Bank websites

[Justin Dugger]

I appreciate the attempt at irony, and regret that I replied off list
my mistake. Apologies if this thread is confusing people.

>On Wed, Oct 6, 2010 at 12:16, Justin Dugger <jldugger at gmail.com> wrote:
>> What I like is OFX, which is basically a network protocol for your
>> screen scraping tools. GNUcash does a good job importing my OFX
>> transactions from Discover, for example. In this manner I don't have
>> to care about how much they like Flash on their website. Supposedly
>> Capitol Federal has an OFX gateway, but I've never seen it work in
>> GNUcash. But neither of these places are one stop banking. But it's
>> better than the wtf-are-you-thinking Mint website.

>OFX looks neat.  Too bad it's existed 10+ years now and this is the first I've heard of it.  It also sounds like most financial institutions
>only peer with each-other with it, and don't expose it to customer use.  And it also sounds like it is massively over-engineered for what I
>want, which is basically to aggregate a table of transactions that the bank can insert, but never update or remove; and to maintain a
>local bank-independent cache of every statement document.

>I'll read up some more on OFX.  I'll even try to use it when I pick my next bank, but I'm not holding my breath that they'll allow it.  Man
>it would be nice to be able to send a check from a cron job, or have each transaction matching X criteria forward to my email.

>We need a 'Geek Savings and Loan' that would support regex filters and actions like this.

Here's the deal: you live in America, land of the business deal. OFX
has been around for ages, so long as you used Microsoft or Quicken
products. You've heard of those, right? To have free and open systems,
you'd have to live in communist Europe, where they built a platform
known generally as HCBI/FinTS.

Frankly, regex is dramatically underengineered for this stuff. XSLT
would be a bit saner, as would having a bayesian importer (such as
GNUcash has) to classify transactions.

>> As far as messages go you'll never find a bank that sends financial
>> documents to you via email, as it's not encrypted and you'd have a
>> hard time convincing the auditors of public key encryption. If you do
>> find one, think twice about it.

>I never said I'd withhold my gpg public key from them.

Banking insurance mandates auditors and it's these people you must
convince. GPG encrypted statements would probably work, but for ~0.1
percent of the population, half of which would implement it wrongly.

>When was the last time you received a document containing sensitive information that was encrypted?  Now how many of those
>documents came through the USPS unencrypted?  I have more confidence in the reliability and secrecy of email than USPS mail.

I've received lots of documents via HTTPS that were encrypted. None
from email or USPS. Frankly, it's a false equivalence, since USPS
documents are a liability; you have to trust both the chain of
posession, including postal inspectors, mail carriers, and an unlocked
postbox, and the shredder to destroy the junkmail credit card offers
people can steal out of your trash if you're not careful. In an ideal
world, we wouldn't be trusting USPS.

>I would appreciate the right to choose.  And I would gladly choose to forfeit the secrecy SSL provides in exchange for the convenience
>of email. I think I'd prefer RSS over that even since I could easily script an encrypted feed catcher.

>They could deliver statements via https rss feed with authentication.  Heck, a feed of every individual transaction (debit/credit) on every
>account I have with them would be DAMN handy.  You could do that over SSL, with a client having to provide username and password.

That's a winner. Of course, it relies on browsers and SSL, but it's at
least standardized. It's too bad it won't happen, but maybe the Bank
of Geek can pull it off.

>Fundamentally, they prepare the document.  They know first when it is ready.  It is their duty to transmit it to me without my
>involvement.  Email fits that profile well.  What I want is every midnight of the first day of the month, the statement for the last month
>gets saved in all of my replicated servers, and pops up in evince on all of my desktops.  I should not have to click links or enter
>passwords or fore-go secrecy.

Their duty is to protect your money and your privacy. If you're
following proper security procedures, your PGP key is encrypted on
disk, requiring you to decrypt it before passing it to evince (really,
your ideal world involves PDF?!?)

>Emailing me to tell me that I can come get it pisses me off.  To help demonstrate how fucked up that is, you're reading my reply off
>my webserver.

Thanks. Good thing the privacy of this conversation is not subject to
regulation, law or insurance.

Justin

>On Wed, Oct 6, 2010 at 1:08 PM, Billy Crook <billycrook at gmail.com> wrote:
>> On Wed, Oct 6, 2010 at 12:16, Justin Dugger <jldugger at gmail.com> wrote:
>>> What I like is OFX, which is basically a network protocol for your
>>> screen scraping tools. GNUcash does a good job importing my OFX
>>> transactions from Discover, for example. In this manner I don't have
>>> to care about how much they like Flash on their website. Supposedly
>>> Capitol Federal has an OFX gateway, but I've never seen it work in
>>> GNUcash. But neither of these places are one stop banking. But it's
>>> better than the wtf-are-you-thinking Mint website.
>>>
>>> As far as messages go you'll never find a bank that sends financial
>>> documents to you via email, as it's not encrypted and you'd have a
>>> hard time convincing the auditors of public key encryption. If you do
>>> find one, think twice about it.
>>
>> A reply to your message is now available.  For your convenience,
>> securely sign in to retrieve it at http://bcrook.com/.reply.txt
>>