
Ask HN: How does Mint.com work? - grep
Mint.com connects to your bank account, credit card account, etc, and downloads your data. How do they do that? Do they need any special authorization from the banks or it's an open API? How about security? Can you please explain their back-end system?<p>The same question applies to Blippy and inDinero. Anyone know what these guys are doing on the back end to get the transaction data?
======
jlm382
This is Jessica from inDinero. We use the same technology that Mint uses --
namely, integrating with a third party service called Yodlee. They take care
of aggregating financial data through various means. Screen scraping, direct
OFX feeds, etc...

The typical question is, why do Mint and inDinero use Yodlee instead of
building the solution out themselves?

1) Security Liability. No startup should ever have to deal with the problems
that go with storing passwords to financial accounts. Yodlee is in the
business of security, they have direct feeds with major banks, making it much
easier (and safer) to just integrate with them.

2) Mass quantity of banks. Screen scraping from so many banks is a pain in the
__*. It isn't standard either -- compare the bank website of Wells Fargo to
that of a local credit union that asks 5 security questions upon login. In
short, it's a brutal nightmare.

3) None of our businesses are in the business of screen-scraping. If Mint had
to spend the first year of business integrating with banks, they wouldn't be
successful. And even once the integrations are done, you have to maintain them
in the event that the bank changes their login page or interface. In short,
it's not worth any startup's time to do manual screen scraping themselves.

Would be happy to discuss further if you DM me.

~~~
Gianteye
Would you consider working with Iphone app developers to make money tracking
and spending actionable? I've wanted this tool for a few years now. If I set
my expenses, say utilities, rent, insurance, and car payments in a system that
also tracks my purchases and income, I could see my daily budget for other
more spontaneous expenses. I could open up my app to find what my
drinking/nightlife expenses can be today, or tally up the day's spending to
see if I'm still on track with that utility bill.

The thing I've found frustrating about financial planning tools is that they
seldom give me any useful information about the purchase I want to make right
now. Instead, they tell me about the malleable resource called money, and
offer me the chance to look at it from a 3rd person perspective.

------
djb_hackernews
Straight screen scrapin' yo. I worked for a similar startup that collected
more detailed information than yodlee/mint, it was a product for financial
managers instead of consumers. We collected over a 1mil transactions per night
from over 3000 financial institutions. It was no joke. You might think screen
scraping is silly but the bottom line is if a bank had an api (OFX, and very
few do offer OFX) or formatted data downloads(csv,xls) the data tended to be
stale or incorrect. Reasoning behind that is more eyeballs are on the web
pages and so bugs/inconsistencies are noticed quicker. There was more of an
expectation for the web pages to be accurate.

~~~
grep
Can you elaborate in how "screen scraping" works?

~~~
phuff
Screen scraping means: you write a web crawler which loads up the web page (in
this case, takes your bank login user name and password, puts them in the
login form on the bank website, pretends to be you and loads up the relevant
web pages). Then you write an html parser which grabs the relevant bits from
the bank's web page (account balance, number, name, etc.) and stores those
bits somewhere useful in the local database.

~~~
wlievens
My bank (all of them where I live) uses a challenge code that I have to enter
on a separate hardware card reader. So only human login permitted :-(

------
pw
At least prior to their acquisition by Intuit, Mint's backend was powered by
Yodlee. This TechCrunch article provides a little background:
<http://techcrunch.com/2009/09/18/mint-is-yodlees-youtube/>

~~~
grep
It says that Yodlee received $2mil/year, isn't that a bit expensive for
startups like inDinero to pay? (I'm assuming inDinero uses the same system)

~~~
smackfu
I wouldn't be surprised if it is priced based on number of accounts.

------
billybob
"How do they get the data" doesn't seem mysterious once you give them your
logins. "Is this safe and why or why not" is the question I'd be much rather
have answered.

~~~
grep
Once you give them the login info, how can they get the data from the bank?

~~~
phuff
See the answers under screen scraping; basically they load the web pages up,
login as you, and parse the html to find what they need...

------
niels_olson
Last I looked into this, Yodlee's security pages were a good place to start
because they have a lot of the key words to look up.

<http://www.yodlee.com/security_overview.shtml>

A lot of the "how" is meeting security wickets (physical, application,
transport, audit, examination).

------
smackfu
They do use Yodlee but you still raise some interesting questions. Should the
bank really be allowing access by a third party using stored two-factor
credentials?

~~~
grep
I don't think Blippy uses Yodlee. Maybe they are using some kind of bank API?

------
angilly
It's not screen-scraping. They use Yodlee and CashEdge.

------
hardik
Think it should be "How mint.com works?" or "How does mint.com work?"

------
grep
Maybe someone from inDinero could join the conversation?

------
gcb
Did quicken back then also used screen scrapping? Most banks at the time
didn't even had websites.

