
Ask HN: What is the best way to get a user's bank statement details? - _448
Of course with user&#x27;s consent.
======
5bolts
[https://www.youtube.com/watch?v=fhUHVGTa8mQ](https://www.youtube.com/watch?v=fhUHVGTa8mQ)

the youtbe description for context

Why does my bank's website require my MFA token but Quicken sync does not? How
is using Quicken or any personal financial software different from using my
bank's website? How are they communicating with my bank? These questions ran
through my head when balancing the family checkbook every month.

Answering these questions led me to deeply explore the 20 year old Open
Financial Exchange (OFX) protocol and the over 3000 North American banks that
support it. They led me to the over 30 different implementations running in
the wild and to a broad and inviting attack surface presented by these banks'
digital side doors.

Now I'd like to guide you through how your Quicken, QuickBooks, Mint.com, or
even GnuCash applications are gathering your checking account transactions,
credit card purchases, stock portfolio, and tax documents. We'll watch them
flow over the wire and learn about the jumble of software your bank's IT
department deploys to provide them. We'll discuss how secure these systems
are, that keep track of your money, and we'll send a few simple packets at
several banks and count the number of security WTFs along the way.

Lastly, I'll demo and release a tool that fingerprints an OFX service,
describes its capabilities, and assesses its security.

------
rman666
I probably don’t know what I’m talking about, but I believe there has been a
consolidation of backends used by consumer banking systems. So, if you used to
have to worry about interfacing with 100 different systems, maybe now you only
have to worry about 10. I believe one of the biggest providers in this space
is FISERV. I would shack out their site to see what you can learn.

------
smt88
In the US, the best/only method is still scraping via API such as Plaid.

