Mint.com connects to your bank account, credit card account, etc, and downloads your data. How do they do that? Do they need any special authorization from the banks or it's an open API? How about security? Can you please explain their back-end system?<p>The same question applies to Blippy and inDinero. Anyone know what these guys are doing on the back end to get the transaction data?
This is Jessica from inDinero. We use the same technology that Mint uses -- namely, integrating with a third party service called Yodlee. They take care of aggregating financial data through various means. Screen scraping, direct OFX feeds, etc...<p>The typical question is, why do Mint and inDinero use Yodlee instead of building the solution out themselves?<p>1) Security Liability. No startup should ever have to deal with the problems that go with storing passwords to financial accounts. Yodlee is in the business of security, they have direct feeds with major banks, making it much easier (and safer) to just integrate with them.<p>2) Mass quantity of banks. Screen scraping from so many banks is a pain in the <i></i>*. It isn't standard either -- compare the bank website of Wells Fargo to that of a local credit union that asks 5 security questions upon login. In short, it's a brutal nightmare.<p>3) None of our businesses are in the business of screen-scraping. If Mint had to spend the first year of business integrating with banks, they wouldn't be successful. And even once the integrations are done, you have to maintain them in the event that the bank changes their login page or interface. In short, it's not worth any startup's time to do manual screen scraping themselves.<p>Would be happy to discuss further if you DM me.
Straight screen scrapin' yo. I worked for a similar startup that collected more detailed information than yodlee/mint, it was a product for financial managers instead of consumers. We collected over a 1mil transactions per night from over 3000 financial institutions. It was no joke. You might think screen scraping is silly but the bottom line is if a bank had an api (OFX, and very few do offer OFX) or formatted data downloads(csv,xls) the data tended to be stale or incorrect. Reasoning behind that is more eyeballs are on the web pages and so bugs/inconsistencies are noticed quicker. There was more of an expectation for the web pages to be accurate.
At least prior to their acquisition by Intuit, Mint's backend was powered by Yodlee. This TechCrunch article provides a little background: <a href="http://techcrunch.com/2009/09/18/mint-is-yodlees-youtube/" rel="nofollow">http://techcrunch.com/2009/09/18/mint-is-yodlees-youtube/</a>
"How do they get the data" doesn't seem mysterious once you give them your logins. "Is this safe and why or why not" is the question I'd be much rather have answered.
Last I looked into this, Yodlee's security pages were a good place to start because they have a lot of the key words to look up.<p><a href="http://www.yodlee.com/security_overview.shtml" rel="nofollow">http://www.yodlee.com/security_overview.shtml</a><p>A lot of the "how" is meeting security wickets (physical, application, transport, audit, examination).
They do use Yodlee but you still raise some interesting questions. Should the bank really be allowing access by a third party using stored two-factor credentials?