Are New Online Personal Finance Sites Safe? (NetBanker)

A commenter yesterday asked if anyone had heard of BudgetPulse, an online personal finance site that opened its public beta site two weeks ago.

Well, we hadn't heard of it, but in this increasingly crowded space, that's no surprise. We are now tracking more than 20 online personal finance sites (previous coverage here). With low-cost server space, easier programming tools, APIs, and cheap viral marketing through blogs and social networks, the barriers to entry are a fraction of what they were just a few years ago. A good programmer could put together a simple financial tracker in their spare time.

While this will spur creativity and innovation, ultimately benefiting end-users, there is a downside. Security and privacy.

As we looked at BudgetPulse, which at first glance looks like several other Web 2.0-inspired finance sites, we couldn't help but wonder who was behind the site. There are no names, personal or company. Even the who is info for the domain is masked (domain registered in April). The only email address is disguised in spam-defeating format: "info (at) budgetpulse.com". Right now, the public portion is a two-page website with a few popup forms. The FAQs are empty. The forum is coming soon. There is a blog, but it only has three short posts. And there are misspellings in the website and blog copy. The websites entire security discussion is a single sentence:

We protect your account and data with advanced security methods.

More than likely this is simply the work of one individual who concentrated on coding the functionality first, and whose day job prevents him/her from spellchecking their HTML. But what if it's a scam? Convince a few people to use it to track their finances, then hit them with requests for their credit card numbers "to enhance the experience" or to their checking account number for payments, e.g., "Join our beta test and earn $500/mo as you test it."

I admit that could be far-fetched, and I have absolutely zero knowledge of that happening at BudgetPulse or any other site. But it does bring up the bigger issue of consumer trust at independent, non-regulated personal finance sites (i.e., non-financial institutions). Even the well-funded personal finance sites such as Wesabe and Mint must deal with the mistrust and skepticism consumers have for new companies wanting to get involved in their lives, especially their finances.

The solution: Financial institutions, with their trusted brands, partnering with or acquiring online personal finance sites to bring new functions and features to their customers.

3 Comments

By Colin Henderson on July 20, 2007 5:55 PM

I worry about this a lot. I know Wesabe spend a lot on security, but what about the rest? The aggregation of data, makes identity theft that much more attractive, and easier, so worth the effort for the bad guys. How many of those sites have implemented two factor authentication?

For the consumer who is attacked as a result of a successful attack on an aggregated site, the work to fix it is exponentially worse than just one Bank attack.

By SPB on September 14, 2007 11:51 AM

In this article, you note that the risk of losing personal information is high because of the aggregation of personal financial data on these (potentially) untrustworthy sites.

While I understand this point from an intellectual point of view (meaning it's valid to wonder what's happening to your data), I think that some of these fears are misplaced.

For example, if you have a budgeting website whose users register with names such as Jenny324 without any links to personal information or sources of real financial data, what is there to steal?

If the entire database were stolen (assume the worst case), what information would the thief have? S/he might know that Jenny324 spends $1200 per month on rent and makes $2500. And then?

It seems like the most sensible advice in this regard is to be a good (that is, slightly cynical) user of online services and NEVER give away personal financial account information online.

However, recording your budget (i.e. the amount earned or spent on particular categories) online gives away less information about you than a good hacker could get from intercepting your email.

By Jamie Martin

on September 19, 2007 5:40 AM

just fyi, looks like the site is up now

Events

FinovateSpring 2010 -- Dozens of handpicked fintech companies demoing their newest innovations in the entrepreneurial hotbed of San Francisco. 7 minutes each on stage to demo. No slides. A single value-packed day on 5/11/2010. Get your early-bird ticket today!

FinovateFall 2010 -- Dozens of handpicked fintech companies showcasing their latest & greatest in the financial capital of the world -- NYC. 7 minutes each on stage to demo. No slides. A single value-packed day on 10/05/2010. Get your early-bird ticket today!

Research

NEW! Making the Case for Person-to-Person Payments: Does mobility provide the tipping point for bank-branded P2P? - Find out more

NEW! Attracting Small Businesses with Online & Mobile Banking: Underserved segment is prime candidate for alt-delivery - Find out more

2010 Guide to Online & Mobile Banking Products, Pricing & Strategy: Your roadmap for business planning - Find out more

Improving Online Account Opening ROI: Ten strategies to increase online application conversion rates - Find out more

Connecting to Customers with Twitter: The comprehensive guide to Twitter for financial institutions - Find out more

Selling behind the Password: Leveraging the marketing potential within online banking - Find out more

New Techniques in Secure Online Finance: Sandboxing, keyboard encryption, and real-time mobile integration could lock in more online customers- Find out more