A reader recently asked me about what I thought about the fact that financial aggregation site Mint requires you to give them limited Power of Attorney when using their website. There was also a recent discussion on Bogleheads about it. You can find it in the Terms of Use Agreement page.
For purposes of this Agreement and solely to provide the Account Information to you as part of the Service, you grant Intuit a limited power of attorney, and appoint Intuit as your attorney-in-fact and agent, to access third party sites, retrieve and use your information with the full power and authority to do and perform each thing necessary in connection with such activities, as you could do in person. YOU ACKNOWLEDGE AND AGREE THAT WHEN INTUIT IS ACCESSING AND RETRIEVING ACCOUNT INFORMATION FROM THIRD PARTY SITES, INTUIT IS ACTING AS YOUR AGENT, AND NOT AS THE AGENT OF OR ON BEHALF OF THE THIRD PARTY. You understand and agree that the Service is not sponsored or endorsed by any third parties accessible through the Service.
Sounds serious! My first thought is that without this clause, Mint could not perform their intended service of being a one-stop shop for all of your online financial accounts. They would essentially have to walk up to every single site and ask for permission to be an official portal for them, yet at the same time be released from liability. That would be basically impossible.
In the end, you are giving up some of your rights in exchange for the convenience of having all your accounts checked for you at once. If you are worried about something going wrong with either Mint, a rogue employee, or a malicious hacker getting access to your personal information, then you might consider limiting what accounts you link.
Along that line, I would think that credit cards would be both the most helpful to link since you can then track your expenses, while also having the least exposure to fraud. This is because as long as you report any fishy behavior to your credit card issuers as soon as you find it, you likely won’t be liable for any unauthorized charges. (And if you monitor regularly with Mint, you’ll be that much more likely to notice…)
However, I for example would be more hesitant to link my Vanguard and Fidelity accounts with the bulk of my IRAs and brokerage accounts, as the benefits aren’t as great. Most of my net worth is stored at those brokers, and any screw-up would be highly stressful. Besides, I can usually check my balances at those sites separately with little added effort.
What do you think?
I guess all of us Mint users are putting a lot of faith in the fact that Mint.com is owned by Intuit, which is a fairly large company. Since Intuit also makes Quickbooks and TurboTax, there is also the possibility that a rogue employee puts in code or finds some other way of compromising user information. So far, I’m willing to give Intuit that slack, but I think people should definitely be aware of the risk before they sign up for Mint.com.
doesn’t intuit/mint just use yodlee as a backend? yodlee doesnt require this in their TOS do they?
I thought you used yodlee jonathan?
Typical case of lawyers gone wild. Give them a hand, and they will take the arm. Corporate lawyers are often fully focused on CYA (cover your a…), and forget that what they are proposing is not realistic or can hurt the business long term.
In the end I wouldn’t be surprised if it takes litigation, prompted by an unintended or malicious misfire of the system, to sort out the real limits and authorities of this type of agreement. It seems likely all parties are swimming in legally untested waters.
Is this is the case, what would be the difference between this and paid quicken? :S
I still have my brokerage accounts linked to mint and I’m glad I do. I was able to detect a $2 service charge that TDAmeritrade assessed to me for unable to electronically deliver my statement and having to issue and mail a paper statement. I was able to call customer service to dispute that charge, but I probably wouldn’t have noticed if I hadn’t had linked my account to mint.
Mint.com is only suitable to those with a negative net worth. There’s nothing to lose! How can you trust putting all your financial info in ONE WEB SITE ONLINE!?
I had to go to the register page on Yodlee to find their TOU, but it has exactly the same verbage. They probably need this limited PoA to access your accounts at the providers’ sites.
“Updated January 9, 2010
For all purposes hereof, you hereby grant Yodlee a limited power of attorney, and you hereby appoint Yodlee as your true and lawful attorney-in-fact and agent, with full power of substitution and re-substitution, for you and in your name, place and stead, in any and all capacities, to access third party sites, retrieve information, and use your information, all as described above, with the full power and authority to do and perform each and every act and thing requisite and necessary to be done in connection with such activities, as fully to all intents and purposes as you might or could do in person. YOU ACKNOWLEDGE AND AGREE THAT WHEN Yodlee IS ACCESSING AND RETRIEVING INFORMATION FROM THIRD PARTY SITES, Yodlee IS ACTING AS YOUR AGENT, AND NOT THE AGENT OR ON BEHALF OF THE THIRD PARTY. You agree that Yodlee’s third party account providers shall be entitled to rely on the foregoing authorization, agency and power of attorney granted by you.”
Mint’s investment tools are extremely useful, especially now that I’ve got 1-2 years of history there. I think it’s definitely more helpful than Vanguard’s website. Mint has some awesome cost basis & S&P 500 comparison tools. (Haven’t used Fidelity’s site in forever so I can’t speak to that…)
I was long hesitant to sign up for Mint just because of the risk/reward on the site getting hacked. Finally signed up for it in the fall, and have enjoyed the greater transparency the site provides.
Beyond my regular checking/credit cards/savings, I would be hesitant to link in brokerage accounts. From what I know, you would not have as much consumer protection preventing losses as you would with CCs, for example.
Likewise, IRAs, 401ks, etc are more long-term holdings. I check up on my account on Vanguard regularly, but most investors would probably be better served to not have a blow-by-blow update on their account swings, for their health and the health of the account.
Given the aggressive nature with which Intuit pushes their services via TurboTax/Quicken, I don’t think it would be wise to trust them with account credentials with which they could make any changes, withdrawals, etc.
Fortunately Wells Fargo allows its users to create selective access account logins (called “guest users”), suitable for situations like this…
Mint used to use Yodlee as their backend screen-scraping service, but since Intuit bought them last year they were supposed to switch to an Intuit-based service that powered the now-defunct Quicken Online. I’m not sure of what the status on that is.
But yes, I think Yodlee also required a limited power of attorney, even though they never really got very popular.
I’ll vote no! Wow that was easy…pass that along to CONgress.
bb, although I don’t agree that was funny.
Is Quicken Online defunct? I use it every week or so to look at my cash flow forecast, something that Mint doesn’t do yet. Or does defunct not mean what I think it does?
Well, Quicken Online is no longer accepting any new users, and will not be adding any new features. Depends on what your definition is… perhaps not totally defunct. 🙂
Personally, prefer Quicken. I don’t have to give them my passwords (nor a POA). I store my data in hard drive separate from my computer. I always manually enter my passwords when downloading. I could not imagine using Mint to save “$10/year” or so, and have all my personal financial data aggregated on one place, online.
I have my brokerage account linked to my Quicken Online account as a big chunk of my income in generated by dividends. Without them included, it would look like I am overspending every month.
I’ll use pencil on old chewing gum wrappers before I EVER use Mint.com or another website that wants to hold my financial information. It’s astonishing to me that anyone would use it at all, let alone give it passwords to other accounts.
perhaps they need a POA to process bill pay – a coming feature?
A security bleach at mint.com will be something BIG.
I registered directly on Yodlee.com and use them exclusively. My theory, FWIW, is that a security breach for Yodlee would destroy their entire business model, whereas for Intuit & the like it might just be a sideshow.
I would prefer that all my financial contacts give an option of simply emailing me the results of every transaction in or out as they occur. That way I’d know of any transaction I didn’t expect, and would not have to wait for the statements to be issued. This would be especially handy at ferreting out fraudulent transactions. No one offers this, as far as I know.
I use “Full View” on Fidelity which gathers all account information using Yodlee. Their terms of service also includes the “limited power of attorney” clause. Interestingly it also states “Fidelity representatives do not have access to Full View to assist you. They are restricted from the service because of the one-click access to third party sites. “
I have never used Mint. My reasoning has always been that I don’t want one entity to have access to all my accounts. Sure, it’s more work for me to track stuff by hand, but I think it’s somewhat safer that way.
Yodlee MoneyCenter has already implemented a BillPay service
The PoA doesn’t seem to have any bearing on how likely or unlikely it is that you will be ripped off.
Seriously, if there’s a rogue programmer or their system gets hacked what does the hacker care if you signed over PoA when you registered? They already have your credentials at that point, and they certainly won’t care if they are violating the ToS of financial institutions (by pretending to be you and not acting on your behalf). They’re about to log in and wipe out your account! 🙂
Like Jonathan said, the have to get the PoA, so they don’t violate ToS when they log in saying they’re coming on your behalf.
@Philip i think the point is if you get ripped off at that point, its ok because the people who ripped you off have the power of attorney and they can do anything you can do by physically doing it, IE a withdraw from your account. so thats basically saying your not getting ripped off they are legally taking your money out of your account and putting into theirs……