web: it's my data on their web site, let me get at it
I'm being audited, the IRS says "Please bring cancelled checks and deposit slips", how quaint. It's more like 250+ pages of electronic statements and electronic check images to print out. I wish the IRS let you bring a directory of hyperlinked PDFs.
Fortunately my financial institutions provide online records going back far enough, though one (whose name rhymes with "smells cargo") cuts off after a pathetically short two years.
==> Save your own PDF copies of your statements! Don't rely on your bank.
Unfortunately, all financial institutions make it difficult to grab this information. The URL to download my January 2007 statement is invariably an impenetrable mess. It should be just https://secure.thebank.com/records/internalUserID/2007/statements/checking_1234_2007-01.pdf, where internalUserID is what refers to me internally. Then I can just change the end of the URL to 2007-02, -03, etc. You might think it's more secure to have a meaningless jumbled URL with token IDs and session IDs and crap, but that's confusing a secured session with a complicated name, and it's guaranteeing the URLs will change when they rethink their web site.
(The same really holds true for any other data on the web. I can't get my pictures out of Sprint PictureMail because there isn't a simple URL for each one.)
Also, the institutions do the usual crappy job of naming the downloaded file. When I repeatedly click to download my statements, I getBANKSTMT_APR2008_1234.pdf
BANKSTMT_AUG2008_1234.pdf
BANKSTMT_DEC2007_1234.pdf
BANKSTMT_DEC2008_1234.pdf
BANKSTMT_FEB2008_1234.pdf
BANKSTMT_JAN2008_1234.pdf Note the ^$#@! random order of the files because the institution didn't use ISO8601 date format. BANKSTMT_1234_2008-04.pdf sorts in the right order, why do people persist in using stupid date formats?.
The real interesting issue is what would happen if I was no longer a customer of Tells Margo? The moment you're not a customer, you lose access. But that's not fair, a former customer still should have rights to access old data. Again, that's why simple URLs are so important. An institution should let me access /records/internalUserID/correspondence/2010/some_old_record.pdf even if my accounts are defunct. And again, until the world works as it should, save those records in your own well-organized system despite the hassle.
Fortunately my financial institutions provide online records going back far enough, though one (whose name rhymes with "smells cargo") cuts off after a pathetically short two years.
==> Save your own PDF copies of your statements! Don't rely on your bank.
Unfortunately, all financial institutions make it difficult to grab this information. The URL to download my January 2007 statement is invariably an impenetrable mess. It should be just https://secure.thebank.com/records/internalUserID/2007/statements/checking_1234_2007-01.pdf, where internalUserID is what refers to me internally. Then I can just change the end of the URL to 2007-02, -03, etc. You might think it's more secure to have a meaningless jumbled URL with token IDs and session IDs and crap, but that's confusing a secured session with a complicated name, and it's guaranteeing the URLs will change when they rethink their web site.
(The same really holds true for any other data on the web. I can't get my pictures out of Sprint PictureMail because there isn't a simple URL for each one.)
Also, the institutions do the usual crappy job of naming the downloaded file. When I repeatedly click to download my statements, I get
BANKSTMT_AUG2008_1234.pdf
BANKSTMT_DEC2007_1234.pdf
BANKSTMT_DEC2008_1234.pdf
BANKSTMT_FEB2008_1234.pdf
BANKSTMT_JAN2008_1234.pdf
The real interesting issue is what would happen if I was no longer a customer of Tells Margo? The moment you're not a customer, you lose access. But that's not fair, a former customer still should have rights to access old data. Again, that's why simple URLs are so important. An institution should let me access /records/internalUserID/correspondence/2010/some_old_record.pdf even if my accounts are defunct. And again, until the world works as it should, save those records in your own well-organized system despite the hassle.
posted by skierpage at
15:42
0 Comments:
Post a Comment
Links to this post:
Create a Link
<< Home