It all sounds so helpful… one website that can track all of your accounts in one place, give you status and balances on all your accounts without you needing to log in to them yourself. Pretty graphs! And usually free too! And there are many to choose from!
And I’ll admit, the advent of fintech (financial technology) websites was an innovation hard to pass up. Charts! Offers! Automatic notices!
What could be bad?
Maybe nothing. Maybe everything. Let’s look at it.
How do they work
For the most part, these sites (Mint, Personal Capital, You Need A Budget, Every Dollar, etc.) work more or less the same. You enter your data and they track it for you. You enter your account numbers for your banks and brokerages and credit cards, the login information, and they automatically log in and gather your data and present it to you in a consolidated way.
They help save time, they relieve you of the drudgery of having to track it yourself. How convenient.
Why I don’t
I do not use these sites. I track the data myself. There are several reasons why.
– Security
We want to trust these fintech websites. They undoubtedly have great security. Their reputation rests on the amount of security they have. However nothing is guaranteed.
Let’s suppose
Suppose the fintech website you are using gets hacked. The hackers now have all of your financial data. All of it. All bank account numbers, all passwords, everything. How happy would you feel when you realize that all of your financial data, all of your login information is now in the hands of criminals? Will they be able to get to your bank accounts before you do?
Of course if this event occurs, you need to contact every institution individually and change your login information. Did the hackers do that already, and lock you out, did they drain your accounts already?
And even if they did not compromise any accounts by the time you find out about the hacking, the hackers still now have all the information they need to embark on identity theft anytime in the future on a grand scale.
– All those offers
One of the “benefits” of fintech is that they will present you will loads of offers from vendors attempting to sell you credit cards and other financial products. Since the websites are usually free or low cost, the sale of your data to outside vendors is how they make their real money. It is similar to social media, where you are the product.
In fact, it is not ‘similar’ to social media, it is social media, just about your money.
All of those credit card and other offers in ads and emails from the fintech companies are a result of your information being sold to outside vendors.
Some things are out of my control
Yes, there are places where I have little or no control over information about me. For examples…
– Credit bureaus have my information, and they use it and sell it, I can lock it down, but I have little or no control over it. I can review it and contest something, but totally opting out is not available. Anyway, I need credit periodically.
– Medical companies. My insurance company, and those related to it, have a wealth of information about me. I have little or no control what they have and what they do with this information.
Fortunately, in the U.S. there are some laws that govern personal information. Fair Credit Reporting Act (FCRA) was enacted in 1970 to to govern privacy of personal information held by credit bureaus. HIPAA (Health Insurance Portability and Accountability Act) in 1996 governs health care information security and privacy.
(Sad news. It turns out some companies and entities are not governed by HIPPA. See the section Who Is Not Required to Follow These Laws at the U.S. Health and Human Services website here. )
So having some laws is good and helps, yes? Maybe. Unfortunately, that did not stop hackers.
Major credit bureau data breaches
– Experian. In 2012, Experian purchased a company named Court Ventures. It was later discovered that Court Ventures previously had a contract with a company named U.S. Info Search. It was U.S. Info Search that had sold access to its data to a foreign entity who had likely been involved with “illegal activity.”
– Equifax, Experian, TransUnion. In 2013, it was discovered that information about some celebrities had been made public. This was done without viruses or malware. The hackers discovered enough personal information through public sources to access the credit bureau information by answering questions correctly.
– Experian, T-Mobile. In 2013, Experian acquired a company named Decisioning Solutions. T-Mobile discovered that personal customer information held by Decisioning Solutions was hacked. Two years later, T-Mobile disclosed that data on 15 million customers had been breached.
– Equifax. In 2016, hackers accessed tax and wage data for employees of grocer Kroger; the information had been stored in an Equifax database.
– Equifax. In 2017, the (so far) largest hack of personal information occurred when hackers stole data from Equifax. Data included social security numbers, birth dates, addresses, drivers license information, some credit card numbers.
You can see more details of these credit bureau breaches here.
Health care breaches
The Health Information Technology for Economic and Clinical Health (HITECH) law went into effect in 2009, and requires the secretary of Health and Human Services to post a list of breaches of unsecured protected health information affecting 500 or more individuals. The list of breaches in the last 24 months is listed at: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
The current list of health care breaches in the last two years as of this writing has 408 breaches listed, covering 15,186,236 people.
Here is a list of the top ten biggest healthcare data breaches of all time here.
A quick Google search finds numerous articles about health care data breaches. Publications such as Health Care IT News , HIPPA Journal , and Digital Guardian all cover this topic extensively.
And the IRS…
The IRS is not immune to data breaches. Between 2015 and 2017, it was reported that data on more than 700,000 taxpayers was accessed by hackers.
Overall breaches
The Privacy Rights Clearinghouse maintains the list of breaches of all types. It is searchable by type of breach, type of business and by year. You can see that list here . The information is eye-opening.
Since 2005, there have been 723 data breaches from Financial and Insurance Services businesses, involving 633,310,814 records.
But… but…
But, you will say, its so convenient to use those fintech sites. They make my life so much better and efficient!
Yes, convenience is important. Efficiency is helpful. For me, I’d rather be safer. I can accomplish everything I need to do with a spreadsheet. It helps keep my spreadsheet skills up to date. It takes a little time, yes. So does locking my front door when I leave the house.
Don’t, you will say, you use banks’ and brokerage websites?
Yes, I do. That is how I interact with those kinds of companies. I don’t minimize the risk in checking my balance online, or making investing decisions at a brokerage online. Each of those companies is one of several I interact with, and none has all of my information. I wish to minimize my potential risk to manageable size. If all of my information is in one place, then that place is the highest risk of all.
The point
I don’t mean to pick only on the fintech companies referred to at the beginning of this article. What I want to focus on is what I can do about my information that is under my control. While my data is out there in many places, some beyond my control, whether I add to the list of places that my data could possibly hacked from is under my control.
What do you think?
The post Why I Don’t Use Money Management/Tracking/Budgeting Websites appeared first on Smile If You Dare.