Solved

Sockets & Finance

Posted on 1998-09-23
10
326 Views
Last Modified: 2010-04-01
Can anybody recommend a good tutorial for learning sockets and financial transactions? I'm interested in writting an app to keep tabs on credit card balances (my own, not the world's) via internet & would like to get an idea of how much a nightmare I'm looking at. I want to get a good overview the areas involved. I'm not even sure what security issues there are so any insight will be greatly appreciated.

Thanks!
0
Comment
Question by:Grailman
10 Comments
 
LVL 2

Expert Comment

by:gysbert1
ID: 1173558
Sockets is not a problem. That we can help you with.

EFT is not that simple though. Doing the application is pretty straightforward, you just have to construct the correct packet and send it, but your bank will definately have very strict security Issues concerning this and I doubt you would be able to actually connect to them.

I did some EFT work a while back and you will have to do interfacing with the bank's technical staff.

Remember that if you can get your balance you can also get other people's balances and they will not allow that.

I suggest you contact your bank and find out if it would be at all possible. I know some banks have passworded firewalls and banking servers up for online banking. This usually works through a browser using 128bit DES encryption on all data and a very strict authentification protocols.
0
 
LVL 1

Author Comment

by:Grailman
ID: 1173559
As for the sockets, what route is going to be best to reduce the learning curve? As for the rest, I take it that I would have to target very specific institutions to connect (Each of mine or my wifes specific cards or loans). Are you farmiliar with any general banking regs I might have to comply with?
0
 
LVL 2

Expert Comment

by:gysbert1
ID: 1173560
Since banking regulations vary from bank to bank and from country to country I doubt my experience in that field would be of much help.

Sockets are accessed much the same as files.
1) You simply issue a open command to open the socket
2) You call a function (select) to see if any data is available (a bit different from files)
3) You call read to or write to perform communication
4) You call close to terminate the connection.

There are a lot of issues though such as UDP or TCP connections and I suggest you get a good book on sockets. On what operating system will this work ? W.R. Stevens has a good book out called "Unix Network Programming". It explains everything you need to know (don't be fooled by the Unix part. Everything works almost exactly the same in Windows)

    W. Richard Stevens.
    Englewood Cliffs, NJ : Prentice-Hall, 1990. - XI, 772 S.
    ISBN  0-13-949876-1

I also suggest you look at www.sockets.com for lots of information end example applications.
0
 
LVL 1

Expert Comment

by:Bonev
ID: 1173561
As far I understand you want to keep track on your credit card balances. I don't think that most of the financial institutions allow Internet access to their data. All this is done via standard phone lines. Think of the 13 millions POS worldwide. I believe that the banks are connected in some kind of network that can be accessed through special service providers. And it is not the Internet.
0
 
LVL 2

Expert Comment

by:gysbert1
ID: 1173562
That is exactly the problem. The system I worked on used a special authentification application to dial into a service centre of the bank. It did all the security stuff for you and then allowed you to send TCP packets over the established link to do your EFT transactions. It was used not to get balances but to subtranct ammounts off peoples accounts (much like a credit card machine in a store). These transaction must even go through a second verification process where the signed receipts are produced before they are accepted.

As we all would hope the banks are very stingy when it comes to accessing their computers from outside for this would be the perfect way to ad a few $M to your account ;^)

0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 1

Expert Comment

by:andla
ID: 1173563
I don't know much about this stuff (i would be glad if somebody could explain to a beginner) but it would be fantastic to create a program that send me a warning if somebody draw extra money from my VISA card. I got my card today, but the (bankofficer ?!)guy who worked at the bank warned me not to buy anything with paycard over internet. Normally this can slipp away if you don't check you account from time to time. I heard that the bank (in sweden) had a service where i could check my bankaccount and make transfere.

Your sincerely
Andla
0
 
LVL 1

Author Comment

by:Grailman
ID: 1173564
I do not actually want to do any financial transactions over the internet or phone lines, but just monitor my balance (I suppose that to the financial institutions there's not much diffrence though). If anyone will lock the question w/ a good EFT, POS, and encryption information source, I'll go ahead & give the points.
0
 
LVL 2

Accepted Solution

by:
gysbert1 earned 100 total points
ID: 1173565
For  FEDI (Financial Electronic Data Interchange),EFT(Electronic Fund Transfer)and X12 (the ANSI standard that the communication is built on) have a look at:
  http://haas.berkeley.edu/~citm/wp1006/bofatoc.html
  http://web.fie.com/web/era/edi_def.htm
  http://www.xmledi.com/
  http://www.premenos.com/standards
  http://www.oakland.ecrc.org/eft.html
Other Sites:
  http://www.edifice.org/otherweb.htm

I think this site will have links to everything you need to know about DES (Data Encryption Standard):
  http://webopedia.internet.com/TERM/D/DES.html

Although DES is used and accepted as secure for encryption it is not the only option when doing EDI. The EDI documentiation above should have more information and links to the relevant encryption standards that exist and what the options are. After all, 10 years ago EDI was alive and kicking but DES was still a top secret DOD project ;^)

As far as POS goes it is simply a acronym for Point Of Sales System. Cash regesters etc. are classified as POS's and the more modern ones make use of FEDI or more likely EFT to deduct amounts off credit cards when you buy something in the store. I could give you lots of links to companies who sell these systems but I doubt it will be of any help.

Good luck on your project. Hope this answers all your questions.
0
 
LVL 1

Author Comment

by:Grailman
ID: 1173566
Gave you a B only because I'll take the sites on your word until I have time to check them out.

Thanks!
0
 
LVL 2

Expert Comment

by:gysbert1
ID: 1173567
Although it is obviously your choice I would reccomend you to check out any answer before grading it.

Blindly accepting an answer before making sure it is what you want is never a good Idea.
No expert will be upset if he has to wait a week or so for you to check out the solution before grading but if you accept the answer and it does not solve your problem you just might be very sorry you did ...
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When writing generic code, using template meta-programming techniques, it is sometimes useful to know if a type is convertible to another type. A good example of when this might be is if you are writing diagnostic instrumentation for code to generat…
Article by: SunnyDark
This article's goal is to present you with an easy to use XML wrapper for C++ and also present some interesting techniques that you might use with MS C++. The reason I built this class is to ease the pain of using XML files with C++, since there is…
The goal of the video will be to teach the user the difference and consequence of passing data by value vs passing data by reference in C++. An example of passing data by value as well as an example of passing data by reference will be be given. Bot…
The viewer will learn how to pass data into a function in C++. This is one step further in using functions. Instead of only printing text onto the console, the function will be able to perform calculations with argumentents given by the user.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now