Health Minister Zweli Mkhize has said that Phase Two of the COVID-19 vaccine rollout in South Africa will kick off from 17 May. Mkhize…
The recent launch of online money management system 22seven has raised a fair amount of controversy around allowing third-party applications to access user banking details. The innovative startup is the brainchild of Twenty20 founder Christo Davel, and is billed as an “intelligent money-saving tool” that plugs directly and securely into users’ personal bank accounts and then delivers analysis on spending habits.
It’s one of the sexiest start-ups to launch on the African continent, with VC from multiple investors.
The “startup” bears some resemblance to US-based money management system Mint.com, which was launched five years ago following a bid at popular tech news site Techcrunch’s TechCrunch40 conference in 2007. Mint was awarded a US$50 000 prize which kickstarted the company. In the last five years Mint has grown its user-base to 5-million and is now the most popular financial tracking tool in the United States according to USA Today.
Mint originally provided account aggregation through a deal with Yodlee, the same company 22seven uses to aggregate users’ banking data, but has since moved to using Intuit — which bought the company for US$170-million.
Like 22seven, Mint was met with scepticism from users who were wary of giving their online banking details to a third-party — an action which most banks warn against. Mint CEO Aaron Patzer, in response to the security queries, told New York Times columnist Virginia Hefferna that Mint’s security was at the same level as most banks:
“…Mint has bank-level data security. That means we have the same level of encryption your bank does, along with outside third-party verification through Verisign and Hackersafe. We also have routine security audits where so-called “white knight hackers” try to break into our system — they’ve never been successful. We also have bank-level physical security.”
He emphasised that not only was Mint secure but that it also helps alert users to fraud. An article by Fast Company writer, Anya Kamenetz, explains how Mint had alerted her to fraudulent charges on her bank account where her bank had failed.
Though there were some security concerns with Mint, they don’t seem to be of the same proportions as those 22seven has faced during its recent launch. Mint certainly didn’t come under the strong criticism from the banks like 22seven felt when it launched. This may be symptomatic of the fact that we are in different eras: With all the phishing, hacking and fraud online, we need to be paranoid about banking security. It may be a symptom of different market conditions between the US and South Africa, with the latter having five very dominant banks which hold a lot of sway — otherwise known as the “big five”.
Perhaps users in the US are also more intimately familiar with Yodlee than South Africa.
Yodlee provided early bank account aggregation for Mint and is also used by 22seven. In the US it partnered with banks to bring online banking solutions to its customers.
According to an article on CNN Money, “Yodlee is audited and supervised by the federal government, much like a bank. It is also audited by the financial institutions it works with. And, said Polverari, Yodlee has never had a security breach”.
Mint takes its security quite seriously, a fair amount of steps are involved before anyone can get hold of its data, which are “under lock and key” as Patzer explains:
“We also have routine security audits where so-called ‘white knight hackers’ try to break into our system — they’ve never been successful. We also have bank-level physical security. Our servers are located in an unmarked secure building which requires a palm scan to gain entry. After making it past guards, you have to go through a ‘man-trap’ where one door will not open until the other closes and you again have biometric access. Once you get inside, our servers are in a locked cafe monitored with 24/7 video surveillance. Get inside, and the racks themselves are locked. Break those open, and our hard drives are encrypted. It’s seven layers of protection. All that’s missing are the electrified floors…”
According 22seven’s CEO and founder, the service employs these same security measures and also has “white knight” (good hackers) regularly attempt to break into the system to help tighten security.
“We work closely with Yodlee to make sure all data is secure and I can’t emphasise enough that it is a read only system and no one can change your information,” said Davel.
Mint seems to have floored all its competition at present. Other services quite similar to Mint and 22seven such as Quicken(interestingly enough, this service is also owned by Inuit), Microsoft Money and Cake Financial all allow users to track and manage their money better.
If 22seven has the same security measures as Mint and is working towards similar goals surely Mint’s user success is a hint of where 22seven could be headed. One of South Africa’s top banks has already publicly endorsed 22seven.
“FNB has set a precedence of responding to our customer’s [sic] needs with innovative products and services. We are now providing a secure means to engage with 22Seven in response to our customers’ need to learn more about their financial behavior,” says Lee-Anne van Zyl, CEO Online Banking at FNB.