share my personal data, I don’t share it.
For me, none of the online tools offer enough value to be worth increasing that risk, at least in my eyes. Mint might be awesome, but it’s not worth that additional risk to me. Neither is TurboTax Online or any of the other similar services.
It’s for this same reason that I use a single credit card with identity theft protection for most of my purchases.
I just want to minimize my risk of having my information out there when something goes wrong with information security somewhere, and my general recommendation to others is that they do the same.