Yeah I honestly don't feel safe sharing that kind of info. I would much rather use my bank's "export data" feature once a week or so and uploading it there.
Also, maybe my bank is weird, but how can Mint have access with just the user/pass combination? I can't do anything online without a RSA certificate ...
I don't think it is public info how they accomplish it but it seems that they are simply scraping the site, for a good number of my personal accounts at least. Mint has me answer a number of the individual bank's "security questions" to be able to fully set up the bank account in Mint. If the bank changes the login procedure in anyway, then I have to re-edit the info about the bank that Mint has.
Mint uses Yodlee [1] for website scraping. Wesabe built their own and apparently inferior scraper, and this could be one of the reasons of why they lost to Mint.[2]
Apparently after being acquired by Intuit, Mint started using the Intuit aggregation framework. They seem to have made the transition fairly transparent as I had no idea it had switched.
That's intriguing - I thought one of their privacy promises was that they don't hold on to the login information for your various accounts, that it lived with Yodlee.
Seems like to do a transition they'd have to break that promise.
Interesting. I thought my bank's security was lacking, but at least it is impossible to scrape my data off it even if I give you the password. You have to go through the browser's main security certificate thingy to "decode" the RSA key that is then sent to the bank. It's impossible to login without it or get to any sort of data (afaik)
Also, maybe my bank is weird, but how can Mint have access with just the user/pass combination? I can't do anything online without a RSA certificate ...