TowerGroup has issued warnings about the security of popular online personal finance sites such as Mint and Wesabe. New research from the firm indicates that that “they are often missing one critical component” of fraud prevention to prevent identity theft or account takeover threats.
Much of the information that’s aggregated on these sites is frequently protected only by username/password firewalls—the weak single-factor authentication that online banks were forced to upgrade in the last two years by the FFIEC. This is going to make these “PFM Lite” sites the likely targets of phishing and fraud scams as they provide easy access to a consumer’s banking data.
And since these are nonbanks, out of the reach of the FFIEC. TowerGroup senior research director George Tubin says the Federal Trade Commission should consider stepping in and enforcing the 2005 FFIEC multifactor authentication guideline changes.