Hacker News new | past | comments | ask | show | jobs | submit login

This is why I never wanted to use Mint, although maybe Mint is better about this now.

I've also seen online mortgage applications ask for banking and retirement account passwords for the purpose of automated form-filling. It seems very shortsighted to give away your password to save 5 minutes filling out a form.

The nightmare scenario is that you give your bank account password to one of these screen scraping services, someone manages to hack them and empties your account, and you can't get the money back because giving away your password violates the terms of service for your online banking.






Mint used to sync with Chase and Wells Fargo through sketchy scraping, but those banks have since then integrated with Mint over APIs. Mint then disabled syncing until customers reestablished the connection with the new, more secure, method (which I thought was a good move)

For a while they were using Yodlee for the backend (which did all sorts of weird stuff), but I think they rewrote it after Intuit bought them.

They definitely use Plaid or a similar service to scrape data. The few banks that offer APIs do have it.

I don't have issues with Mint. As somebody suggested, Intuit has the privilege of having a different level of access unlike Plaid - maybe due to the importance of QuickBooks to both individuals and businesses.

The cynical part of me is convinced that banks would want to secretly run and popularize this kind of service as honeypots for collecting passwords sharing violations as a future liability defense.

That’d probably risk a counter-suit for willful negligence.



Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: