Financial aggregator Mint.com goes to great lengths to show the world how seriously it takes security. Its spotless record and its ease of use have pushed it to the top of the North American aggregator market, and Canadians are joining in increasing numbers. However, there is one small problem. By doing so they are violating their bank’s cardholder agreement and exposing themselves to liability.

Mint launched in Canada in late 2010 to overwhelmingly positive reviews. Personal finance journalists (this correspondent included) loved that fact that the web site allowed users to pull their financial data into a central, easy to use dashboard. Not only does it provide a birds-eye-view of your income, spending and investments, but Mint also recommends ways to save money on bank fees, credit card rates and insurance. Best of all, it’s free.

But in order for the service to work, subscribers are required to provide their online banking IDs and passwords — something we’ve all been told repeatedly not to do. To assuage any fears, Mint explains that their parent company Intuit (makers of Quicken, QuickBooks and TurboTax) house their data in an ultra-secure facility and use the same technology as the Canada Revenue Agency uses to transfer personal tax information with NETFILE.

However, a recent report from the Financial Consumer Agency of Canada (a crown corporation with the mandate of protecting and informing consumers of financial services) exposed serious problems in the use of such services. FCAC warned that sharing user IDs and passwords with third-party aggregators puts bank customers in breach of their cardholder agreements, thereby voiding their security guarantee.

FCAC Commissioner Ursula Menke explains that there are currently no known incidents of fraud or suspicious activity due to third-party aggregators in Canada, and that the report is a pre-emptive warning to consumers who may be unaware of the ramifications of sharing their cardholder information.

When contacted by MoneySense, representatives of the Big Five Canadian banks confirmed FCAC’s position. Each institution outlined its respective cardholder agreement, all of which explicitly state that customers who divulge their banking information to anyone are in violation of their account service agreement.

Mint Software Inc. founder & CEO Aaron Patzer insists this is not a problem. Pointing to Mint’s user agreement, he explains that by signing up for an account you are giving Mint limited power of attorney, ceding the company the right to act as your agent when accessing your banking files.