Topic: Discover Card

GNUCash is telling me that their certificate is not signed. Has anyone else experienced this error?

The SSL verification log says "Success" does that mean they checked the certificate as well?

Re: Discover Card

Their certificate fails Verisign validation. I can't understand how ANY finance software would work correctly unless they bundle the certificate directly. FYI, here's a link to try to show the failure. I've been fighting with them on this for over a month.

https://knowledge.verisign.com/support/ … ;id=AR1130

3 (edited by alwayssummer 2012-10-18 02:53:39)

Re: Discover Card

ryanov wrote:

Their certificate fails Verisign validation. I can't understand how ANY finance software would work correctly unless they bundle the certificate directly. FYI, here's a link to try to show the failure. I've been fighting with them on this for over a month.

https://knowledge.verisign.com/support/ … ;id=AR1130

The certificate is now valid! Thanks for taking this up with them. I feel much better about connecting now.

BTW, how did you find the correct people to talk to about certificates?

Re: Discover Card

Hello Jesse,

I tried accessing OFX Direct connect for my Discover Card but not able to get a response for the list of account/card number in the ACCTINFORS.

Example:

<OFX>
<SIGNONMSGSRSV1>
<SONRS>
<STATUS>
<CODE>0
<SEVERITY>INFO
</STATUS>
<DTSERVER>20130904
<LANGUAGE>ENG
<FI>
<ORG>Discover Financial Services
<FID>7101
</FI>
</SONRS>
</SIGNONMSGSRSV1>
<SIGNUPMSGSRSV1>
<ACCTINFOTRNRS>
<TRNUID>123456
<STATUS>
<CODE>1
<SEVERITY>INFO
<MESSAGE>Client up-to-date
</STATUS>
<ACCTINFORS>
<DTACCTUP>20130904
</ACCTINFORS>
</ACCTINFOTRNRS>
</SIGNUPMSGSRSV1>
</OFX>

Please help me with this problem

Re: Discover Card

If anyone is still connecting to discover with ofx they recently (like 3 days ago from this post) gave out new account numbers. I have been using custom software that i wrote for the past 3 years and it finally broke. Once i requested an account list from them i found out i have a new card number!

When I updated my software with the new account number, data began flowing again.


For anyones info who needs this info the following also happened. Before the new account number i was able to connect, but every transaction had a credit for the same amount. On the new number the transactions are available and correct however the fitids were not shared between both accounts so i got 5 days of duplicate data because i request last 10 days every update. Ive removed the old duplicates and forsee no future problems with discover card and ofx (its been working great the past couple years).

Re: Discover Card

I haven't been able to connect for over a week; get 401 forbidden message. Tried speaking to Discover technical support, as usual for these types of problems, completely useless. I'm using my own software but I'm  aware that Moneydance users are experiencing the same problem.

Anyone have any other information? Discover definitely changed some connection parameter(s).

Re: Discover Card

also getting a 403 for this as of feb 21.  Hopefully they are not discontinuing it, will update the thread if i find anything.

Re: Discover Card

I'm getting a 403 Forbidden response as well. This is new code I'm writing, so I thought I was just doing something wrong...

Re: Discover Card

I HAVE THE SOLUTION!

The HTTP request User Agent header has changed. In my code  the Discover server used to accept this header: httpReqst.UserAgent = "httpclient"

Now, if I comment out that header or set httpReqst.UserAgent =null I can download from Discover; if it's left uncommented I get the 403 Forbidden error

Be warned, other institutions, such as TD Bank, require the UserAgent header to be set.

10 (edited by robler 2017-02-24 08:18:21)

Re: Discover Card

Here's the full HTTP header list that works for Discover:

httpReqst.ContentLength = enc.Length;
                httpReqst.Method = "POST";
                httpReqst.ContentType = "application/x-ofx";

                httpReqst.UserAgent = null;
                httpReqst.ServicePoint.Expect100Continue = false;

The first 3 are necessary for OFX requests at any institution. The last 2 are Discover specific, meaning other institutions might require other values.

Re: Discover Card

@robler removing the user-agent header didn't work for me, still getting the forbidden message.

could you show a full request payload to ofx.discovercard.com

12 (edited by robler 2017-02-28 09:19:50)

Re: Discover Card

@overflow636 -  it's not only the UserAgent,  the Expect100Continue property must be false. all other properties are default
i'm using c#.

the below is the http request from my debugger. hope this helps.
if you're still having problems, check your ofx request statement; maybe the APPVER or the ofx header is incorrect


-        httpReqst    {System.Net.HttpWebRequest}    System.Net.HttpWebRequest
        Accept    null    string
+        Address    {https://ofx.discovercard.com/}    System.Uri
        AllowAutoRedirect    true    bool
        AllowReadStreamBuffering    false    bool
        AllowWriteStreamBuffering    true    bool
        AuthenticationLevel    MutualAuthRequested    System.Net.Security.AuthenticationLevel
        AutomaticDecompression    None    System.Net.DecompressionMethods
+        CachePolicy    {Level:BypassCache}    System.Net.Cache.RequestCachePolicy
+        ClientCertificates    {System.Security.Cryptography.X509Certificates.X509CertificateCollection}    System.Security.Cryptography.X509Certificates.X509CertificateCollection
        Connection    null    string
        ConnectionGroupName    null    string
        ContentLength    630    long
        ContentType    "application/x-ofx"    string
        ContinueDelegate    null    System.Net.HttpContinueDelegate
        ContinueTimeout    350    int
+        CookieContainer    null    System.Net.CookieContainer
        CreatorInstance    {System.Net.WebRequest.DesignerWebRequestCreate}    System.Net.IWebRequestCreate {System.Net.WebRequest.DesignerWebRequestCreate}
        Credentials    null    System.Net.ICredentials
+        Date    {1/1/0001 12:00:00 AM}    System.DateTime
        Expect    null    string
        HaveResponse    false    bool
+        Headers    {Content-Type: application/x-ofx
Host: ofx.discovercard.com
Content-Length: 630

}    System.Net.WebHeaderCollection
        Host    "ofx.discovercard.com"    string
+        IfModifiedSince    {1/1/0001 12:00:00 AM}    System.DateTime
        ImpersonationLevel    Delegation    System.Security.Principal.TokenImpersonationLevel
        KeepAlive    true    bool
        MaximumAutomaticRedirections    50    int
        MaximumResponseHeadersLength    64    int
        MediaType    null    string
        Method    "POST"    string
        Pipelined    true    bool
        PreAuthenticate    false    bool
+        ProtocolVersion    {1.1}    System.Version
+        Proxy    {System.Net.WebRequest.WebProxyWrapper}    System.Net.IWebProxy {System.Net.WebRequest.WebProxyWrapper}
        ReadWriteTimeout    300000    int
        Referer    null    string
+        RequestUri    {https://ofx.discovercard.com/}    System.Uri
        SendChunked    false    bool
        ServerCertificateValidationCallback    null    System.Net.Security.RemoteCertificateValidationCallback
+        ServicePoint    {System.Net.ServicePoint}    System.Net.ServicePoint
        SupportsCookieContainer    true    bool
        Timeout    5000    int
        TransferEncoding    null    string
        UnsafeAuthenticatedConnectionSharing    false    bool
        UseDefaultCredentials    false    bool
        UserAgent    null    string

Re: Discover Card

@robler I have also been getting 403 Forbidden since ~2/15, and my code didn't use the UserAgent or Expect headers to begin with. Thanks for posting the debugging info, but I wasn't able to learn anything from it. Echoing @overflow636, if you wouldn't mind posting the actual HTTP request sent to ofx.discovercard.com, it'd be greatly helpful. I've included mine below for reference.

POST / HTTP/1.1
Host: ofx.discovercard.com
Accept-Encoding: identity
Content-Length: 685
Content-Type: application/x-ofx
Accept: */*, application/x-ofx

OFXHEADER:100
DATA:OFXSGML
VERSION:102
SECURITY:NONE
ENCODING:USASCII
CHARSET:1252
COMPRESSION:NONE
OLDFILEUID:NONE
NEWFILEUID:uid_redacted

<OFX>
<SIGNONMSGSRQV1>
<SONRQ>
<DTCLIENT>20170228161351
<USERID>username_redacted
<USERPASS>password_redacted
<LANGUAGE>ENG
<FI>
<ORG>Discover Financial Services
<FID>7101
</FI>
<APPID>QWIN
<APPVER>2200
</SONRQ>
</SIGNONMSGSRQV1>
<CREDITCARDMSGSRQV1>
<CCSTMTTRNRQ>
<TRNUID>uid_redacted
<CLTCOOKIE>4
<CCSTMTRQ>
<CCACCTFROM>
<ACCTID>card_number_redacted
</CCACCTFROM>
<INCTRAN>
<DTSTART>20161230
<INCLUDE>Y
</INCTRAN>
</CCSTMTRQ>
</CCSTMTTRNRQ>
</CREDITCARDMSGSRQV1>
</OFX>

Before ~2/15, the server would respond with an OFX file containing transaction details. After ~2/15, I get a 403 Forbidden status with an HTML page saying Access Denied. I've tried removing different combinations of unnecessary HTTP headers, changing ofx version and appver to newer ones, and removing special characters from my password, all to no avail.

Re: Discover Card

@fanqiuwen

Unless I install Fiddler or something similar, I don't know of any way to get the full http request, that's why I posted my debug info. Do you know of simple way? I'm using C#

All I can say is that you need to implement the headers I specified or it's not going to work. The fact the your code didn't use UserAgent or Expect100Continue and used to work is the point; Discover changed their header requirements. Now Discover expects these, before it didn't.

Re: Discover Card

robler wrote:

Unless I install Fiddler or something similar, I don't know of any way to get the full http request, that's why I posted my debug info. Do you know of simple way? I'm using C#

I see you have the line "h ttpReqst.ContentLength = enc.Length". Would you mind printing out the string that was encoded into the variable "enc", and posting that (with personal info redacted)? Unfortunately I'm not familiar with C#, and a quick Google search didn't produce any way to print out the entire HTTP POST request. But "enc" presumably contains the OFX request, which should be very helpful in combination with the headers in the debugging info you posted earlier.

robler wrote:

All I can say is that you need to implement the headers I specified or it's not going to work. The fact the your code didn't use UserAgent or Expect100Continue and used to work is the point; Discover changed their header requirements. Now Discover expects these, before it didn't.

Unless I'm mistaken, setting "h ttpReqst.UserAgent = null" simply removes UserAgent from the headers, and setting "h ttpReqst.ServicePoint.Expect100Continue = false" removes "Expect: 100-continue" from the headers. Since I didn't have these headers to begin with, I think I'm running into a different issue than you are. Thanks anyway!

16 (edited by robler 2017-02-28 22:50:24)

Re: Discover Card

@fanqiuwen

In C# UserAgent is default as null, so it could be left out (other institutions I download from require a non-null UserAgent),  but ServicePoint.Expect100Continue is default true so it has be explicitly set to false. You should check what the header defaults for your language are.

I included my OFX request statement below.

I noticed that your OFX request is not in XML but SGML, try formatting in XML. Also your OFXHEADER and VERSION #s differ from mine; as does the APPVER  but I think your APPVER will work

Good Luck.

<?OFX OFXHEADER=\"200\" VERSION=\"211\" SECURITY=\"NONE\" OLDFILEUID=\"NONE\" NEWFILEUID=\"NONE\"?>
<OFX>
<SIGNONMSGSRQV1>
<SONRQ>
<DTCLIENT>20170228232807</DTCLIENT>
<USERID>PRIVATE</USERID>
<USERPASS>PRIVATE</USERPASS>
<LANGUAGE>ENG</LANGUAGE>
<FI>
<ORG>Discover Financial Services</ORG>
<FID>7101</FID>
</FI>
<APPID>QWIN</APPID>
<APPVER>2500</APPVER>
</SONRQ>
</SIGNONMSGSRQV1>
<CREDITCARDMSGSRQV1>
<CCSTMTTRNRQ>
<TRNUID>0</TRNUID>
<CCSTMTRQ>
<CCACCTFROM>
<ACCTID>PRIVATE</ACCTID>
</CCACCTFROM>
<INCTRAN>
<DTSTART>20130101000000</DTSTART>
<DTEND>20170228232807</DTEND>
<INCLUDE>Y</INCLUDE>
</INCTRAN>
</CCSTMTRQ>
</CCSTMTTRNRQ>
</CREDITCARDMSGSRQV1>
</OFX>

Re: Discover Card

I am having same problem only I get this error message when I try to retrieve my updates.

Invalid OFX Statement
**  Review .\xfr\DISCOVER20170301152115889896.ofx for possible clues

I have read all of the above suggestions but I don't have a clue what any of it means.  I have used Pocket Sense for many years now and have always just set it up per their instructions.  Could someone please simplify this for me - I have just used the https://ofx.discovercard.com in the past and it worked until recently.

18

Re: Discover Card

I was hitting the same thing, but thanks to robler's notes, I was able to get it working again as well.  The server is very finicky about the order of the HTTP headers -- this sequence works for me:

POST / HTTP/1.1
Content-Type: application/x-ofx
Host: ofx.discovercard.com
Content-Length: [the length of the request]
Connection: Keep-Alive

With those headers, the XML request robler posted above works for me.  Hope this helps.

Re: Discover Card

pgs wrote:

The server is very finicky about the order of the HTTP headers -- this sequence works for me:

POST / HTTP/1.1
Content-Type: application/x-ofx
Host: ofx.discovercard.com
Content-Length: [the length of the request]
Connection: Keep-Alive

Thanks pgs!! This finally fixed it for me.

As a data point, with these headers I was able to get correct responses from the server using either robler's ofx 2.1.1 request in #16 or my original ofx 1.0.2 request in #13. I can't believe this is the case, but the headers indeed have to be exactly these lines in exactly this order.

Re: Discover Card

pgs wrote:

I was hitting the same thing, but thanks to robler's notes, I was able to get it working again as well.  The server is very finicky about the order of the HTTP headers (...)

Works for me too; thanks a lot! I'm curious though: how did you figure this out? The server is very very finicky indeed; I really wouldn't have been able to guess it's something with the headers, let alone figure out the correct set & order...

21

Re: Discover Card

latanius wrote:

I'm curious though: how did you figure this out?

The key was robler's comment about the required options for the .NET HttpWebRequest class -- once I got that working I was able to log the HTTP request.  It's so sensitive that I wasn't even able to get the http library I was previously using to work and ended up writing a custom client just for this server.

Re: Discover Card

Nice! (yeah that's what I ended up doing, too smile)

Thanks everyone (esp @robler, @pgs & @fanqiuwen) for the useful info!

@Rette: I think this is a thing that will either a) fixed by Discover b) by Pocket Sense; they'd need a request that's very specific for Discover.

23 (edited by robler 2017-03-06 07:22:03)

Re: Discover Card

I'm glad my posts helped out.
To be truthful,  I lucked out on the header order - who woulda thunk order matters - but I did test for header inclusion/value

Happy downloading!

Re: Discover Card

I am also having this problem.  I see that some have solved the problem, but it seems one must be a very sophisticated computer programmer to implement.  Can these solutions work for someone with no programming skills? Is is simply a matter of inputting correct information into the "Advanced Setup" for Moneydance "Online Banking Setup"? Or is some sort of additional independent programming necessary?  Under the "Advanced Setup" for Moneydance, the following fields are requested: "Name", "OFX Institution Org", "OFX Institution ID", "OFX Institution URL"

Any advice would be greatly appreciated.  If this is not recommended for non-programmer types, let me know.

Re: Discover Card

Above I said I got lucky on the order - because a few members reported that header order is a factor - and I never considered order. However, in C# the headers are just properties on an WebRequest object; order cannot possibly matter when ascribing values. But since it works, the actual HTTP stream that .NET is forming from the request clearly puts the headers in the correct sequence.

This makes think there might be a prescribed (i.e. protocol defined) sequence for headers.