@WLRK11 wrote:
Mods: If this isn't the appropriate forum for this topic, please let me know, and move it.
I recently noticed my Bank of America (and other credit card companies) sign-in history has been a bit odd. I use Google Chrome as my browser most of the time, but I've been noticing early morning sign-ins from Internet Explorer (see screenshot below). I use mint.com and have linked it to my BOA account.
Has anybody else experienced this? What's the likelihood that these sign-ins are from Mint.com and not suspicious?
Thanks in advance for your replies. I hope this encourages other MyFico users to reassess their account security.
Yes, those are likely from Mint.
Doesn't mean I wouldn't consider it suspicious, though....
Having looked into how the backend of the account-access tools from Mint, CK, etc operate... I decided some time ago to never touch them. Ever. (The account-access part, anyway. I do use the credit report features.)
Depending on your banks, some of the account linking is done reasonably "correctly", with per-service tokens (although most banks don't appear to provide a revocation interface...).
But most banks don't appear to offer that to Mint/CK. For those, the backend service actually stores your account login/password in plain-text (or reversable encryption, with the keys online, which is effectively plain-text); and then the backend screen-scrapes the standard account website for your details to present in the Mint/CK interface.
And much of that backend login/password storage and screen-scraping is happening off-shore.
So... yeah. Not touching that, with or without the ten-foot pole. (You may even technically be violating the terms of your banks' online account access agreements, and opening yourself up to liability if your credentials leak through the screen-scrapers' services.)
If you want to check up on it yourself, go lookup Yodlee, or articles like Is It Time to End Screen Scraping?
EQ8:850 TU8:850 EX8:850
EQ9:847 TU9:847 EX9:839
EQ5:797 TU4:807 EX2:813 - 2021-06-06
