One of the latest huge web 2.0 services out there is Mint. They provide a service to collect your banking information; that’s what I call smart phishing. They get willing users to provide their banking information without a second thought. They provided quite a few policies to say that they will not use this information for evil. The thing is if I was to try to hack any site this would be the one.
Okay, lets step back… When you first create an account on mint you get prompted by a window stating that you will be asked to “Enter your bank or credit card user name and password once.” First red flag goes up. They want me to do what… enter my confidential banking information on a site I have no idea about? For all I know this site could be a good looking scam site without any real benefits. Most people would not even put this thought in their head as they read a review by some trusted source saying it was a good service.
The next step is the one that scares me; it actually asked me to enter my online banking username and password on a site other than https://mybank.com. Wow, people are actually uneducated enough about security to follow through with this? I feel that the security industry has just failed.
There are a few common rules to protect yourself online; The first being to use a really strong password, especially when money is involved. The second is before entering your username and password into any service always make sure it is the one you originally signed up for (not a third party site). The third is if you are unsure about a site do not use it.
Mint clearly is breaking common sense rule number two. They are collecting your banking information and you have no idea how truly secure their site is. Banks have to secure your information due to various laws. Third party sites do not have these same laws they have to abide by, they could accidently leave a server wide open and only get a slap on the wrist. If they did anything bad enough they would just be able to file bankruptcy and all of the end users are dead in the water.
The only people who should use the services such as mint are the ones who do not care if one day they realize their account has been cleaned out.
