tadhg.com
tadhg.com
 

Online Convenience in an Ideal World

22:36 Tue 18 Jan 2011
[, , , , , ]

I’ve recently been doing some online banking reorganization, and have realized just how inconvenient a lot of the services are. The main issue is that they’re all different services, where I want centralization.

That is, I want to be able to handle all my financial dealings from one spot, rather than having to deal with different sites (and, critically, different credentials) for the different services I want to pay for. At the same time, for obvious reasons, I don’t want to allow variable-cost services to be paid without my verification, so automatic payment isn’t the answer here.

I also want to keep an eye on all charges made, and, again, I don’t want to have to visit different sites for this.

A new credit card I recently signed up for offers a service that’s close to being sensible but falls short: you can have an email sent to you whenever a charge above a certain amount is made to it. That seems perfect—an easy and convenient way to vet charges without having to log into the card’s bank website all the time. I just set the amount to $1, as I figured that there’s no real disadvantage in doing so; reading a email isn’t a big deal.

Sadly, it doesn’t work the way I want it to work. It just sends you an email that tells you a transaction exceeded the amount you set. To find out anything else at all, you have to log into the site. This, of course, is just annoying. There’s no way to tell it what you want emailed to you, either. I don’t for a moment think that having the amount and origin of each charge sent to my email account would be a security problem, and I really wish they would let me decide that. If you have multiple credit cards from multiple issuers, that approach makes even more sense.

The same goes for multiple banks, and multiple bills you want to pay. For that matter, why is it that you can do bill pay services from your bank accounts from your bank’s site, but if you’re paying by credit card you have to go to the site of the service? Is it because this a courtesy banks only do for people with “real” accounts? Given how much they encourage you to use your credit cards, I don’t see how that makes sense…

I suspect that the desire to centralize things like this is one of the reasons that mint.com is so popular. I’m a little too paranoid to use it, though, and really want all my data to be under my direct control, on one of my machines. If I can’t secure my machines, then my accounts are compromised anyway, so I don’t have qualms about having my data locally. Or on a server of my own.

That’s one of the directions I’m going with this, towards the notion that the internet is a lot more powerful when servers are on both sides of interactions. These don’t have to be “servers” in the traditional sense, but could easily be cloud services. It’s not a new idea, and used to be somewhat trendy under the name of “agents”, i.e. semi-AIs that would handle a lot of the mundane stuff for you. What I’m suggesting throws out the AI part and retains the delegation/credentialing that would be required to make agents work.

The following scenario is easily within reach technically, using technologies that are already well-established:

  • I set up a service for myself, either on a machine of my own or elsewhere, to handle financial data. Let’s say I also have a client for this service, which could either be another site, like mint.com, or a local application like GnuCash or Quicken.
  • I give the details of this service to my various banking/other sites, while authenticated with them.
  • At a given time every day, or whenever a transaction occurs, or both, the banking/other sites post (using HTTP POST over SSL with credentials I gave them) data to my service.
  • My service emails me a summary every morning, or sends email under other conditions I specify.
  • My client (e.g. GnuCash or Mint) has access to this service and thus access to all my financial data, allowing the client to present more longer-term accounting details.

That’s the read side. And it’s just not that hard. In fact, with just a slight amount more cooperation from the banks, I could probably script something like this together that gets the bank info via email, rather than HTTPS POST to a service I provide. And with more scripting I could get it into a format that GnuCash might accept. But without a way to get the banks (and other services) to push notifications to me somehow, this can’t be done.

There could be a write side, also; either my local client or my service could be authenticated to initiate certain transaction with the banks, so that after seeing my financial summary I could take action from within the client, rather than having to go to the various bank sites to do so. There’s a relatively easy way to deal with security concerns here, too—if they’re really worried, the banks could stack up the various actions but not perform them until I log into their sites to confirm. That would be a little annoying, but much less so than having to deal with a pile of different interfaces in order to establish what the actions are in the first place.

It’s technically possible to do something like this now, from my side; I’m pretty sure I could write Python that would handle most of it. The two main problems are that I would have to give the Python my passwords (which could probably be handled safely) and that there would be a lot of HTML scraping necessary in order to interact with the bank sites, and that kind of thing is always extremely fragile.

This may have been a long way of saying that banks, and all financial services, should have common APIs that are public and that include push notifications to other APIs as determined by the customer. Unfortunately, I don’t see how to get there from here, and I don’t see how to make it worthwhile for banks to provide such services, unless perhaps the savings over printing paper bills (and, quite possibly, the savings of decreased server load) proved compelling, which I sadly doubt.

Leave a Reply