Who’s in Your Wallet?


Sites like Mint.com, Wesabe.com, and Buxfer.com tout their ability to let you handle everything from your bank accounts to your investments and your credit cards online. But is your data safe?
Log on to one of these sites and one of the first things you’ll have to do is pull together–and submit–all of the user names and passwords associated with those accounts.
As you hit “submit” to send that sensitive information into the ether, you’re bound to recall the many horror stories you’ve seen in the press about the dangers of revealing such information online. It’s a dilemma many consumers face in today’s increasingly digital world.
Money management sites require no software, and they’re free. In exchange for viewing a few of their partners’ ads, the services use the information you provide to scour through bank, brokerage, credit card, and mutual fund sites in search of your financial data. That information is then categorized and used to create a financial snapshot that includes everything from the $120 you spent on groceries to the $1,000 deposit you plunked down for your wedding dress.
In addition, the sites help you set goals (like putting a certain amount of money per month into savings) and manage your financial life without having to wade through paper statements and sticky notes. “These money management sites are growing in popularity as more consumers take hold of their finances and deal with money in this difficult economy,” says Carrie Coghill-Kuntz, director of consumer education for Norwalk, Connecticut-based FreeScore.com, a provider of consumer credit information. “They are particularly useful for the consumer who wants to do better budgeting and gain control of his or her finances without having to hire a financial planner.”
Despite their utility, the sites do raise concerns about security, warns Coghill-Kuntz. “The services themselves don’t guarantee anything in terms of your information being compromised. While your credit card company will deal with you to reverse any fraudulent charges that occur, the online money management sites work independently.”
Those independent sites are up front about what they do and don’t handle in terms of security. Wesabe’s Website, for example, offers several data upload options, ranging from fully automatic (where the site handles it all) to manual uploads (where you select what is uploaded). During the upload process, the site uses “industry-standard encryption, so none of the data is in a format that can be read by hackers.” In addition, accounts are stripped of personal identifiers like name and e-mail address.
At Mint.com, a money management site recently purchased by Intuit, founder Aaron Patzer says protecting sensitive data is a major concern. Currently vice president and general manager of Intuit’s personal finance group in Mountain View, California, Patzer says the site uses bank-level data security encryption (known as 128-bit SSL or secure sockets layer) when communicating with users’ Web browsers. “No one can intercept that information,” says Patzer, whose firm also has had security audits completed by Web security firms VeriSign Inc., TRUSTe, and MacAfee Secure.
Mint.com is also an anonymous, read-only system. So, while it knows your name, e-mail address, ZIP code, and site password, it doesn’t know your Social Security number. And when the site goes out to banks and credit card firms to fetch information, it does so in a “read-only” fashion that allows it to see the data but not change it. “Even if someone managed to get past our security and knew your password, they wouldn’t be able to drain any money out,” says Patzer, “or use your credit cards.”
Even with those assurances, you’ll want to take a few extra steps before handing over your information to an online money management site. Patzer says a good first step is to look for the “lock” in the lower right corner of your browser and an “https” domain name. These signify a secure site, says Patzer, who also advises users to install (or upgrade to) the latest virus protection software.
Coghill-Kuntz concurs, and says the underlying assumption should be that any and all information in cyberspace could potentially be compromised. Work only with reputable, experienced online money management services. Also be sure to review your individual accounts for irregularities at least once a week.
–Bridget McCrea


×