Mint's Latest PFM Play: Trading User Privacy for Traffic

Mint.com is testing a counterintuitive theory: that consumers will ignore privacy concerns for a feature they find compelling.

Last week Intuit Inc.'s Mint announced that anyone can view the transaction data that its roughly 4 million users originally provided for their personal use, though the data is shown only in aggregated form to keep individuals unidentifiable. The feature, called Mint Data, resembles the main offering of Bundle Corp., with a key distinction: Whereas Bundle does not include the data of people who signed up with it as a personal financial management site, Mint does — and it does not give its users a way to opt out.

The purpose of Mint Data and Bundle is to let customers compare their spending to that of their peers. These observations may help consumers adjust their spending, for example, if some people see that their dining expenses are far more than most people's.

Consumers who sign up to use Bundle's PFM tools to analyze their own spending do not have their data added to the aggregated data made public to everyone. That data comes from Citigroup Inc., one of its backers, and other sources. Bundle said it might someday mix the two sets of data, but it stressed that it would probably still require its users to opt in — and possibly to opt in for each transaction they choose to share.

George Tubin, a senior research director at TowerGroup Inc., said that, as long as individual users cannot be identified within an aggregated pool, they may not complain about being included.

"Using information in aggregate, I think, is something that doesn't concern consumers or regulators when it comes to privacy," said Tubin, though he said it must still be handled properly by Mint or Bundle.

If they can pull that off, the practice could be a plus for consumers, adding a "value-added service" to the website, he said.

Avivah Litan, a vice president and distinguished analyst at the Stamford, Conn., market research company Gartner Inc., said that most people who would be upset by Mint's action would not have been Mint users to begin with. "People who are concerned about privacy really don't use aggregators," she said. "You are putting too much trust" in a website.

It is not unheard of for individual users to be identifiable in data that was thought to have been stripped of identifying elements. An instance of this happened in 2006, when AOL Inc. published what it called the anonymized search data of its users. One person, identified in AOL's data only as user No. 4417749, was determined by The New York Times to be Thelma Arnold, a resident of Lilburn, Ga.

After Ms. Arnold was identified, AOL removed the original copy of the search data from the Internet and apologized, though of course copies of the data remained available online.

Intuit said it examined the potential legal issues carefully before starting Mint Data.

"It's not a legal concern to us at this point," said Stewart Langille, the director of marketing for personal finance at Mint. He stressed that Mint would consider any legal issue that might arise from new features. "As we go forward, and do more with the data, then potentially it's something that we may look at," he said.

Mint Data took nine months to build, though it had been planned for much longer, Langille said, pre-dating Intuit's purchase of Mint last November.

"This has been a vision for us for two years," Langille said.

Intuit played a big role in the development of the application after its Mint deal closed, he said.

"I'd say it helped put us over the finish line," said Langille. The acquisition "polished it and put it together so we could launch."

Bundle's chief executive, Jaidev Shergill, said the benefit of providing an aggregated view of spending data is that it gives users a point of reference when they examine their own data — and this gives his company's PFM service its real value.

"Taking people's information to make money and giving zero benefit back to the person that gave you that information is" wrong, he said. "We take that information and give it back."

Both companies say their websites do not display any data for categories where data is so limited that an individual spender might be identifiable.

"I do think, from a privacy perspective, the problem has been managed quite well," said Shergill.

The differing approaches of Bundle and Mint recall an earlier conflict between the approaches of Mint and Wesabe Inc., a PFM provider that shut down its service this year.

Early on, Wesabe went further than most of its rivals, including Mint, to provide a sense of security for its users. Most notably, it did not ask users for their online banking passwords, whereas most PFM providers request this information so that they can link to users' online banking sites and download spending data automatically.

Wesabe instead asked its users to regularly download transaction data themselves into a file that could be uploaded to Wesabe's website — a more tedious process that the Wesabe executives nevertheless expected would win over consumers because it better protected their privacy.

Consumers did not care, however, and preferred Mint's approach, Wesabe told American Banker in 2008. Jason Knight, Wesabe's chief executive at the time, said, "People are essentially demanding that we hold on to credentials for them because they don't want to deal with the hassle."

Wesabe also published its CEO's direct line, allowing concerned users to phone Knight and his successor, Marc Hedlund, to discuss their concerns. Knight said that, though some early callers had security questions, most called to report bugs or request features.

Mint was open about its practice of sharing users' passwords with a third party that used them to gather spending data. Though Tubin once blasted Mint in a report for its authentication practices, Mint largely stuck with its model and was rewarded with a larger audience than its rivals.

For reprint and licensing requests for this article, click here.
Bank technology
MORE FROM AMERICAN BANKER