How would you go about making an application that automatically retrieves your bank account balance twice a day?

Question

I'm building a utility that will hopefully keep my wife in tune with how much money we have available.

I need a simple secure way of logging into my bank account and retrieving the balance.

Something like mechanize is the only method I can think of. I'm not even sure if that would work given the properly authenticated https that banks use.

Any ideas?

Answer 1

Write a perl script using LWP::UserAgent. It supports HTTPS connections. The only issue might be if the site requires javascript.

Web Client Programming with Perl has a few examples to get you started if you're not too familiar with perl.

Answer 2

If you really want to go there, get these extensions for Firefox: Live HTTP Headers, Firebug, FireCookie, and HttpFox. Also download cURL and a scripting language that can run cURL command-line tasks (or a scripting language like PHP or Perl that has access to cURL libraries directly).

I've started down this road for some idempotent GET tasks like getting PDFs of the S&P reports (of the stocks I track) from my online brokerage, and downloading the check images for my bank account. Both tasks are repetitive and slow ways of downloading data to my computer that the financial institutions don't provide any way of making it easier.

Here's why you shouldn't: (as a shortcut I'm going to call the archetypal large bank, brokerage, or other financial institution "BloatBank")

1. BloatBank is not likely to make public their API for accessing this kind of information. So it can change any time and all your hard work will be for naught. Whenever they change their mechanism, you'll have to adapt.
2. If BloatBank finds out you've been using automatic scripting to try to access your account information, they may ban you because you've violated their terms of service.
3. You might screw up, and the interaction between the hodgepodge of scripts on BloatBank's server, and your scripts that access your account, might cause a Bad Thing like closing your account. Testing this kind of script is tremendously difficult because you don't have any documentation about how their online service works, and you don't have a test account you can mess with.
4. (a variant of the above) You think you're safe because you're issuing GET requests. But BloatBank is just a crazy bank that doesn't know anything about REST, so there are some GET requests that can mess up your account.
5. If someone else does use your script to maliciously sniff your online password or mess with your account, any liability coverage from BloatBank may disappear because you've opened a security hole.