Over the past 24 hours, you may have read news reports in the Washington Post, the Boston Globe and elsewhere that millions of Americans may have recently been fraudulently charged about $0.25 each from merchants named Adele or GFDL.In response to this news, We reviewed all users’ accounts today and identified that you have a charge from one or both of these merchants.
We'd bet that the affected users were pleased that Mint was looking out for them, but we'd be a little nervous that Mint had gone through all of our charges. What do you think?
Thanks, Noah!
]]>I believe Wells Fargo typically objects to storage of this information by aggregators, but for all other FIs, *somebody* definitely stores your FI login info. That's how they download the information automatically. Then, as you say, that transaction information is stored on their servers.
]]>Several people in the comments have gotten it right. We simply did a database query to identify users that were charged by these scam artists. We do not go through individual user transactions, nor do we store any names, only e-mail addresses. We will continue to keep our brand promise of 24/7 financial protection as best as we can.
Thanks all,
Jason Putorti, mint.com
Every report, alert, etc that Mint provides is a query on that database. It prepares these reports for you. They go through all your charges every day to send you alerts such as "high account balance" or "unusual activity in category: auto." This is just "Unusual spending on category: SOMEONE IS STEALING FROM YOU."
Anyone who is bothered by Mint "going through their transactions" is not signed up for Mint.
]]>I love Mint, they've been informing me of the ridiculous raising of interest rates on my citi card. Citibank=fail. Never miss a payment, none of that crap, and my interest rate goes up 6%, even as my chase interest rate drops nearly as dramatically. Thanks Mint, for keeping my informed about all sorts of misdeeds!
]]>I don't understand how they can not "see" or "store" it, but they can still update your transactions regularly? Is it stored in a cookie on my browser or something, sent directly to my bank?
If you use Mint, do you have to log in to your bank sites every time you start it up?
]]>Mint uses your Account Information as follows:
* to offer the Service to you;
* to deliver information relevant to your financial interests, such as offers for ways to save from third party product and service providers ("Mint Offers")
* to deliver administrative notices such as alerts and communications relevant to your use of the Service;
* for market research, project planning, troubleshooting problems, detecting and protecting against error, fraud or other criminal activity; and
* as otherwise set forth in this Privacy and Security Policy.
I'd be thrilled and a little turned on if someone wanted to watch me have sex.
Unless it was like, my mom or something. That would just be weird.
]]>Huh?
]]>as much as I have bashed on Mint in the past for the inherited security ricks of this type of server, this act is the type of service which makes the benefit start out weighing the risk of using it. Well done mint.
]]>"...we'd be a little nervous that Mint had gone through all of our charges. What do you think?"
I'm a Mint user and I really have nothing to hide. But I'd say that I'm pretty sure that the Mint team just did a database search for the problematic specific charge rather than look through entire accounts. I know they have the power to look into more, and guess what? They already have my finance information already. In other words, to me, it seems already like an "opt in." If Mint's Terms of Service don't address this kind of warning, perhaps their legal team should consider including it so that people know what they're signing up for to avoid the anxiety this kind of messaging might have caused.
I think this is goes "above and beyond" what's expected and I applaud Mint for doing it. I wish credit card and checking companies took note.
]]>@Thataboy: Exactly.
]]>@Blueskylaw: People sign up for an account with them and provide it.
CC companies CAN, they choose not to because for ever $.25 charge to an account they billed a $.75 transaction fee
]]>@hellinmyeyes: Of course they could...so could amazon or ebay or anyone else with an online store or any other online system that accesses your info.
I disagree that that wasn't the point - it seems pretty straightforward someone thought it was a manual process...we're a little nervous that Mint had gone through all of our charges
]]>How do these companies get millions of credit card numbers/information?
How come credit card companies cant tell that something is wrong when all of a sudden they start charging millions of people a quarter?
Thinking about it from a programming standpoint... all they had to do was write a function that said:
IF there was a charge by COMPANY X, SEND EMAIL to user
I don't see that as a breach of privacy.
]]>@downwithmonstercable: Yeah, they do classify your purchase based on the overall classification given by your credit card, so I'm sure this charge was classified a certain way. Not that challenging to run a DB query for ".25" and "Misc Fee" or whatever.. or even ".25", because who charges 25 cents to their credit card?
]]>@Eldritch: I think in this case, they probably ran a query across their database to check for a certain piece of information, like the name of the company. I don't think they looked at each transaction. In Mint's case, they already have all that information there, this was just a case of filtering out anything besides that specific transaction.
]]>Go back to England.
Sorry, I enjoy my freedoms.
]]>I got that email from Mint, but I was NOT dinged by Adele, GFDL, or anyone else wanting 25¢. So, I don't think that Mint actually scoured everyone's account for this. It was more like an FYI email blast, I figured.
]]>My roommate (who is big into conspiracy theories) got into an argument with me about Big Brother. I told him I didn't care so much that I was being watched because I do not do things that are illegal. No matter what I said though it was like talking to a brick wall.
]]>My philosophy on "Big Brother": If you're not doing anything wrong, then why complain if someone is watching. It's not the watching you should question but the actual "idea" that something is wrong/illegal.
]]>and now fraud alert? Mint FTW!
]]>I'm sure Mint didn't "go through" everyone's charges to see your porn subscriptions and ACLU fees. It was probably as easy as running a search for a term like "Adele Services."
If that runs afoul of your privacy expectations, 1. you need to get a grip, and 2. what the hell are you doing using Mint?
]]>We'd bet that the affected users were pleased that Mint was looking out for them, but we're a little nervous that Mint had gone through all of our charges.
Um...I don't think someone sat down and manually went through all the charges for every customer. A simple query on the database looking for the reported charge amount(s) and the reported merchant name(s) would yield the results. Seriously maybe 2 minutes of work.
]]>Big Brother is watching you. But at least he's got minty-fresh breath.
]]>I'm torn on this one.
]]>I guess it all goes down to whether I think they would use that info for bad things or else if they just "know". Collecting data is fine too as long as it was an aggregate type of data collection... Just my 2 cents.
]]>go mint!
]]>