Analysis: Chase Bank API and OFX

[hwang26]

Research using the Chase Bank API and if necessary, utilizing Open Financial Exchange.

Acceptance Criteria:

By the end of our analysis, we want to successful retrieve a transaction from Chase bank. Leave sample code and screenshots on this issue.

Additionally, we want to do some research on existing apps like Firefly III. Knowing how they store transactions might be useful to us in development. We can add these observations to #9 if they seem appropriate.

Technical Details

Reference: https://stackoverflow.com/questions/7269668/is-there-an-api-to-get-bank-transaction-and-bank-balance http://www.ofxhome.com/index.php/home/directory https://www.ofx.net/

[hwang26]

Security Risk

According to this article https://web.securityinnovation.com/hubfs/2018%20Documents/Your-Banks-Digital-Side-Door-ESummary.pdf, implementation of OFX from banks seem to have weak security standards (eg. No MFA, Not updated frequently, Backend version information available).

The security risk of utilizing OFX should be considered.

[hwang26]

Conclusion

• After trying to retrieve Chase statements and general account information using the python tool ofxget, it seems that most likely, I won't be able to retrieve Chase data as a third party that's not a large firm such as Intuit's Quicken app. The CLI is erroring and while it tells me to enable 3rd party app access through Chase's Secure Messages center, I don't receive those aforementioned messages.
• While it would be nice to automate the transaction retrieval process, it would also have come with its own risks such as having to ensure proper transfer security.
• What we can do instead is to link the user to manually download their statement and upload it to our application. From there, we can extract transaction data from the PDF using pdf.js-extract and then go from there.