Security Technology and Practices
Your trust is a privilege and a responsibility that is our first priority, every day. Here are some of the technologies and practices we’ve put in place to protect your identity and your financial information:
- Mint.com always transmits personal and financial information securely.This prevents potential hackers from "tapping" a data conversation.
- Your bank login credentials are encrypted.
- Our servers are housed in a secure facility protected by biometric palm scanners and 24/7 security guards.
- We apply bank-level data security standards. This includes encryption, auditing, logging, backups, and safe-guarding data.
- We hack our own site. Intuit runs thousands of tests on its own software to ensure security. We scan our ports, test for SQL injection, and protect against cross-site scripting. We also employ Hackersafe to test our site daily.
- Mint.com has received the VeriSign security seal.
- We subscribe to an anti-phishing service to discover and take-down malicious sites intended to fool our customers.
Practices to Increase your Financial Security Online
Your participation is important to our security efforts. The following are steps we suggest you take to protect your Mint.com account and other accounts online.
Protect your computer’s security
- Keep your computer and browser software current with security updates;
- Install and update anti-virus and anti-spyware software and use personal firewalls to protect your computer;
- Be alert to the threats posed by malware--(malicious software) which can damage or disrupt your system, or secretly record information such as keystrokes;
- Do not enable automatic login to your Mint.com account or pre-fill the Login ID or password fields;
- Change your password periodically and avoid using passwords for Mint.com that you commonly use for other purposes; and
- For more information on how to protect your personal computer, including links to vendors providing anti-virus and anti-spyware software, you can visit the Federal Trade Commission’s computer security site. Microsoft Corporation provides additional information specific to the Windows operating system at microsoft.com/security. Users of Apple computers can find security information at apple.com/support/security.
Using your computer in a safe manner
- Do not share your Login ID and password with anyone;
- Check to make sure you are interacting with a secure Web site, as above;
- Always log off after completing your activities on Mint.com.
- Be careful about using third-party computers or computers that you are not familiar with such as those in Internet cafés and be careful to ensure you have fully logged out.
- Do not provide personal or financial information in response to an email request or by clicking on a link, unless you are able to verify the authenticity of the site to which you are taken through the SSL padlock or other means;
- Do not enter personal information into a form within an email message or a pop-up;
- Do not open an email if you do not recognize the sender and be particularly cautious of any attachments to emails from unrecognized sources.
Take steps to safeguard your information to help protect yourself from identity theft. Intuit takes steps to protect you from identity theft by:
- Utilizing user identification and authentication procedures before permitting access to Mint.com;
- Creating a secure transmission connection to Mint.com. You will see the security padlock in your browser’s frame indicating that it’s a secure site;
- Ensuring our employees are trained to safeguard your information.
You can also help protect your identity and account information. Here are a few steps to remember:
- Intuit will never request your Login ID or password, or any other information in either a non-secure or unsolicited email communication;
- Check your credit report regularly for unauthorized activity and protect your personal identification numbers (PINs) or personal data;
- You can also receive text or email alerts from Intuit which highlight large or unusual transactions. This service may help you identify fraudulent activity quickly.
You can protect yourself against phishing
Phishing is the illegal attempt to mislead consumers into providing personal or financial information, including account numbers, passwords and Social Security numbers, via email or through fraudulent Web sites.
The most frequent phishing attacks occur through emails disguised to appear as though they came from a reputable financial institution or company.
Most phishing attempts urge you to update or validate your account information, typically through a link in an email directing you to a fake Web site that appears to be legitimate.
A phishing attack can be detected
While there are many phishing attacks active on the Internet, there are some typical characteristics:
- An email contains an “urgent” tone requesting your immediate action on an account-related matter.
- An email is sent from a user falsely claiming to be a legitimate company with an attachment. An unsolicited email attachment more than likely contains a virus. Do not open it.
- A pop-up window appears from a user falsely claiming to be a legitimate company’s Web site asking for personal information.
- Additional information can be found at www.antiphishing.org or www.consumer.gov/idtheft
How to report a phishing attack
If you suspect you have received a fraudulent email from Mint, please contact: firstname.lastname@example.org.