There is no doubt that electronic commerce is improving the way that we live our lives. Internet e-commerce provides a competitive global marketplace that makes it easier for buyers and sellers to connect with each other.  This has a number of positive effects, including the creation of better products through increased competition, reduced marketing and administrative costs for merchants, greater accessibility, zero material costs and instant delivery (as in the case of some software), etc.

Unfortunately, along with the benefits of electronic commerce there are some serious drawbacks.  Most notably of late are fraud and identity theft.  As there is no face-to-face contact during Internet transactions, it is far easier for dishonest people to steal information or impersonate others.  As anyone who has been a victim can tell you, quickly reacting to fraud is the single best thing that you can do if you become a victim.  Timely reaction to the fraudulent charges offers you the best protection against long delays and investigations. 

This article will review using two complementary Internet technologies, OFX and RSS, and will demonstrate how to provide credit card and bank transaction information in a single consolidated RSS feed. By watching a single feed one can quickly review transactions and rapidly respond to any fraudulent charges which might occur.

Requirements

This article makes use /n software’s RSS Component included as part of IP*Works! .NET Edition as well as the IBiz OFX Integrator.  IBiz OFX Integrator for Microsoft .NET includes fully-managed components that support the retrieval of bank and credit card transaction information. 

What is OFX?

OFX (Open Financial eXchange) is an XML standard for exchanging financial data between financial institutions and client applications.  The standard was formed in the late 1990’s as a joint venture between several entities, including Microsoft and Intuit, as a way for their applications (Money and Quicken) to access financial accounts.  The protocol allows clients to manage many aspects of financial accounts including the retrieval of transaction information, bill payment, bill presentment, etc. 

There is nothing magical about using RSS for aggregating transaction information into a single feed.  However, because of the popularity of RSS, there are a number of great RSS readers that make working with the protocol particularly convenient. Additionally, since RSS feeds are typically served from a web server, there are security features that make RSS more attractive than some other delivery alternatives. 

Why don’t we send the transaction details over email?  Email is a convenient way to receive these notifications, however without any security your transaction information could be easily intercepted as it travels across the Internet.  Unless you encrypt each email message using industrial-strength encryption such as S/MIME, your confidential information could easily be compromised.  RSS on the other hand is generally consumed over HTTP, where it is easy to add SSL and HTTP authentication providing a necessary layer of security. Many RSS readers today support both SSL and various types of HTTP authentication.

This article does not touch on implementing security for your RSS feed, however there are many great resources on the Internet that talk about how to do this depending on the type of server and development technology used.  Requiring that the RSS feed consumer be connecting over SSL and adding basic authentication is enough to keep your transaction information secure.

How Does it Work?

For this article we will be using ASP.NET to create our feed, though the code and components are available for nearly every major development technology including Java, PHP, Delphi, classic ASP, etc.  As all /n software components keep the same interfaces across development technologies, the code in this article could very easily be recreated in ASP, Java, or PHP for example. 

To begin, we are going to make an ASP.NET page to serve the transactions as a dynamic RSS feed.  This way, each time the RSS consumer (feed reader) attempts to access the feed, the code in our ASPX page will execute and serve the latest OFX transaction information from the financial accounts.  In some cases one might want to limit the frequency in which the transaction information is pulled from financial institutions.  To do so one could use the built-in ASP.NET caching capabilities to cache the feed for some duration.  Again, these kinds of enhancements are beyond the scope of this article.

Getting Started with the RSS Component

The IP*Works! RSS component is straightforward and easy to use.  First, create the RSS object and populate it with some basic channel information.  The channel information gives feed consumers a description of the RSS feed contents.  This information is typically displayed as the channel description of your RSS feed reader.

Code Listing 1

nsoftware.IPWorks.Rss rss = new nsoftware.IPWorks.Rss();

rss.ChannelTitle        = "Recent AMEX Charges";
rss.ChannelWebMaster    = "[you@youremail.com]";
rss.ChannelLink         = Request.Url.AbsoluteUri;
rss.ChannelDescription  = "Credit Card Transactions";
rss.ChannelCopyright    = string.Format("Copyright {0}, /n software", DateTime.Now.Year);

Much of the above information is not really critical to this application; however some RSS readers will not display the feed correctly without it.

After setting some basic feed properties, we are going to want to set some information on the IBiz Integrator OFX components. 

In this example we are going to connect to American Express and download the transaction information for a specific account.  Connecting and downloading transaction information from Credit Card companies is entirely encapsulated in the CCStatement component.

Code Listing 2

nsoftware.IBizOFX.Ccstatement card = new nsoftware.IBizOFX.Ccstatement();

card.OFXUser        = "[User Name]"; 
card.OFXPassword    = "[Password]"; 
card.FIUrl          = "https://www99.americanexpress.com/myca/ofxdl/us/download?" + 
                      "request_type=nl_desktopdownload;" 
card.FIId           = "3101"; 
card.FIOrganization = "AMEX"; 
card.OFXAppId       = "Money"; 
card.OFXAppVersion  = "1400"; 
card.CardNumber     = "[CardNumber]"; 
card.StartDate      = ""; 
card.EndDate        = ""; 

The OFX User and Password above represent the username and password used to login to American Express online for account management.  Most credit card companies use the same user name and password for OFX retrieval as they do for online access.  Some companies however require a special registration which provides a different user name and password for OFX integration.  Follow the instructions for connecting with Quicken or Microsoft Money to find out about any special requirements for your financial institutions.  

The Financial Institution properties (FI properties above) are all institution specific.  These are required in order to connect to and download OFX data.  If you have trouble finding the FI data for your bank or credit card account, contact /n software support for help finding the connection information.

In addition, we have set the OFXAppId and OFXAppVersion to replicate the values that Microsoft Money sends to retrieve transaction information.  This is not a required step, however some financial institutions will only accept request from trusted clients.

Finally, set the CardNumber, StartDate, and EndDate to define the transaction set.  CardNumber is used to tell American Express which cards transactions to provide in the event that you have multiple American Express cards.  By leaving StartDate and EndDate empty, American Express will send all of the previous transactions still available on the server. 

Why download the entire transaction set?  Since this is a process that happens virtually in the background, this application doesn’t really concern itself with limiting the amount of data returned. In addition we are taking advantage of some RSS feed readers' abilities to only show new RSS items. Since Credit Card transactions don’t change, only the new transactions show up as new items through the feed reader. Downloading smaller transaction sets based on the last downloaded transactions is certainly a feature that can be integrated in the future.

After setting the card properties, calling the GetStatement method causes the CCStatement component to connect to the server specified by the FIUrl and request the specified transaction set.  After completing the statement request, one is presented with an array of transactions that can be used to build the RSS feed of recent transactions.

Code Listing 3

card.GetStatement();

for (int i = 1; i <= card.TxCount; i++)
{
   string title = string.Format("{0} : {1} - {2} - {3}",
                  card.FIOrganization,
                  formatCurrency(card.TxAmount[i]),
                  card.TxPayeeName[i],
                  formatDate(card.TxDatePosted[i]) );
   string description = string.Format(
                        "<table border=0>" + 
                        "<tr><td>Date:<td>{0}<tr><td>Type:<td>{1}" +
                        "<tr><td>Amount:<td>{2}<tr><td>Payee:<td>{3}" +
                        "</table>\r\n",
                        formatDate(card.TxDatePosted[i]),
                        card.TxTypeDescription[i],
                        formatCurrency(card.TxAmount[i]),
                        card.TxPayeeName[i] );
   rss.AddItem (title, description, "");
   rss.ItemPubDate[1] = formatDate(card.TxDatePosted[i]);
   rss.ItemGuid[1]    = card.TxFITID[i];
}

While iterating over the credit card transaction, we can simultaneously build our RSS feed using the IP*Works! RSS component. All we are doing at this point is formatting the returned transaction information and adding each transaction as an RSS item.  The date and currency formatting functions called above are used to normalize dates and currencies provided in the credit card transaction set.

One thing to note here is that the AddItem method of the RSS object adds RSS items to the beginning of the item list. Every iteration over the Credit Card transaction set inserts a new RSS item to our feed.  After inserting the RSS item, set the ItemPubDate and the ItemGuid so that the transactions are listed correctly in our feed reader as they are returned from the credit card company. 

Using the formatting above, RSS items will show though your feed reader with the following title and item body:

---------------------------------
AMEX : - $19.43 – OUTBACK STEAKHOUSE #0172 RICHMOND -
7/16/2005 8:00:00 PM

Date :      7/16/2005 8:00:00 PM
Type :      Debit
Amount :    - $19.43
Payee :     OUTBACK STEAKHOUSE #0172 RICHMOND
---------------------------------

After iterating over the transaction set and including each transaction as a unique RSS item, one can easily serve the RSS feed by clearing the current output, changing the content type, and pushing the RSS data to the client.  This is accomplished with the following code:

Code Listing 4

Response.Clear();
Response.ContentType = "text/xml";
Response.Write(rss.RSSData.Trim());
Response.End();

The RSSData property provides a serialized RSS feed complete with channel information and items.  After writing the RSS data to the output stream, one should end the response so that no other content is sent to the client.

Future Improvements

Currently this article only demonstrates how to connect to a single credit card corporation to download transaction information. However, the interface for connecting with bank account information (BankStatement) is virtually identical to the CCStatement component.  Using a combination of the components in the IBiz OFX Integrator it is possible to provide an overview of all current transactions for all of your accounts through a single consolidated feed. 

As was mentioned earlier in this article, providing some level of security is also an important feature that should be incorporated in this application.  SSL security and some level of user and password authentication should be required when accessing sensitive transaction information.