Transcription - Online Finance Software Mint.com’s approach to Security with CEO Aaron
Patzer

June 16th, 2008

Aaron Patzer founder and CEO of Mint.com, talks about Mint’s security
Hi, I’m Aaron Patzer the founder and CEO of Mint.com. Because Mint is financial software and because it links direct to your banks, people have a lot of questions about privacy and security. Keeping your information private and secure is absolutely paramount at Mint so I’m happy to answer those questions.

So first and foremost you can’t actually move money around on Mint so on the super paranoid off chance that somebody broke into Mint, into your Mint account, or somebody hacked our servers and by the way I’ll talk about all the security we do to prevent that from happening. But if they did they couldn’t drain your accounts – you can’t move money around in Mint.

Number two when you’re on Mint you’re anonymous, so if you notice during sign up we never ask you for your name or your address, or your social security number, or any personally identifying information. Just an email, a zip code and a password – and that’s it.

Number three Mint watches your back 24-7, because Mint is linked directly in to all of your banks and credit cards and brokerages, erm if somebody ever happened to steal your identity or if your credit card was swiped from the mail, or at a restaurant, or at a gas station with Mint you know about it right away because if your balance ever drops too low if somebody ever starts draining your accounts Mint will send you an email or a text message.

Number four, it almost goes without saying that when you’re a financial service, like Mint, you have bank level data security. So on Mint.com all of your communication is encrypted through SSL, we have third party verification by Verisign, by Hacker Safe, by TRUSTe, we have routine security of our network and all of our computers.

Ok, so let’s get super paranoid here, let’s assume that somebody does something that they have never done, to date, it gets past the seven layers of security, it gets past all of the Verisign and the Hacker Safe and all of the security audits that we do, breaks in and has access to the entire Mint database – what then? Well we have already learned that Mint is read-only so they can’t drain any money out of your accounts, and in fact they don’t know which account yours is because Mint doesn’t store any personally identifying information. They only know that, erm, happygirl19@yahoo.com goes to Starbucks three times a week and that’s about it.

So one other thing that you should be aware of is there are actually a bunch of laws out there at the Federal and State level to protect consumers against online identity theft and bank fraud so there’s a regulation called Regulation E and that limits your liability to $50 for any unauthorized access to your bank accounts so long as you notify the bank within two days. For credit cards you have zero dollar liability for any unauthorized charges, you have that whether you use Mint.com or not. But with Mint because you have all, you’ve got all of your accounts in one place and because Mint can actually alert you, send you an email or a text message, if somebody starts to drain our accounts, if it notices any fraud or any unusual spending patterns, Mint will tell you the very next day. So you have the absolute minimum liability under these regulations, rather than catching it 30 or 45 days later where your liability might actually be higher so you don’t want to wait for that paper statement to come – you want Mint to do it proactively.
And that’s how Mint keeps you secure, if you have any more questions email then to security@Mint.com and we will be happy to answer then for you.