As described in the Terms of Use and with your consent, Mint will from time to time connect electronically to your online bank, credit card and other online financial accounts and obtain account information from those third parties (“Account Information”) in order to provide the Service to you. Mint does not at any time store or retain your online credentials, whether in the form of Login IDs, account numbers, passwords or pins for this Account Information.

Mint uses your Account Information as follows:

to offer the Service to you;
to deliver information relevant to your financial interests, such as savings offers from third party product and service providers (“Mint Offers”)
to deliver administrative notices such as alerts and communications relevant to your use of the Service;
for market research, project planning, troubleshooting problems, detecting and protecting against error, fraud or other criminal activityMint's Full Privacy Policy (https://wwws.mint.com/c/privacy.html)

I'd like some clarification here. I added several accounts initially and it continues to update data from those accounts. How is this handled if my credentials are not stored? (Even if I go to, say, the American Express site, it requires me to login each time, times out after 10 minutes, etc).

Does this link (http://forums.mint.com/showthread.php?t=703) provide the information you're looking for?

Does this link (http://forums.mint.com/showthread.php?t=703) provide the information you're looking for?

Ahh, ok, I see... so SOMEONE stores the credentials, it's just not Mint.com.

I'm posting simply to suggest that you need to advertise that you use Yodlee on the backend. Most of the comments I've read (on digg) are to the effect "why would I give my bank login to a startup?" If you make it clear (such as on http://www.mint.com/safe.html) that you aren't storing login info and are delegating the responsibility to Yodlee it may appease those afraid of a startup. I can testify to it as I'm one person that was swayed since I know, trust, and have used Yodlee for many years on various fin. inst. aggregation sites.

Will mention this.

I'm posting simply to suggest that you need to advertise that you use Yodlee on the backend. Most of the comments I've read (on digg) are to the effect "why would I give my bank login to a startup?" If you make it clear (such as on http://www.mint.com/safe.html) that you aren't storing login info and are delegating the responsibility to Yodlee it may appease those afraid of a startup. I can testify to it as I'm one person that was swayed since I know, trust, and have used Yodlee for many years on various fin. inst. aggregation sites.

Actually, that doesn't do it. If the traffic is going through mint.com then Mint staff/contractors--however unlikely--would be able to see your credentials (perhaps only when you add accounts), UNLESS the add-account function uses Yodlee's SSL certificate in an iframe, not Mint's cert, assuming Mint had no access to Yodlee's private key. (But, of course, that might set off alarms in IE/Firefox.)

Otherwise, insiders or spyware on one of Mint's servers could do it. Mint is a middle-man, passing the info to Yoddlee but not retaining it. But they'd still be part of the risk equation. Moving the data to Yodlee reduces and transfers the risk, but it does not eliminate it.

Here's my question: DOES Mint do criminal background checks of all its staff and contractors? Credit checks?

FYI, I went ahead and registered. The previous post/question was mine.

Criminal background checks?

" Here's my question: DOES Mint do criminal background checks of all its staff and contractors? Credit checks"

Yes, as I had to undergo one to be hired. I also need to add that Mint employees can't view your username and passwords for your bank or credit card.

From our privacy & security policy:

Access to your Registration Information and your personal financial data is strictly restricted to Mint employees and contractors, as needed, in order to operate, develop or improve the Service. These individuals have been subject to prior background checks and are bound by confidentiality obligations. They may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.

That's an anecdotal answer ("I had one"), not a control answer, so...

Is it Mint's policy and practice that all employees *and* contractors (that includes those guards with guns at the data center) undergo independent criminal background checks, credit checks, and drug testing? (And are exceptions ever granted?)

The reason I ask this isn't to be a jerk. A lot of the questions here focus on technology, and, frankly, that's not where most security problems come from. People and process issues present far more infosec risks than technology. (Full disclosure: I work as an infosec analyst at a major financial institution.)

Also, I'm more concerned that Mint asks this question internally and has an independent auditor (e.g., PWC) verify good practices. Frankly, I think y'all are posting way TOO MUCH information here in public.

Regarding mint employees seeing usernames/passwords: What about contractors? Also, if they can't, just how does the username and password info get from my browser to Yodlee? Doesn't it go through Mint systems (or subcontractor systems) somewhere? Surely a network engineer with a sniffer, or a UNIX/Windows/Linux admin with a packet capture utility could grab the info.

how i finance in an any organization? How is this handled if my credentials are not stored?

How is our data going to be changed when Intuit takes over? Will the policies change or be updated? if so when will we see them updated and POSTED? A lot of users do not like the idea of Intuit changing policies and culture of Mint and are already deleting their account. Users REAL promises and statements from Intuit Management that things will only improve.

packet sniffer wont do you any good if it is encrytped. they will just see the encrypted form of your information.

I came across this surprisingly riveting debate between four people who are competing to become the nominee of the Republican Party for a Congressional/MP election in a Texas constituency. It provides ample time for candidates to explain their views and for potential voters to make an informed judgment.Actually the reason I chanced upon this video is because Ron Paul is one of them. But imagine if we could have a similar event with politicians who want to become the Congress/BJP candidate from your constituency! Or at least between candidates of opposing parties in a Lok Sabha seat?A low-key political battle has been going on in Bangalore for the last few months. Our state government wants to pass legislation that will make killing of cows a bigger crime than it already is, with imprisonment upto 7 years and fine of 1 lakh rupees. In the words of Home Minister V S Acharya, "There is an anti-cow slaughter law in force from 1964 (link, PDF) but it does not brand cow slaughter as a crime. So we are bringing in holistic changes in the law and the new bill has been framed taking into account Article 48 of the Constitution (link)"Acharya headed the Cabinet subcommittee that okayed the amendment. The state legislature is expected to vote on it next week.On Friday, students of Bangalore University protested as consumers: "Scores of students assembled in front of the college hostel, lit up a fire, cooked beef and had a mass feast, all in protest.(Unfortunately I couldn't find pictures or Youtubes of the above event.)Deve Gowda thinks it is against the interests of farmers. He wondered "what farmers should do with ageing cattle that neither yield milk nor are fit to be used in the fields. It is an economic issue. A farmer has no option, but to sell the aged cattle. The farmer will not be in a position to feed it."Meanwhile, there's a Beef Mela (!) being planned for 25th (Thursday) at Town Hall. "'Beef samosas, beef rolls and beef biryani will be served to the people in front of the Town Hall,' said RPI State unit president M. Venkataswami before declaring that the State Government could not take away the food rights of Dalits by enacting the proposed Bill.

Thanks for sharing this post. This is a very helpful and informative material. Good post and keep it up. Websites are always helpful in one way or the other, that’s cool stuff, anyways, a good way to get started to renovate your dreams into the world of reality.On Friday, students of Bangalore University protested as consumers: "Scores of students assembled in front of the college hostel, lit up a fire, cooked beef and had a mass feast, all in protest.(Unfortunately I couldn't find pictures or Youtubes of the above event.)Deve Gowda thinks it is against the interests of farmers. He wondered "what farmers should do with ageing cattle that neither yield milk nor are fit to be used in the fields. It is an economic issue. A farmer has no option, but to sell the aged cattle. The farmer will not be in a position to feed it."Meanwhile, there's a Beef Mela (!) being planned for 25th (Thursday) at Town Hall. "'Beef samosas, beef rolls and beef biryani will be served to the people in front of the Town Hall,' said RPI State unit president M. Venkataswami before declaring that the State Government could not take away the food rights of Dalits by enacting the proposed Bill."





__________________________________________________ _______________
putters (http://www.puttingpal.net/putters.html)