Category Archives: Security

Security and checkoncile.com

We get asked about this all the time.

Bank data breaches happen regularly:
http://www.reuters.com/article/2011/06/09/us-citi-idUSTRE7580TM20110609

(For more recent activity, just google “bank data breach” or head straight to
http://www.bankinfosecurity.com/)

So why should you trust checkconcile.com?
Quite simply, because we store NO sensitive data.

Worst case scenario:  the bad guys obtain your login and password at checkconcile.com
If somebody broke into your checkconcile.com account, they would have the same access as if they stole your checkbook register.  They could record in the register, you spent $1,000 at Wal-Mart.  So what?!  That will stand out when you reconcile the account!  They can’t actually SPEND $1,000.  Just record that you spent it.

As part of our ongoing analysis of the financial tools industry, we recently signed up for an account at mint.com.  Quite an extraordinary program – very well thought out, remarkable presentation, extremely easy to use, and even better FREE.  Sincerely a true masterpiece of software, marketing, and advertisement.

We signed up just to get an idea of the features and functionality of the website.  While thoroughly impressed, we became a bit dismayed when – after several days of inactivity – account data continued to flow through their system.  Indeed after a week of not logging in, our accounts reported “updated [2 days ago]”.

You see, as part of the setup process of registering for mint.com, we entered ALL relevant data needed to permit mint.com to communicate with our bank:  bank account#, login, even PIN.

Any programmer that’s been through the rigors of PCI compliance can tell you that storing a credit card validation code is “forbidden in the USA” from being stored (source http://en.wikipedia.org/wiki/Card_security_code).  And yet, ho-hum, mint routinely stores your bank acount PIN.

EVEN ignoring the security implications, applications like mint.com simply show what your bank tells them, completely ignoring the cornerstone of bank account reconciliation:  the comparison of two separate books in order to explain differences between a bank’s entries and your own entries.  That is, TWO separate sets of entries are required in order to perform a reconciliation.

An application like mint.com will simply dictate what the bank tells it:
“You spent $100 at Sears”,
“You spent $50 at Target”,
“You deposited $500”.

That is precisely what sets checkoncile.com apart.  YOU tell checkoncile.com:
“I spent $99 at Sears”,
“I deposited $600”,
“I spent $25 at McDonald’s”.

Because TWO books are compared (what YOU said versus what the BANK said), you are able to determine differences.  In the case above, the reconciliation process would show:
THE BANK says I spent $50 at Target, BUT I didn’t.
THE BANK says I deposited $500, but I actually deposited $600.
THE BANK doesn’t yet know I spent $25 at McDonald’s.

No software application which keeps a single set of books is able to provide this distinction.