Protecting Your Financial Data: Mint’s Approach to Security

We understand that managing your financial information online requires a great deal of trust. At Mint.com, our number #1 priority is ensuring your information is secure and confidential.

Mint.com employs bank-level data security to keep you safe. This includes verification by independent third party security agencies like HackerSafe, and industry leading technology from VeriSign and RSA. For those so inclined, you can read all the technical details behind Mint.com’s use of SSL, encryption, and 24/7 security monitoring at How Mint Keeps You Safe. For the rest of us, here’s a summary:

Personal Information

To register for Mint.com, we ask only for an email and zip-code. We never ask for information that could be used for identity theft, such as your name or address. We use your email to deliver alerts, bill-reminders, and product updates; and your zip-code primarily to aid in accurately categorizing your transactions. A complete description can be found in our Privacy and Security Policy. The short of it is Mint.com does not sell or disclose to third parties any personally identifiable information.

Your Bank Login Credentials

First, no human ever sees your bank login credentials. We ask for your bank login only once during setup to establish a read-only, one-way connection to your bank. This allows Mint.com to pull in your balances and transactions every night without requiring any data entry from you.

To connect with banks, Mint.com has partnered with Yodlee, the trusted leader in account aggregation services. For over 10 years, Yodlee has been the provider of account aggregation services to the top U.S. financial institutions. Yodlee’s security is audited by the Federal Deposit Insurance Corporation (FDIC), the Office of the Comptroller of the Currency (OCC), and the Federal Reserve.

Financial Information

Mint.com collects and encrypts your financial data, ensuring both its security and confidentiality. Mint.com retrieves balances, interest rates, and transaction descriptions so you can see all your financial accounts in one place. We do not retrieve or store account numbers, credit card numbers, social security numbers, or your name – again, this is to protect your identity and safety.

Mint.com’s read-only, one-way view means you cannot transfer money or make a payment. While this currently precludes our offering you bill-pay, it does keep you very safe. Even if someone was able to fraudulently access your Mint.com account, they could not use it to steal your identity, drain your bank accounts or run up charges on your credit cards.

Note that Mint.com may utilize non-personally identifiable aggregate information. For example, Mint.com calculates the average spending on gas (and other categories) in each state and major city. This aggregate data lets you see whether you spend more or less on gas than the “average” Mint.com user. That’s useful for budgeting, and as a fun fact.

Our privacy statement and practices have been TRUSTe certified, which means your information is protected, consistent with government and industry guidelines concerning the use of personal information.

It’s Your Data

You can delete your Mint account and all the information you provided anytime you want (but we hope Mint.com is so useful you don’t!) Deleting your account permanently removes your transaction and registration information, including any connections established with the bank and credit card accounts you specified.

Safeguarding Against Fraud Attacks

In order to protect against phishing (phony sites that try to trick you into thinking you’re at Mint.com), always check the URL in your browser. Make sure it says http://www.mint.com or https://wwws.mint.com before logging in.

To help combat phishing attempts, Mint has teamed up with RSA – pioneers in internet security – to keep you safe. The RSA network includes many banks and financial institutions, meaning once a hacker or phishing site is detected by any one member, all members can learn about it and protect their users.

As mentioned, no human ever sees your credentials when Mint.com establishes a read-only, one-way connection with your bank. Even so, it’s worth mentioning that all Mint.com employees go through a rigorous criminal and financial background checks.

Alerts Keep You Safe

Protecting your identity and financial well-being extends beyond the bank-level security we have at Mint.com. The majority (90%) of fraud and identity theft actually starts offline, in the real world, when someone steals your credit card at a restaurant, or takes a bill from the mail. With Mint.com’s email and mobile text-message based alerts, you can proactively monitor for suspicious or unusual activity across all your bank and credit card accounts.

For example, you can receive an alert for any purchase above $500 (or $200, or $100, or whatever you’d like the threshold to be). If any of your credit cards were compromised, you’d know about it right away. That’s much better than waiting 30 days for a paper-statement to arrive before noticing something went wrong. It’s like having someone watching your back 24/7.

—

Securing and protecting your data is paramount to everyone at Mint.com. Thanks to the combined efforts of our security experts and industry leading security technology, your money, your data, and your privacy are secure and protected at Mint.com.

For more information, please visit our security page or contact us anytime at security@mint.com.