Solved

Sockets & Finance

Posted on 1998-09-23
10
320 Views
Last Modified: 2010-04-01
Can anybody recommend a good tutorial for learning sockets and financial transactions? I'm interested in writting an app to keep tabs on credit card balances (my own, not the world's) via internet & would like to get an idea of how much a nightmare I'm looking at. I want to get a good overview the areas involved. I'm not even sure what security issues there are so any insight will be greatly appreciated.

Thanks!
0
Comment
Question by:Grailman
10 Comments
 
LVL 2

Expert Comment

by:gysbert1
ID: 1173558
Sockets is not a problem. That we can help you with.

EFT is not that simple though. Doing the application is pretty straightforward, you just have to construct the correct packet and send it, but your bank will definately have very strict security Issues concerning this and I doubt you would be able to actually connect to them.

I did some EFT work a while back and you will have to do interfacing with the bank's technical staff.

Remember that if you can get your balance you can also get other people's balances and they will not allow that.

I suggest you contact your bank and find out if it would be at all possible. I know some banks have passworded firewalls and banking servers up for online banking. This usually works through a browser using 128bit DES encryption on all data and a very strict authentification protocols.
0
 
LVL 1

Author Comment

by:Grailman
ID: 1173559
As for the sockets, what route is going to be best to reduce the learning curve? As for the rest, I take it that I would have to target very specific institutions to connect (Each of mine or my wifes specific cards or loans). Are you farmiliar with any general banking regs I might have to comply with?
0
 
LVL 2

Expert Comment

by:gysbert1
ID: 1173560
Since banking regulations vary from bank to bank and from country to country I doubt my experience in that field would be of much help.

Sockets are accessed much the same as files.
1) You simply issue a open command to open the socket
2) You call a function (select) to see if any data is available (a bit different from files)
3) You call read to or write to perform communication
4) You call close to terminate the connection.

There are a lot of issues though such as UDP or TCP connections and I suggest you get a good book on sockets. On what operating system will this work ? W.R. Stevens has a good book out called "Unix Network Programming". It explains everything you need to know (don't be fooled by the Unix part. Everything works almost exactly the same in Windows)

    W. Richard Stevens.
    Englewood Cliffs, NJ : Prentice-Hall, 1990. - XI, 772 S.
    ISBN  0-13-949876-1

I also suggest you look at www.sockets.com for lots of information end example applications.
0
 
LVL 1

Expert Comment

by:Bonev
ID: 1173561
As far I understand you want to keep track on your credit card balances. I don't think that most of the financial institutions allow Internet access to their data. All this is done via standard phone lines. Think of the 13 millions POS worldwide. I believe that the banks are connected in some kind of network that can be accessed through special service providers. And it is not the Internet.
0
 
LVL 2

Expert Comment

by:gysbert1
ID: 1173562
That is exactly the problem. The system I worked on used a special authentification application to dial into a service centre of the bank. It did all the security stuff for you and then allowed you to send TCP packets over the established link to do your EFT transactions. It was used not to get balances but to subtranct ammounts off peoples accounts (much like a credit card machine in a store). These transaction must even go through a second verification process where the signed receipts are produced before they are accepted.

As we all would hope the banks are very stingy when it comes to accessing their computers from outside for this would be the perfect way to ad a few $M to your account ;^)

0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 1

Expert Comment

by:andla
ID: 1173563
I don't know much about this stuff (i would be glad if somebody could explain to a beginner) but it would be fantastic to create a program that send me a warning if somebody draw extra money from my VISA card. I got my card today, but the (bankofficer ?!)guy who worked at the bank warned me not to buy anything with paycard over internet. Normally this can slipp away if you don't check you account from time to time. I heard that the bank (in sweden) had a service where i could check my bankaccount and make transfere.

Your sincerely
Andla
0
 
LVL 1

Author Comment

by:Grailman
ID: 1173564
I do not actually want to do any financial transactions over the internet or phone lines, but just monitor my balance (I suppose that to the financial institutions there's not much diffrence though). If anyone will lock the question w/ a good EFT, POS, and encryption information source, I'll go ahead & give the points.
0
 
LVL 2

Accepted Solution

by:
gysbert1 earned 100 total points
ID: 1173565
For  FEDI (Financial Electronic Data Interchange),EFT(Electronic Fund Transfer)and X12 (the ANSI standard that the communication is built on) have a look at:
  http://haas.berkeley.edu/~citm/wp1006/bofatoc.html
  http://web.fie.com/web/era/edi_def.htm
  http://www.xmledi.com/
  http://www.premenos.com/standards
  http://www.oakland.ecrc.org/eft.html
Other Sites:
  http://www.edifice.org/otherweb.htm

I think this site will have links to everything you need to know about DES (Data Encryption Standard):
  http://webopedia.internet.com/TERM/D/DES.html

Although DES is used and accepted as secure for encryption it is not the only option when doing EDI. The EDI documentiation above should have more information and links to the relevant encryption standards that exist and what the options are. After all, 10 years ago EDI was alive and kicking but DES was still a top secret DOD project ;^)

As far as POS goes it is simply a acronym for Point Of Sales System. Cash regesters etc. are classified as POS's and the more modern ones make use of FEDI or more likely EFT to deduct amounts off credit cards when you buy something in the store. I could give you lots of links to companies who sell these systems but I doubt it will be of any help.

Good luck on your project. Hope this answers all your questions.
0
 
LVL 1

Author Comment

by:Grailman
ID: 1173566
Gave you a B only because I'll take the sites on your word until I have time to check them out.

Thanks!
0
 
LVL 2

Expert Comment

by:gysbert1
ID: 1173567
Although it is obviously your choice I would reccomend you to check out any answer before grading it.

Blindly accepting an answer before making sure it is what you want is never a good Idea.
No expert will be upset if he has to wait a week or so for you to check out the solution before grading but if you accept the answer and it does not solve your problem you just might be very sorry you did ...
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Many modern programming languages support the concept of a property -- a class member that combines characteristics of both a data member and a method.  These are sometimes called "smart fields" because you can add logic that is applied automaticall…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
The viewer will learn how to pass data into a function in C++. This is one step further in using functions. Instead of only printing text onto the console, the function will be able to perform calculations with argumentents given by the user.
The viewer will learn how to clear a vector as well as how to detect empty vectors in C++.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now