The Financial Consumer Agency of Canada issued a statement Thursday warning users of financial aggregation services that they risk leaving themselves liable for fraudulent transactions if they share their online banking information with such sites.
Financial aggregation services, such as Mint Canada, allow users to keep track of all of their financial transactions at a single website by granting the site access to their banking, credit card and brokerage accounts.
Ursula Menke, Commissioner of the Financial Consumer Agency of Canada, said she has not received any complaints of fraud or abuse stemming from financial aggregation services, but warns consumers to use such sites with caution, and to make sure they read and understand both their financial institution's online banking user agreement and the privacy policies of the financial aggregator.
Some financial institutions' user agreements clearly state that users will be responsible for unauthorized transactions if they provide other parties, including financial aggregators, with their passwords and account information.
"Just make sure you understand what you're putting potentially at risk if you do use these services," Ms. Menke said.
By providing online banking passwords to such sites, users risk violating their online banking agreements, thus forfeiting the protection their financial institutions provide against unauthorized transactions, warned Maura Drew-Lytle, director of communications for the Canadian Bankers Association.
"You could be making yourself liable if there are any fraudulent transactions on your account because you have basically broken your account agreement," Ms. Drew-Lytle said.
Mint's privacy statement says the company uses online banking user names and passwords "to establish a secure connection with your bank, credit union or credit card company. This enables Mint to download and categorize your transaction information securely and automatically." The company says the information is stored in a separate database using multi-layered hardware and software encryption.
Aaron Patzer, founder of the site and vice-president of the personal finance group for the software firm Intuit, said in a statement that the company takes privacy seriously and uses the same encryption and physical security that banks use. Mint's practices are monitored and verified by TRUSTe, VeriSign and Hackersafe, and supported by RSA Security.
"Mint is a read-only service. It enables users to organize and analyze their finances, but does not allow them to move funds between-or out of-any account," Mr. Patzer said.
Mint.com is the first financial aggregation service to target the Canadian market. In 2009, the site had more than 1.5 million users.