Any interest in a "import from bank website" command?

Beth Leonard beth at oasis.slimy.com
Thu Dec 13 01:17:42 EST 2007


On Wed, Dec 12, 2007 at 09:11:43PM -0800, David Barrett wrote:
> So, with all that in mind, if I were to create a "File :: Import :: Bank
> Website" command that pulls through the expensify.com OFX gateway, would you
> use it?  How can I satisfy your fraud concerns?  Or is the feature itself
> simply not interesting?

I can only guess that most people who would find it interesting
would speak up and say 'yes' and that those who don't would
remain silent, but perhaps it is the other way around so I should
speak.

I for one wouldn't use such a feature, but I don't want to speak for
others.  I think very very few people would be interested in giving
you their login information, especially if they know you're going to
use their account to verify if a particular bank works or does not
work.  Generally speaking that's a very bad idea -- both
for them and for you.  You don't want to be responsible for the
professional hackers who try to compromise your site, because they
know that others' data is stored there.  If you do have a security
breach, will you keep the snail-mail addresses and send mail to
those in the state of California informing them of the breach as
required by law?

A much better architecture would be one that has all the data reside
on the client side.  If different handshakes are required for different
banks, separate plug-in modules could be downloaded from a central
source.  If one breaks and lots of people are using it, it is likely
to be updated quickly (witness how quickly changes to finance::quote
get made when Yahoo changes it's price data format.)  This quick
turn around time is especially true if you have a handshake-builder
that makes it fairly easy for anyone to update and figure out what
is going on.

If this is a project that interests you, I recommend opening several
bank accounts at different banks yourself (many credit unions have
no-minimum-balance no-monthly-fee accounts) and get something working
that works for you.  Don't start your exploration by asking people
for their bank login data, finish there.  When you have something
working for your own accounts, have a trusted friend give it a try
locally on their machine for their bank.

Personally my bank transactions are not so numerous.  I just
manually reconcile with my paper statement and pay for nearly
everything with a credit card.  I download the credit card
statements and import using the OFX import features to track
my expenses.  (And yes I pay off the credit card bill every month.)

--Beth 
Beth Leonard
http://www.LeonardFamilyVideos.com


More information about the gnucash-user mailing list