Where is the web service API for my bank account? March 27, 2006
Posted by James Webster in : web, xml , trackbackI happened to come across Dimewise (here’s their blog), yet-another-Ruby-on-Rails web app, this time for managing your personal finances. The folks behind it have built it to scratch their own itch for a lightweight web-based financial management tool. Ultimately it is going up against desktop software such as Microsoft Money, Intuit Quicken and the open source GNUcash. Its a great idea, one I’ve had myself in fact, but it suffers from two problems:
- Are people happy trusting the current state of their finances to an intermediary such as Dimewise, which would be perceived by the general public as having less available resources to maintain security compared to their own bank?
- The data entry required is tedious and theoretically unnecessary.
The last point is the killer for me. I really want my balances and transaction history to be automatically updated into such a service. The online interfaces of most banks these days provide an export function into CSV or the proprietary formats of the aforementioned desktop apps but I have to explicitly log in and perform the export. Why can’t I schedule it to be sent to a nominated email address on a daily basis? Why can’t I have a simple SOAP/REST API for read-only access to my bank account details? I appreciate there is a potential security exposure here but is it really any worse than if someone breaks into my letter box and steals the bank account statements out of it?
I am also aware that some banks (my own included) do offer a sort of portfolio management tool that will aggregate your account details across multiple banks/fund managers/telcos/loyalty schemes, etc, etc. The tool that I have available to me is ActiveX-based. Unfortunately that requires Internet Explorer (although IE Tab might come to the rescue) and Windows. Now there’s a highly secure framework! And it doesn’t help me in my efforts to move away from Windows to OS X.
Is anyone aware of any banks or other financial intermediaries (fund managers, etc) that are providing this sort of access for their retail customers? If there’s one in Australia I will strongly consider signing up! Consider this my feature #1 for any agile development teams working on online banking portals.
Comments»
James,
I’ve been feeling this unscratched itch for a long time myself, I even started speccing out an app similar to dimewise. But I think the biggest issue with automating the feed of data into an accounts app is that the data collected by the bank just records how much money was spent where. It doesn’t include any of the detail that you want for proper financial record keeping.
I.e. the bank may know that I spent $100 on my Credit Card at KMart. It won’t know that $100 is made up of $70.00 worth of stationary (which is a business expense, and gives me a $6.37 GST credit) and $30 was a CD I bought for my wife.
I think that eventually it will be possible to get that level of detail straight into your financial records, but it will be driven by a multi-retailer loyalty program (like Fly Buys). I had a rant on this here: http://blog.jamtronix.com/2006/03/reading_the_tealeaves_on_payme.html
Given the pretty piss poor rewards that Fly Buys otherwise gives out (compared to the relative value of the marketing information that they are mining) I should hope that Fly Buys might improve their value proposition by providing rich data services to the people coughing up that data in the first place!
On the point of updating balances and transactions, the format used by the desktop apps is not proprietary. It is OFX (Open Financial Exchange), though it is based on the original proprietary formats of MS Money and Quicken. GnuCash has apparently recently added some support for OFX as well, though I haven’t tried this.
I don’t know many details about OFX, other than that it is now an XML format (formerly SGML). It seems that it might be a good basis for a format for transfer of financial data.
Unfortunately, while in the US, every rinky-dink credit union supports OFX, as far as I know, not a single Australian bank does (which has been driving me crazy since I moved here 5 years ago.)
-Bruce
And the ironic thing about this for you, James, is that there *is* an Australian bank which supports OFX. I just logged onto my Suncorp Internet Banking to download my recent transactions and one of the supported formats is entitled “Money 2005 (OFX)”.
AH! But will they email it to me automatically every day to an account that I nominate? I would prefer it to have account numbers stripped out and replaced with my own preferred names for different accounts/investments. For if they do, they could well have a new customer…
Interesting, do you know whether Suncorp supports logging in automatically from within Quicken/Money/Gnucash, downloading new transaction and merging them into your accounts? Or must you log into the site manually and choose which transactions to download?
If they did, then James, you may be able to use Gnucash in a batch mode to perform the download in a cron job, and translate the OFX xml format into whatever format you are after, and kick off an email to you.
(The impression I get is that OFX is a pain to deal with, so if you could leverage Gnucash to do most of the work, you’d be a lot better off).
-Bruce
I doubt they do, but hopefully Paul will come back and enlighten us! I expect however that they won’t and the reason is, of course, security. Banks will be extremely loathe to open up this sort of automation to their retail customers (big business is a completely different kettle of fish and already have this stuff I imagine) due to the potential liability they are opening themselves up to. If I obliviously download a hacked version of Gnucash that sends whatever credentials are required to log in to the website, I am screwed. Sure, a different set of ‘read-only’ credentials could be provided, but I think most banks are liable to think the whole thing is not worth the effort for probably only a handful of customers (albeit one’s which might be higher value for them). Not to mention that they have their hands full fighting off phishing attacks right now as well.
When using Quicken or Money to connect to a US bank, you do not have to manually log in to your bank’s site.
They both have “keyring”-type technology to keep encrypted versions of all your banks’ passwords. Then when you log into your desktop software an do an “online update”, you enter your master password and it automatically logs in to all your bank and investment accounts and downloads and updates your balances in your desktop software.
I don’t think there’s a single major US bank that doesn’t support this, so security can’t be the reason banks here prevent this. The Australian banks have probably either decided that there is little demand for this service, or that they want to keep people coming to their sites for marketing reasons. There is probably little enough competition among the banks in Australia that they can get away with this.
-Bruce
Hello - simply passing through - I just called Suncorp (after coming across this blog )to ask and they do not offer the service.
Cheers
found something you folks may find interesting - http://www.banklink.com.au/whatis.htm
[…] long time ago I asked why my bank account did not have a web service API. I had come across Dimewise and thought […]