[nzlug] Linux-friendly banks in NZ?

Cliff Pratt enkidu at cliffp.com
Fri May 2 19:42:30 NZST 2008 

David McNab wrote:
> On Fri, 2008-05-02 at 13:01 +0900, Andrew Errington wrote:
>> On Fri, May 2, 2008 12:44, David McNab wrote:
>>> On Fri, 2008-05-02 at 15:22 +1200, Mark Foster wrote:
>>>
>>>> How're your online banking credentials stored and read into the script
>>>> for authentication purposes, David?  Sounds a bit risky...
>>> I would prompt for them with a dialog box. With this, the risk should
>>> not exceed that of accessing online banking via a regular web browser.
>> Who is 'them'?
> 
> 'them' refers to the credentials, namely userid and password.
> 
>> This is not really about being 'linux friendly', it's about being techie
>> friendly.
> 
> In the OP I mentioned that BNZ provide for automated statement
> downloading, but only via a BNZ-$upplied application which only runs on
> non-free OSs.
> 
>> What you are doing (I think) is trying to script something for
>> someone so that they can press a button and get their data.  Since there
>> is no single standard for this you will have to make a bespoke solution
>> for every bank that your clients use.
> 
> I was just asking if anyone knows of a bank that might have an easier
> interface for this than other banks. BNZ is hell in that direction
> because of their 'netguard' barrier - where they issue you a plastic
> card with a matrix of characters and ask you to type in 3 of those
> characters given the row/column co-ordinates (which are given as
> graphics, not as text).
> 
>> Unfortunately, logging into online banking is an all-or-nothing
>> proposition.
> 
> Yeah, don't I know it!
> 
>>   Once you have logged in you can get the transaction data
>> (which is what you want) but you can also send money, pay bills, open term
>> deposits etc.  It seems to me that you need the bank to provide a subset
>> of these facilities (i.e. transaction data only) which perhaps needs only
>> a lower level of protection.
> 
> Correct.
> 
>> Have you tried actually talking to the banks[1]?
> 
> Yeah, spoke to BNZ. They told me I had to pay wads to get their 'PC
> Banking' application, then pay more wads for a special access account
> for it, then install a non-free operating system so I can run it.
> 
>> Since you are asking
>> about all banks then it would seem that you have no compunction in moving
>> to the bank that provides what you want.  The other way of looking at this
>> is to stay with the bank you have if they are receptive to your
>> requirements.
> 
> So far they won't even let me get far enough through their management
> jungle to talk to whoever might be in a position of authority to
> consider such requests :(
> 
>> However, since your clients have to log on to the website (and suffer the
>> byzantine security measures) for other banking operations, why make a
>> special case for this?
> 
> Jeez, I just want a SOAP or XML-RPC over https gateway for downloading
> statement data. Even if they could just email me a PGP-encrypted daily
> statement in CSV, QIF or OFX format, that would be perfect and I
> wouldn't even need to log in at all.
>
Right. Do you realise how much they would need to modify their software 
to make an exception for one person (or a *small* group of people)? Do 
you realise that this will be the opposite of cost-effective. They just 
aren't geared for one-offs.
 >
>> [1] Remember, you are their customer.  They serve you.
> 
> ROFLMAO
> 
The NetGuard thing is there *for* their customers. It's not particularly 
strong, but it is far, far stronger than nothing. You are *one* customer 
  in several hundred thousands.

Cheers,

Cliff

More information about the NZLUG mailing list