Are Convenient Budgeting Apps Like Mint and Quicken Worth the Cybersecurity Risk?

Mint, Quicken and other apps are a handy way to see your financial account information in one place. Use them to track budgets, follow investments, see if checks have cleared and possibly void your contract with your bank, making you liable for losses you may suffer as a result of fraud.

Wait … what? Void your contract with your bank? Yes, some banks can deny fraud protection if you give your login credentials to a third party. Here’s what you need to know:

There haven’t been any big breaches of financial apps reported yet but a lot of IT and financial pros are concerned about the possibility. In order to aggregate your account information, the apps need your username, password and account number for each account you would want the app to include. This could be your checking account, savings account, credit card accounts, investment accounts and 401K. By willingly giving this information to a third party — the app — you could also be willingly giving up your right to have your financial institution cover those losses.

It may not even matter if the loss is related to the third party you shared your credentials with. It depends on your bank and its policies, which can be a murky area to dive into.

Mint, the most popular cloud-based budgeting app, the most popular cloud-based budgeting app, is owned by Intuit, which has a very good reputation and track record. It’s also primarily a read-only app so if someone did get access to your Mint app or your account, they couldn’t actually clean out your accounts unless you had already set them up as a bill-pay account. Mint informs you of any large or unusual spending.

As an added protection, if your device is ever stolen, you can delete all account information remotely. See the Mint privacy disclosure here.

Quicken, Mint’s computer-based sister
Quicken is also owned by Intuit (for now) but it works differently because it’s software. Your financial information is stored on your computer and synced with the free Companion app. Storing the data on your computer can be less secure than storing it in the cloud, because a lot of people don’t follow standard security practices at home (keep your antivirus software up to date, don’t click on links in emails that you weren’t expecting, back everything up, etc.). So while you can review and monitor accounts from your smartphone as you can with Mint — plus enter transactions and snap photos of receipts (or anything else) to attach to the transaction — you can complete transactions as well when you’re on your computer.

Quicken doesn’t store your password on your device and has other protections but it’s worth noting that its Mobile Privacy and Security web page is more than three years old.

QuickBooks Online, which is a cloud-based business accounting platform with apps for Android and iOS (but not Windows anymore), makes financial and IT pros nervous as well.

So is the convenience worth the risk?

Our security-focused Leapfrog teams says no, even though Intuit is a reputable company. But there are workarounds that will ease our froggy minds. If it’s really important to you to track your budget on your smartphone, consider using the app without connecting your accounts that represent the most risk, like your investment accounts and your 401K. And keep low balances in the bank accounts that you do connect with, then monitor those accounts every day.

You may also be interested in: