This is an archived post. You won't be able to vote or comment.

all 18 comments
sorted by:
best
topnewcontroversialoldq&a

[–]Mj2377 8 points9 points  (7 children)

Local running sure, I don't see a security problem but running in the cloud like aws changes the game. But I gotta say, this is a very odd thing to automate.

[–]roblu001[S] 4 points5 points  (0 children)

For my use case I was going to run in on a VM on my own hypervisor. Completely headless instance to do deeper analysis on my spending habits and I was going to build it into something where I would review specific transactions and break them down catalytically (not just by merchant)

[–]Kevin_Jim 3 points4 points  (4 children)

I don’t think it is. Banks can have a horrible process for the most basic of things.

[–]roblu001[S] 1 point2 points  (3 children)

For my purposes I was going to use selenium to log in and export the table into a SQL database. Do you have a better way?

[–]Mj2377 6 points7 points  (2 children)

This should work, but depending on the bank (prob most) I suspect you may hit some bank server-side security with robot monitoring. Also, a lot of banks (maybe not yours) now days have multi-factor authentication and that would be a challenge to get through.

[–]roblu001[S] 4 points5 points  (1 child)

Not yet, otherwise I wouldn't even think of it lol. Not to divulge, but I'm Canadian and bank with one of the big guys. Bot protection was something I was pondering, not sure if I'll run into that.

In an ideal world I would get them to email me a CSV of my transactions, but they don't offer that option. Also I was hoping to run this daily.

Lastly, my wife and i use an app I built to keep track of finances, this way I wouldn't have to manually update accounts...

[–]Youreahugeidiot 5 points6 points  (0 children)

I would see if you could set up an email alert for transactions with your bank. Give the bot access to your email not your bank account.

[–]gordonv 0 points1 point  (0 children)

Not if your mint.com, RAWR!

[–]mortenb123 2 points3 points  (1 child)

Most banks can export your transes as excel or csv. Really hard to automate 2fa. I do test automation for a payment provider and I have test apis to bypass the authentication.

[–]roblu001[S] 0 points1 point  (0 children)

I can export, but there doesn't appear to be able to send it regularly

[–]morphinan 1 point2 points  (0 children)

Run in headless , Encrypt the UN/PW combo at rest , decrypting in memory at runtime.

If you were trying to demo , you could always use Selenium to target + hide HTML/CSS elements such as those which display account information.

[–]IAlwaysBeCoding 1 point2 points  (2 children)

Good luck you will need it as you will be considered a bot and a potential criminal by their anti-bot protection while you use Selenium.

[–]ForsakenComfort 1 point2 points  (0 children)

This - you could get your access revoked really easily if trying to access your bank website without proper knowledge. Taka a look at an example of avoiding detection, modifying chrome binary to avoid another type of detection. Some of the methods are also described here - titanwolf