I understand why people want to share their thoughts, status updates, pictures and everything else in between on Facebook. What I fail to understand is the idea of sharing your financial data via services like Blippy, Mint.com or Wesabe. The current security architecture seems so ripe for abuse and hacking it’s not funny. Blippy allows you to connect your credit card purchases to a social stream that ultimately can be piped into your Facebook newsfeed. Blippy had a security snafu back in April 2010 that revealed a handful of credit card numbers but the implications are that something bigger could be looming.
Wesabe just recently shutdown after burning through USD 5 million in VC money (Union Square Ventures backed). Even Wesabe thinks internet security is a big concern, below is what they have to say about security in their farewell letter:
…because Wesabe stores such highly sensitive data, continuing to operate the service with shoestring operations and security staff is not acceptable, and we do not want to continue accepting new accounts if we cannot guarantee the security level we believe our service requires.
The idea of aggregating all your financial data to some online website seems risky to me. At least in the US if there is a hack attack you can take the company to court and sue for damages. In India, good luck…imagine 26 years later the Union Carbide case is still going on and that case involves over 25,000 dead people.
Some people don’t care about securing their online financial data and that is fine…I do care. If we look at Mint.com which is a great service that I would never use, they should have an option where I can retain all my data locally. Then if I want Mint.com to analyze the data I can send it to them encrypted. Once they send me the results/advice via email they delete all my financial data from their servers all within minutes.
I think we are still in the early days of online data security and people have a carefree attitude about it. It will take one major security catastrophe to shake people and make them realize the security implications of “over-sharing” their financial data.