You’re right, getting people to come back past the initial stage of curiosity will be the hardest part. I signed up thinking it was a cool service, now I haven’t logged in since a week ago. I only have one bank account and two credit cards, so I didn’t find it that useful. It was nice to see the breakdown of how I am spending my money though. I might check back periodically just to see that.

I cant believe people give up all their banking info still

http://www.rajuthan.com/

Well, there are a couple hundred individuals who singlehandedly could enable Mint to reach that milestone. My guess is that Oprah Winfrey ($2.5 billion net worth via Forbes 400) signed up.

I signed up to try the service, but, since I only have a few credit cards and bank accounts, I decided it wasn’t that useful for me.

As I had shared a lot of information, I decided it would be better to delete my account rather than let it linger. I spent about ten minutes looking all over their site, and I found that it is not possible to delete one’s account.

I emailed their customer service department 5 times, and, after about a week, they deleted my account (or so they say…). Apparently the process took so long because they had to do it “manually”.

For a service that requires such sensitive information, it is pretty damn irresponsible, even sleazy, to make it so difficult to delete one’s account. I definitely wouldn’t recommend them after this experience.

I think 99% of people probably just don’t understand why it’s a bad idea to give their financial details to a website with no real history or reputation - they figure if it looks professionally designed, then it *must* be a reputable organisation.

Hope they blow crap Wesebe out the door.

aren’t people worried about their most confidential data
http://vidsonly.blogspot.com

Lets hope they’re hacker-proof.

Great point Gabe - in fact, if the vc team behind mint use the system (they trust it right?), then they could hit that mark as well.

What Erick fails to mention is how many “takes” or “spiffs” has Mint received from those supposed $40 million in savings nor how many users actually even click to view the offers. My bet is still that the offers will move to the front page within 6mos-1yr.

#5 Lance - you are correct as well.

I would still love to see a voting matrix of which panelists picked which startup at tc40 - would help me with research about the various companies.

They might be a hit in presentation/demo market but no one is signing up to USE their service. Their service is just too scary in today’s hacker-feared market. Phishing, hacking, etc has instilled a lot of fear in people. Mint came at a bad time

Except for the privacy concerns the business idea actually is quite awesome. A service aggregating and analysing one’s financial transactions is a real killer. However, the privacy concerns outweigh those benefits by far.
Even if you are gullible enough to entrust your most personal information to that company, how can you be sure some evil-minded crackers don’t steal your data? Mint claims to have as high a security level as your favourite online banking service. Sure, a startup claiming to have established security standards equalling those of corporate-size banks who spend millions per year in order to secure their servers and even then don’t always succeed…
Apart from that, has anyone ever thought about that if Mint comes to aggregate a critical amount of data, intelligences services (or Inland Revenue, respectively IRS for that matter) will show some interest in this service as well?

This one is a little toooo dangerous for me to buy into, it’s a hacker’s dream!

I signed in and I think it is really a neat piece of software. Ease of use goes a long way with me, as does convenience and good information.

Quite frankly, my info got hacked on eTrade, so no one is exempt. But Mint sends me an email once a week telling me what I’ve spent and when my bills are due. I have three bank accounts and four credit cards, so I find this useful. Would be more useful if I could dump my brokerage data into it, too. Before it, I used Quicken or Quickbooks — both are hackable, too.

Not everyone is jumping for joy over Mint.com:

http://www.nobosh.com/Article/.....fe%3F/712/

Instead of a web based they should deliver the service thro a client download (keeping all the data locally & offcourse encrypted). This would eliminate most of the hacker problems.

#4 Noah

We’re setup to purge all accounts and transaction data from any user who requests to do so in about 24 hours (right now it’s a batch process). Within a week or so, you’ll be able to do it live.

Aaron

To all those who are concerned over Mint.com security, a few points:
1) You’re anonymous on Mint.com
2) Our security is independently verified
3) Email & text-message alerts help identify fraud immediately…and being proactive is the best measure.

I’ll make a bold statement: You’re safer on Mint then with online banking. On Mint, you’re completely anonymous. We never ask for a name, address, or SSN - just an email. We know about your finances…but not about you. We’re also independently verified by Verisign, TrustE, and several outside agencies.

We also have serious physical security. Our servers are in a secure, unmarked facility. To get in, you need to pass 3 biometric scanners, 4 locked doors, and several guards. We have our own cage so we’re physically separated from all other companies. Cameras monitor our servers and power supplies 24/7. The servers themselves have additional locks. The hard drives are encrypted. It’s like Mission Impossible (except without the electrified floors…maybe one day).

Perhaps more interestingly, 90% of all fraud actually occurs offline, not online (e.g. someone swipes your card at a restaurant or from your mail). Because Mint sends proactive alerts for low-balance or unusually high spending, you’ll know right away. It’s better than logging into 4-5 different banks every day, or waiting 30 days for a paper statement before finding that something went wrong.

Aaron Patzer
Founder & CEO, Mint.com

@ Aaron

What possessed you not include the ability to delete one’s account in the initial version of the site? It’s an omission that is either incredibly stupid, or fairly evil.

I tried Mint, but since my bank not only has a number and password, but also two questions post-login, I was not able to able to add my bank info. Without the ability to add my accounts, not to mention overseas accounts, (not many mind you!), this is a fairly limited service. Great idea, but I’ll check back later once some essentials are in place.

Chris

uh…well, I see that the post-login questions have been added…so, just the o’seas and I am good.

Thanks!

It’s utterly disingenuous to say that you are anonymous when your finances are not.

If login information for a financial account is compromised, you can pull any data Mint does not retain from the compromised account. End of anonymity.

but the name…

http://haveamint.com/ immediately jumped into my mind..

@ Sprezzatura

Mint.com knows about your finances but does not know anything about who you are as a person. We don’t collect your name, address, or SSN. Just an email and a zip code (the zip code aids in categorization). If you’re truly concerned, use an email that does not contain your name.

Aaron Patzer
Founder & CEO, Mint.com

What the hell does anonymous have to do with anything ? If your hacked, and I learn your username, password, and mfa credentials to all of your bank accounts, then please explain to me why being anonymous matters one wit ?

A bold statement ? “safer than online banking” How about a dumb statement.

Banks have been regulated/forced to provide multi factor authentication. You all are busy subverting MFA via screen scraping. Yip yip, awesome.

As for all the physical security whoha, any hosting center worth a salt has a list like this, so whoop dee do.

And then after telling us how great you are, you do a head fake with the 90% of fraud occurs offline stat, definitely true, but we’re talking about online here. Are you trying say that online fraud/hacking is not that big a deal? Tell that to TJMax.

Where’s a top 10 dumb security statement list when you need one.

Hey, just use an email that does not contain your name.

@ Chris

Yes, for banks requiring two-factor authentication, you will see additional security questions. In the beginning we did not always pass those through. Now that we do, you can link to just about any bank.

For an additional security measure, we’re working with banks to pass through the custom pictures sometimes associated with two-factor authentication. That should be available sometime next year.

As for international support, it’s on the roadmap…but after investments, student loans, mortgages and a few other features.

If any of you out there know the financial systems, regulations, and infrastructure in Europe and would like to help us accelerate there, drop me a note.

Aaron Patzer
Founder & CEO, Mint.com

@Aaron, I dont understand the anonymity thing. The bank account has the individuals name, email, address, etc. So by having access to the bank account, Mint has access to non-anonymous infomration as well.

Ya’ll worry too much.

Hi Aaron,

It’s very reassuring to see a company have external audits. What do you me by “Security”?

You’ve rattled off a lot of physical security measures, which are the least likely to be compromised. The most obvious attacks take place over the network and application.

What’s your password complexity?
How many invalid attempts can a user have in a certain period?
What’s your application coding like? Is there a secure application lifecycle?
Do you have IDS/IDP’s or Application Firewalls(Cisco ACS), stopping bogus queries?
What’s your Denial-of-Service Mitigation like? If the service takes off, that bad guys will DOS you.
What’s your application logging like?
What’s your sever access like? 2 factor auth for local access?

Companies like Google every few weeks are getting caught out by XSS and application holes. I find it hard to believe your “Security” is secure.

Also of course you want the big companies to tell you your secure, the less they rock the boat, the happier you are. There’s a fairly big trend for the large guys to find nothing, but those in the know, the boutique companies like Security-Assessment.com to find 50+ holes where “the big guys” find nothing.

Food for thought.

–Wade

@ Anatoly

We have a read-only connection to the banks which does not pull in your name, address, etc. It doesn’t exist on our servers.

For that matter, neither do your bank user names and passwords. Mint.com uses Yodlee for account aggregation. Yodlee is the back-end piping that connects all the banks, credit cards, and brokerages together. They’ve been around for about a decade, and are used by Bank of America, Fidelity, Microsoft Money, and Mint.com to provide the raw transactions and balances. They’ve never had a major security breach, and with clients like BofA, Fidelity, Charles Schwab, and HSBC, they’re audited all the time.

So are we. Not just by Verisign and TrustE. Mint.com works with Cryptography Research (www.cryptography.com) for security and network architecture…CRI’s Paul Kocher invented SSL 3.0 btw. We’ve also hired a number of “white knight” hackers to attempt system penetration. They have been unable to access user data. We also check the system routinely for SQL injection, cross-site scripting, and open-port attacks.

Also, keep in mind our VP of Engineering, David Michaels, ran PGP’s secure email product for 5 years, Java server security at Sun, and financial services at ShockMarket. We designed Mint.com for security from the ground up.

Aaron Patzer
Founder & CEO, Mint.com

Having built the first Citibank online credit card processing system and a former Fortune 100 auditor I know a bit about this stuff.

My first question for Aaron is:

How many of the banks and other financial institutions have you spoken with regarding security? What I mean is this: when your system is hacked, and I go to xyz bank and tell them that $xx has been stolen, they will ask me for the details. When I explain that I am using a 3rd party system which I gave my userid/pwd to, will they still help me with my claim or will they insist that I deal with you since I provided my details to you?

Especially since your terms clearly state that you are acting as my agent.

Interesting that a person’s bank balance is high-up on the list of things they likely check very regularly (especially small business owners who need to know what checks have cleared).

Not unlike mail. Could be a very-frequently used app.

Some of the questions asked to get ING setup in Mint:
– Customer Number
– Login PIN
– your Social Security Number
– Four digit year of your birth date
– your mailing address zip code
– Four digit month and day of your birth
(and I saw your msg about ING and the difficulty - but how many of your customers fill in everything?)

And BTW - sure, security is important, but the illusion of security is enough for most people who basically don’t care enough to look under any hood.

The number one thing to realize about Mint is that their business model is disingenuous and flawed. It’s a company built for the advertisers, not the users. To that end they have provided some nifty pie charts (quite possibly the worst of all types of charts) and some annoying auto-categorization all in the name of getting you to give them access to your financial transactions. All of this is built on top of a privace policy and terms of service that are about as ironclad as a bowl of jello. Moreover the whole idea that they go to Yodlee who fetches 2 or more day old financial data is rediculous and will be over in about 12 months. That’s when banks will basically change the rediculous model of Yodlee-like companies that scrape data to what consumers really want: You go to your online bank account, tell them you want your OFX data sent to this URL every 12 hours or whenever there is activity. You give them a url and a login for the receiving url and vioala–your data is sent where you want, safely, without giving out your online banking password. This will make all kinds of companies that can create better software than mint (oh, it IS awful, this mint) and the consumer will have the power to determine where it goes. So what if you pay $1.00 a month for the privilige—it’s a great model for the consumer and the banks (or any company that wants to deliver statements) and then say goodbye to mint! Plus the Mint killer is coming in November…. I’ve seen it and it’s amazing! It’s WAY more powerful and WAY cooler…

Aaron,

I’ve heard, visited and researched Mint’s website, which makes me a potential customer. I won’t lie, I have my questions about the security but I’ve held off deciding until I hear more about the company.

As a TC reader(thanks mike), , I get the chance to research Mint again only this time, the Mint blog responses are seemingly a back and forth session between Mint and the TC audience, over layers of security within Mint.com.

I’m not sure if you’ve hired a marketing person yet, you probably should.

One of the first things you don’t do in with your market, is get defensive about your product. Whether your choosing to argue or not, it seems that way to me and because of this, now I think Mint really isn’t SECURE.

Make a “statement” about the level of your security (and here is where you make the “BOLD” statement) and then get your butt going on how to show your customers that Mint’s SECURITY is bar none.

Everyone remembers the famous Colonel Jessup speech in A Few Good Men but for th above conversation, it also bears another great comment:

Lt. Weinberg: “I strenuously object?” Is that how it works? Hm? “Objection.” “Overruled.” “Oh, no, no, no. No, I STRENUOUSLY object.” “Oh. Well, if you strenuously object then I should take some time to reconsider.” (courtesy of http://www.imdb.com)

Stop arguing and start proving “MY” personal financial information is “SAFE”!

Hey, maybe Mint and Sleep.FM - The Social Alarm Clock could cross market.

Be awakened to audio messages pertaining to your financial details on Mint

“Wake up, wake up…I’m sorry to say but your broke, you really need to get up and go to work!”

LoL

I see Mint getting more powerful, in a way I like that my bank sees Mint checking my account, this tells my bank we (all Mint users) will take our business where we find the best deal.

“Mint uses Yodlee to connect to your financial institutions. This is the same back-end aggregation system used by Bank of America, Fidelity, and Microsoft Money. Yodlee’s security practices have been audited by the NSA, Visa, Mastercard, and numerous major banks.”

I’ll guess my bank knows about “Yodlee” and hopefully doesn’t allow it to skim too much info. But this tells me the banks need to offer multiple access levels of online banking as web tools become more popular/useful/powerful.

Ryan - that was the funniest thing I have heard all day!

“You just made a buttload of cash on the google stock, sleep in another hour”

or

“You are a blogger - you aren’t allowed to sleep”

thanks for the funny!

@Aaron (17)
This is a progressive idea, but ultimately your service will be a predecessor to similar services that are offered by the country’s banking institutions. IMHO, Mint is targeting the middle/upper middle class market, who have shown interest in products such as theirs by using online banks such as ING. While refreshing that the CEO of an unknown web startup can come onto an open web forum to talk about security, but the problem of being an “unknown brand” will linger in the head of the consumer.

“I’ll make a bold statement: You’re safer on Mint then with online banking. On Mint, you’re completely anonymous. We never ask for a name, address, or SSN - just an email. We know about your finances…but not about you. We’re also independently verified by Verisign, TrustE, and several outside agencies.”
Aaron Patzer
Founder & CEO, Mint.com

The success of Mint and Wesabe in the tech community demonstrates a need for consolidation of a personal finances, but your target market is afraid of you. They have no idea who you are and why they should trust you. In Mint’s case, we are “anonymous” but they have sensitive data that is being shared with outside companies. It is difficult for us to trust a company whose revenue generation model is to disclose that data to advertisers.

@techcrunch
Instead of using Mint, I am going to use Virtual Private Bank (http://virtualprivatebank.com) which is a free service offered by Commerce Bank (http://commerceonline.com). - -To be transparent, I am an employee of the Bank.- - Virtual Private Bank (VPB) is the finished product in a market that Mint has just entered, and includes the following features:

* A comprehensive view of all financial information in one place, no matter where that financial information is held.
* Access to your complete financial information 24/7 from anywhere with an Internet connection.
* Access to numerous reports and calculators to enable you to get a better understanding of your financial picture.
* The Vault, which acts like an online safe deposit box, gives you one safe place to scan and store personal and private information.
* Tracking of frequent flyer miles and rewards points in one place plus set alerts to receive a notification when redemption levels are reached.

As a nationally regulated financial institution, data privacy is a top priority. Below is an excerpt on security from the FAQ:

“What security is in place to protect my data on Virtual Private Bank?

VPB is a non-transactionable system, no money moves in or out of VPB.
VPB has numerous security features to ensure your data is secure including:
* Firewalls
* Watchfire’s AppScan Technology
* Certified Hackersafe
* 128 bit encryption
* 24/7 monitoring
When you log on for the first time, you will be asked a Security Question. The security response is used to validate your identity in the event of a forgotten password.

All data is stored at SunGard Data Systems, the most secure facility available in the industry and the home to data from the 500 largest companies in the country.

You can view the Security video (https://virtualprivatebank.com/learnmore.htm) for more information on the system’s security.”

With Mint’s market covered by regulated financial institutions, there are three other “markets” available: high net worth, subprime, and consumer. The first two markets are outliers, the former because they have professionals managing their money, and the latter because financial tracking is not a primary concern. That leaves the consumer market as a prime target because they are not skeptical of new technology, and tend to “embrace the chaos”.

What surprises me is that with all the talk of personal financial aggregation, Geezeo and their iWant Facebook application have slid under the radar. Geezeo started as a simple concept: check your account balances through SMS, 24/7. Their service takes advantage of a simple technology available to most people in their target market (non-skeptical consumers), and they employ college students (a significant portion of their market) to help build brand recognition. For Security Geezeo uses CashEdge, who provides services to large financial institutions including Bank of America, Citibank, HSBC, Wachovia, and Royal Bank of Canada.

Geezeo has expanded its service to offer features similar to their competitors including a blog, discussion groups, and categorization of transactions, but was first to take the next step and build a Facebook application. iWant helps users set goals, recruit donations, and monitor their banking accounts setting Geezeo apart because they have created an intuitive application that is easily accessible to 40 million+ consumers.

“Your premium brand had better be delivering something special, or it’s not going to get the business.”
- Warren Buffett

With a number of competitors, the only thing special about Mint is its vanity.

Thanks, Allen

There is a ton of cross promotional Sleep.FM plans on doing. Stuff that is very amusing, but at the same time useful!

Hmmm, Im going to write a list….. LoL

[disclosure: i'm an investor in / advisor for Mint]

fyi, the back-end service Mint is using for account aggregation is Yodlee, which is also used by a few well-known financial services & banks such as Ameriprise Financial, AOL, Bank of America, Fidelity, JPMorgan Chase, Merrill Lynch, and Microsoft.

i also wonder if all of you folks in the comments are as concerned & as inquisitive about your local banks and medical institutions, which have just as much if not more access to sensitive data, and probably much more lax security procedures than Yodlee or Mint.

however, all security concerns aside, my alter ego #29 FDM took the words right out of my mouth. security is a feature, but it’s not the only feature. and for many users of Mint who don’t have a lot of money — indeed, who might be a single mom with 2 kids — saving money on bills & having a better handle on how they spend their finances might be a helluva lot more important than biometric security measures & two-factor authentication. she’s probably a lot more concerned with how to save $1000 in the next 6 months that she can spend on new clothes, a bike for the kids, and maybe trying to pay off some credit card bills.

Allen: no disrespect, but the guy who built the first Citibank online credit card processing system isn’t exactly the target user for Mint. we hope you find it useful, but if it doesn’t meet your security requirements, then by all means don’t use it.

meanwhile, there are plenty of busy people out there who could use a better way for them to track their finances, help them save some money, and remind them when they need to pay a bill to avoid late fees.

while those folks are concerned about security too, we’re pretty confident we’ve done our homework to provide them a high level of assurance their information is being handled responsibly.

just my .02,

- dave mcclure
http://500hats.typepad.com

I’m pretty sure that using a service like Mint, where I hand over my account number and password to a third party, would break the terms of my bank’s online access agreement. As such, my bank would not be responsible for any fraud in my account and I would stand to lose a lot of money. Not something I would want to risk.

And Aaron, what you are missing re: anonymity is that once a hacker has some anonymous account numbers and passwords, they can log into the bank’s site and get the name, address, SSN etc.

dave mcclure wrote: i also wonder if all of you folks in the comments are as concerned & as inquisitive about your local banks

I’m concerned about the security of my bank but the big difference is, if my bank has a breach, they are responsible for fraud in my account. If I give away my account and password, I’m responsible. Check your bank’s service agreements!

I like FBI website. What if Mint.com went bankruptcy and stole your account for health care purpose what would you do?

Ohhh…. So, busted….

Avoiding Credit Card Fraud:

* Don’t give out your credit card number(s) online unless the site is a secure and reputable site. Sometimes a tiny icon of a padlock appears to symbolize a higher level of security to transmit data. This icon is not a guarantee of a secure site, but might provide you some assurance.
* Don’t trust a site just because it claims to be secure.
* Before using the site, check out the security/encryption software it uses.
* Make sure you are purchasing merchandise from a reputable source.
* Do your homework on the individual or company to ensure that they are legitimate.
* Try to obtain a physical address rather than merely a post office box and a phone number, call the seller to see if the number is correct and working.
* Send them e-mail to see if they have an active e-mail address and be wary of sellers who use free e-mail services where a credit card wasn’t required to open the account.
* Consider not purchasing from sellers who won’t provide you with this type of information.
* Check with the Better Business Bureau from the seller’s area.
* Check out other web sites regarding this person/company.
* Don’t judge a person/company by their web site.
* Be cautious when responding to special offers (especially through unsolicited e-mail).
* Be cautious when dealing with individuals/companies from outside your own country.
* The safest way to purchase items via the Internet is by credit card because you can often dispute the charges if something is wrong.
* Make sure the transaction is secure when you electronically send your credit card numbers.
* You should also keep a list of all your credit cards and account information along with the card issuer’s contact information. If anything looks suspicious or you lose your credit card(s) you should contact the card issuer immediately.

I saw Lifelock on TC. Now, Lifelock founder quits….

Gosh…if T.C. users were the target market Mint would be at the gallows. But since it isn’t, perhaps they do have the chance to target not only single moms (as Dave McClure suggested) but most middle class households. The graphic representations of your cash flow and ease-of-use rivals that of the latest Quicken software for personal finance.

Security, however, is crucial - DUH! And the CEO’s responses sounded a bit scripted.

Nevertheless, like it or not, the internet will house ALL of your financial data and everything else about you SOONER OR LATER…and many financial institutions like Bank of America provide customers with not only increased Fraud Protection and Security features for Online transactions, but also Fraud/Identity Theft Resolution where they reimburse stolen funds.

Don’t get stuck on the SSN issue….your SSN is Already Everywhere on the net and most ‘techies’ can tell you how to find anyone’s SSN.

Besides, trans

You know….

This great country still fighting war on terrorism, counterfeits money, drugs, and anything illegal. What if Mint.com’s information accidentally ship to axis of evil, Columbia drug lord, terror funding groups, telemarketing groups, and bad guys?

Aaron, it is great to see you on the thread. This is a big improvement from last time. And, I always respect Dave’s comments, even though some might argue that he is saying there are more important features at Mint besides security. Obviously, he didn’t mean that or that a mom with 2 kids wasn’t smart enough to care.

I am wondering, though, why no one from Mint will answer Allen’s question about fraud protection. It was posed over and over after TC 40 here and on other blogs. A straight answer (even if it is “we are working on agreements with banks to cover you in the future”) would go a long way toward building trust. I can understand sidestepping Wade’s points, although I think that these should be answered too on your site, but you can’t keep dodging Allen or the beauty queen.

Mint’s business model is: spam you with customized offers. They look at your bank statements, find your weak spot and exploit it for the benefit of their real customers: service companies.