|
joftech (m)
|
I was wondering if it's possiible to write a program that can retrieve someone's bank account update from Nigerian banks database.
|
|
|
|
|
|
dejiolowe (m)
|
interswitch already do that. but what is the scope of what u want to do?
databases already allow people to connect. but u might be talking about bank applications which usually interface via iso8583.
|
|
|
|
|
|
joftech (m)
|
I mean an API that will allow me to query my own (or any other person's, provided i can supply the needed/required ID and password) bank account from the program/web app that i will like to write. Sort of google/yahoo API that allow you to query a particular part of their map system.
I was thinking about an application that will display a ticker on the desktop which will be updated on a realtime basis.
|
|
|
|
|
|
sbucareer (f)
|
@joftech, wetin you won do with another person akaterian? Banks would not be stupid to publish their API on the internet. Even by mistake you had come across such API, to access some object and call up a function say transfer balance etc, that process MUST be a local process known to the Enterprise Application. If the process is running on a different Enterprise Application, the security settings will not let your request go beyond some switches and routers. Mind you Enterprise Architecture is very different. A Bank may hold there DB in Scotland, their Enterprise Server in London, All their middleware in another location. All these is to help with network fault tolerant and virus. If you are looking for google/yahoo API, I think google has it API here, but not banks. To query your bank account, you need to login to your online bank website, if you bank has one. Alternatively, you could use 24hrs banking telephone service if your bank provides one. The last one is to visit your branch and ask a cashier to help you query your account. Then again there is this last one, which I will not recommend to take a gun and visit your branch. |
|
|
|
|
|
joftech (m)
|
@joftech, hahahahahaha!!! wetin you won do with another person akaterian? Did you bother to read my posts properly at all. Thank God you said i can use their website to do my query good. What i simply want to do is to use those set of username and password to tunnel to their network simply to retrieve my own and only my own account information. At least there's a way they made it impossiible for me to view other's account on their website. I wasjust imagining something of that nature because there's an idea i was thinking about, i can't disclose it though (it's a trade secret). |
|
|
|
|
|
sbucareer (f)
|
@joftech, you can NOT issue queries to your bank. The quries are already provided for you. i.e. 1. check balance 2. transfer fund 3. cancel standing order 4. make a payment etc.. But tell me, why have your username and passwd send over unsecure HTTP to just authenticate your details on an online application like online banking? Online banks don't use HTTP/HTTPS to get your details. They use RMI/RPC |
|
|
|
|
|
sbucareer (f)
|
Sorry I misunderstood ur question. It doesn't worth the application. Using tunnelling application would not be a good idea. I once had an idea of a project I wanted to do. It was something to do with HTTP/HTTPS authentication from a remote server using tunnelling as my transport protocol, but I soon abandoned it.
|
|
|
|
|
|
larryoncol (m)
|
sbucareer:
from you point of view, let me have a clear definition and examples of what an API is
thanks
larry
|
|
|
|
|
|
sbucareer (f)
|
There may be two types of API:
1. Local API
2. Remote API
Both API's are define during the application development stage. Bank being a very regulated service and security being one of the major business will NEVER publish their API as a remote web-service or remote-RPC/RMI.
Even if they do, it would be to a trusted party or a corelation of integrated solution from banks i.e. you can withdraw money from any bank that is not your branch.
I learned that the ATM machine in your bank or any banks do not in any way connect to your bank, amazing. You see the magnetic strip at the back of your credit card or bank card is just an EPROM (Erasable Programmable Read-Only Memory) that the machine uses to locate your tuple at the actual bank database.
The ATM is a computer like this one you are using to read this message. It is connected to internet through a special gateways. There is a software that runs within the box. The software reads your card and take and update your EPROM. Your EPROM is just a set credit or debit say $5000 limit
Any time you make withdrawal say $200, the software will do 5000 -200 = 4800 and the EPROM will be updated to $4800. The box will try and connect to the bank with these transactions using your bank account as the primary key. Meanwhile, you must have a $5000 credit/debit on your bank for the process to be successful.
This is when a remote API is used within a banking system. These API's are application dependent and cannot be changed or modified by any application. They use a very strong encryption to identify the remote object.
The point is you cannot have access to these API's, even if you do, the ATM have a Time stamp to every object that connects back to the bank.
Here is a definition of API from google
|
|
|
|
|
|
segebee (m)
|
i actually seem to disagree with my programming mentor sbucareer
i do believe banks have an api
bt u must be trusted that's why they give respected coys like interswitch
i feel ur project bt for u to get access u need to gain trust
as a dba, all i need to do is create an account for u and give u port no etc
bt then u could because damage, so u see y trust is important
id say float a coy
@sbucareer how do i create an sms portal
I'm also workin on a project
|
|
|
|
|
|
sbucareer (f)
|
Simple, get a SMS gateway from many of the online SMS services like this one
You really have to shop around, some offers low credit according to traffic and some offer just bulk buy. What ever you business application, you have to get an SMS gateway before you can develop an SMS portal.
Also your decision to getting a gatway from any company will be heavily dependent on the script language their offer as their API. Many offers Visual basic/ASP and PHP or JAVA.
They would send you a booklet or ebook on how to configure their API with your server. At this point if you need help contact me I would generously help you.
Other way is to set up your own SMS gateway, you would need some software like unix and get an ISP that has a GSM gateway that can terminate your messages. It could be two-way termination but it could cost you more.
I have a business proposal for someone that can introduce me to any top official that works with MTN or globalcom. The business is to provide me a carrier band to shift calls from the world to Nigeria at a very competitive rate. Your part would be a one off payment of £50k
Banks would not be stupid to publish their API on the internet. Even by mistake you had come across such API, to access some object and call up a function say transfer balance etc, that process MUST be a local process known to the Enterprise Application.
NOTE segebee
I never said that bank do not have API. I said, it may not be available to the public.
|
|
|
|
|
|
rookie (m)
|
Online banks don't use HTTP/HTTPS to get your details. They use RMI/RPCReally, why use interprocess communication to interact with a web client; or are you talking about the bank HTTP server interaction with bank application engine? |
|
|
|
|
|
sbucareer (f)
|
I would retract that sentence, after studying ways to pass request front and back to the server it might be argued that banks could securely use HTTPS as a protocol in requesting an encrypted object from the web-tier.
Although, I am not fully convinced, but reading some article on recent HTTPS technology and the new 128-bits Cipher Strength, it could be argued that sending data across the internet gateway may pose little or no security issues.
But I am still heavily not convinced.
|
|
|
|
|
|
|
|
dakmanzero (m)
|
blah blah blah
|
|
|
|
|
|
babasin (m)
|
@sbucareer,
what are you trying to achieve: API connection possible with adequate SSL security.
|
|
|
|
|
|
sbucareer (f)
|
I was wondering if it's possible to write a program that can retrieve someone's bank account update from Nigerian banks database.
This was the question asked by the poster. Lets look at the question bit by bit.
1. Is is possible to write a program that can retrieve someone’s bank account? Yes
2. Can you update from Nigeria banks database? Yes.
Assuming that the bank is sensible enough to protect their customer’s money from thieves, they would not want to provide public access to their databaseor information systems.
Ok, lets say the banks are doing business in 21st century where investment is all about money, acquisition, merger, and competitiveness. They have to device a way to share their information system with third trusted party.
Now, the programmers will create what we call Web service that will use SOAP protocol and probably use a message type, XML to expose their API. These messages may be synchronous or asynchronous it does not matter.
Now, let say you are not a trusted third party, how would you know what web servers they use? Protocol they use? Message type they use?
Even you as an ordinary developer, when you develop your personal site, you would not want someone to nick your photos, images and your special CSS and JS.
Let me iterate, I never said banks can not public their API or it is impossible to publish a banks API, what I said is that it is not possible to publish banks API to the public. If you know of a bank let us know, please.
|
|
|
|
|
|
babasin (m)
|
Full agree with you!
|
|
|
|
|
|
![Nairaland [Nigerian Forum] Home](http://www.nairaland.com/Themes/default/images/english/home.gif)
Author
