Programming for bank

PR********@gmail.com wrote:

I've had a few years experience in web site design and server-side
programming and am fairly confident in my skills.
What about transaction processing? Have you done anything in this
area before?
There is a local Credit Union wanting to add a few features to their
site (bill pay, transfer money between banks) and I am interested in
the job.

However, I've never worked for a bank before. Any suggestions about
how to win the job,
It's possible there are developers out there who already have
a solution, which only needs to be adapted to your CU's needs.
If any such developer bids for the job against you, you will
probably lose, because they will not charge the CU for development,
only for adaptation, which will take a lot less time...

Assuming no one with a readily customizable solution bids against
you, you will need to show that:

1. You have experience working with whatever database engine the CU
uses.
2. You can program transactions processing using that database engine.
3. You can work with the CU's IT team.
4. You understand SSL very well.
5. You have basic domain expertise in banking (i.e., you know what
a routing number is, etc.)
and how to ensure my work is secure enough for this
application
This depends at least as much on the CU's network management
team as it does on you.
Also, will I have a liability issue if something goes horribly wrong?

You should insist that the CU expressly idemnify you for any damage
caused by the software you write; this is a standard software
industry practice. See any software license for the appropriate
language.

Cheers,
NC

PR********@gmail.com wrote:

I just wanted to get some advice. .... There is a local Credit Union wanting to add a few features to their
site (bill pay, transfer money between banks) and I am interested in
the job.

However, I've never worked for a bank before. Any suggestions about
how to win the job, and how to ensure my work is secure enough for this
application would be greatly appreciated. Also, will I have a
liability issue if something goes horribly wrong?

....

As with most big companies, and especially ones where large sums of
money move, the most important skill is keeping your mouth shut. And
that really means shut.

/m

NC wrote:

PR********@gmail.com wrote:

I've had a few years experience in web site design and server-side
programming and am fairly confident in my skills.

<snip>

Also, will I have a liability issue if something goes horribly wrong?

You should insist that the CU expressly idemnify you for any damage
caused by the software you write; this is a standard software
industry practice. See any software license for the appropriate
language.

Be prepared to walk away if they won't agree.

C.

Marcin Dobrucki wrote:
<snip>

As with most big companies, and especially ones where large sums of
money move, the most important skill is keeping your mouth shut. And
that really means shut.

LOL. Probably the best joke read recently in c.l.php. BTW, you seem
to be with Nokia?;-)

--
<?php echo 'Just another PHP saint'; ?>
Email: rrjanbiah-at-Y!com Blog: http://rajeshanbiah.blogspot.com/

Marcin Dobrucki wrote:

As with most big companies, and especially ones where large sums of
money move, the most important skill is keeping your mouth shut. And
that really means shut.

/m

Ha ha. Especially in Poland, I would say.

NC,

Thanks for your thoughtful response!

Quoting you:
What about transaction processing? Have you done anything in this area
before?

I wrote a completely custom shopping cart / ordering system that
imports directly to the QuickBooks accounting package. Man, that took
a while :-)

I guess I'll have to ask which database engine they are using.

Quoting you:
You understand SSL very well.

Hmm. I know that it encrypts data as it travels over the Internet, and
should be used for all sensitive form submissions and all pages
containing sensitive information.
Do you have something more grandiose in mind?

Quoting you:
You have basic domain expertise in banking (i.e., you know what a
routing number is, etc.)

Hmm. I do know what a routing number is, but only because I set myself
up with PayPal. Not really that incredible.
I suspect this might be my weakness.

Do you have any suggestions for learning more on the subject?

Quoting you:
You should insist that the CU expressly indemnify you for any damage
caused by the software you write

Great thought! I will definitely do so.

This CU has ongoing programming needs. I don't have to get this
particular job. Are there any certifications you would recommend to
help me be a more attractive option in the future?

Matthew

PR********@gmail.com wrote:

NC,

Thanks for your thoughtful response!

Quoting you:
What about transaction processing? Have you done anything in this area
before?

I wrote a completely custom shopping cart / ordering system that
imports directly to the QuickBooks accounting package. Man, that took
a while :-)

I guess I'll have to ask which database engine they are using.

Quoting you:
You understand SSL very well.

Hmm. I know that it encrypts data as it travels over the Internet, and
should be used for all sensitive form submissions and all pages
containing sensitive information.
Do you have something more grandiose in mind?

Quoting you:
You have basic domain expertise in banking (i.e., you know what a
routing number is, etc.)

Hmm. I do know what a routing number is, but only because I set myself
up with PayPal. Not really that incredible.
I suspect this might be my weakness.

Do you have any suggestions for learning more on the subject?

Quoting you:
You should insist that the CU expressly indemnify you for any damage
caused by the software you write

Great thought! I will definitely do so.

This CU has ongoing programming needs. I don't have to get this
particular job. Are there any certifications you would recommend to
help me be a more attractive option in the future?

Matthew

Matthew,

A shopping cart is not the same as transactional processing. The latter
has to do with more robust databases like DB2, Oracle and SQL Server.

For instance - if you do a SELECT on a row, that row will be locked (no
one else can access it) until a COMMIT or ROLLBACK is done, or the
program ends (connection is broken). If they are using a pool of
connections, this is NOT necessarily the end of the PHP script.

Additionally, updates often need to be done on two or more tables. For
instance, a transfer of funds from a savings account to a checking
account requires the savings account be decremented and the checking
account incremented by the amount being transferred. These need to be
done in a atomic process - a transaction. This is because if the
savings account is decremented and the server crashes before the
checking account can be incremented, you will have one very unhappy
customer and books which don't balance. This and a lot more things go
into transactional programming.

From the business end - if you're in the U.S., you will need Errors and
Commissions insurance, for sure. You can put all you want in the
contract about limits on your liability - but if they can prove
misrepresentation, negligence or similar activities, your limit on
liability will probably be thrown out by the courts. Even if it isn't
thrown out, it could cost you tens of thousands of dollars to defend
yourself. Most E&O policies will pay for your defense and penalties up
to the limits of the policy. And you need to keep it paid up - in case
the bank finds a problem with your code three years from now.

Additionally, the bank may want you to be bonded. This covers possible
dishonest acts on your part. That isn't too bad, but it is another
expense you need to factor in. Background checks are not uncommon,
either - they don't want to hire someone with a history of robbing
banks! :-)

Basically - you're in a whole different league when dealing with banks.
There, a small mistake on your part can cost them millions of dollars.
And they want to protect themselves.

If you're still comfortable with this, then go for it. Banks can be a
PITA to work for, but they can also be a profitable income.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Actually, you can make a try by understand what you going to, and try
your best to search for what relate to your subject. It is very
important that learning is ann on going activity, as a programmer you
need to update your field as what your customer wants. Learn more about
SSL isn't a hard work for you, you need only time to go, and most
importantly, try to gain more advice from some expert.

Phal

Jerry Stuckle wrote:

PR********@gmail.com wrote:

I wrote a completely custom shopping cart / ordering system that
imports directly to the QuickBooks accounting package.

A shopping cart is not the same as transactional processing.
The latter has to do with more robust databases like DB2,
Oracle and SQL Server.

And the QuickBooks file based database is nothing like an SQL
database ;)

Jussi Jumppanen
Author of: Zeus for Windows Editor (New version 3.95 out now)
"The PHP syntax highlighting, code folding editor"
Home Page: http://www.zeusedit.com

On 15 Sep 2005 22:18:20 -0700, be*******@gmail.com wrote:

Actually, you can make a try by understand what you going to, and try
your best to search for what relate to your subject. It is very
important that learning is ann on going activity, as a programmer you
need to update your field as what your customer wants. Learn more about
SSL isn't a hard work for you, you need only time to go, and most
importantly, try to gain more advice from some expert.

Phal

What and who are you replying to, Learn some netiquette, quote the relevant
parts of what you are replying to.

R. Rajesh Jeba Anbiah wrote:

LOL. Probably the best joke read recently in c.l.php.
:-)
BTW, you seem to be with Nokia?;-)

yea, well, my job has little to do with large sums of money ;-)

/m

Quoting Phal:
It is very important that learning is ann on going activity

Yes, my plan is to learn as I go. In this field, that's the upward
mobility :-)

Quoting Phal:
Learn more about SSL isn't a hard work for you, you need only time to
go, and most importantly, try to gain more advice from some expert.

Getting advice from experts is why I'm here. I thank all of you for
the time you are taking to help me with this question!
Is there anything I need to learn about SSL beyond using it for
handling sensative communication between client and server?

Matthew

Ooooh, that kind of transactional processing! Doh!

Yes, I have done this. Our web site uses MSSQL Server 2000, and we're
awaiting the arrival of v2005. I have set up our site with a degree of
transactional processing.

By the way, thanks for your incredibly through and thoughtful response!

I'll ask my insurance agent about that Errors and Commissions
insurance. Those are some sobering issues you brought up.

Of course, ideally the code will work perfectly. Is there a firm that
offers some kind of auding service to be sure the code is secure before
the project is finilized?

Also, do you have a feel for what kind of hourly rate I should be
asking for?

Lastly, this bank is a local credit union. Is it worth the trouble?
Not that you have any way of knowing :-)

Matthew

Quoting Jussi:
And the QuickBooks file based database is nothing like an SQL
database ;)

Quite so. But it's so much harder to work with that it's the one I
mention :-)

I actually have been working with SQL Server for over a year now.

Matthew

While we're on the subject of liability, I've got another question.
I'm just a regular person right now. How would you rate the importance
of creating a corporation to do business through?

Matthew

PR********@gmail.com wrote:

While we're on the subject of liability, I've got another question.
I'm just a regular person right now. How would you rate the importance
of creating a corporation to do business through?

Liability is not the only issue here. Tax considerations are
important, too. Maintenance of a corporation will cost you a few
hundred dollars a year (filing fees vary by state). On the plus
side, you may be able to increase your tax deductions. You should
talk to your accountant...

Cheers,
NC

While we're on the subject of liability, I've got another question.
I'm just a regular person right now. How would you rate the importance
of creating a corporation to do business through?

Matthew

PR********@gmail.com wrote:

Ooooh, that kind of transactional processing! Doh!

Yes, I have done this. Our web site uses MSSQL Server 2000, and we're
awaiting the arrival of v2005. I have set up our site with a degree of
transactional processing.

But do you use transactional processing? It's quite a bit different
than non-transactional, and most web sites do NOT use it. And when
you're dealing with potential concurrent updates from multiple sources,
it's a huge concern.

A shopping cart doesn't really need full transactional processing. A
bank does.

By the way, thanks for your incredibly through and thoughtful response!

I'll ask my insurance agent about that Errors and Commissions
insurance. Those are some sobering issues you brought up.
You'll probably have trouble finding it - it's not common and it is
expensive. But if you're working as a contractor, it's a necessity.
Where I got mine was through the ICCA - http://www.icca.org.

Of course, ideally the code will work perfectly. Is there a firm that
offers some kind of auding service to be sure the code is secure before
the project is finilized?

Probably, but I've never used one. I ensure I have a good design and do
a lot of testing at all levels.

Also, do you have a feel for what kind of hourly rate I should be
asking for?

It depends on your skills, your experience, your company, the part of
the country (or world) you live in, whether its raining and which side
of the bed you got up on last Tuesday. I would say somewhere between
$20 and $225 per hour.

Seriously - it is a huge range. And it does depend on a lot of factors
which are outside the range of this group. Try your business questions
in alt.computer.consultants.moderated.
Lastly, this bank is a local credit union. Is it worth the trouble?
Not that you have any way of knowing :-)

Matthew

Only you can answer that. What's worth the trouble to me is quite a bit
different than it is to you.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

PR********@gmail.com wrote:

While we're on the subject of liability, I've got another question.
I'm just a regular person right now. How would you rate the importance
of creating a corporation to do business through?

Matthew

Again, check alt.computer.consultants.moderated - it's more appropriate
to this question.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Hmm. I apologize for taking this so far afield.

Now I'm in something of a quandary. This thread has so much good info!
Is it better to start a new thread over there, or post a pointer to
this one?

Matthew

PR********@gmail.com wrote:

Hmm. I apologize for taking this so far afield.

Now I'm in something of a quandary. This thread has so much good info!
Is it better to start a new thread over there, or post a pointer to
this one?

Matthew

Matthew,

You're getting off on another topic - business issues. It's better to
discuss those in a business group.

Just start a new thread over there.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Quoting Jerry:
But do you use transactional processing? It's quite a bit different
than non-transactional, and most web sites do NOT use it. And when
you're dealing with potential concurrent updates from multiple sources,
it's a huge concern.

Short answer: yes, I have used transactional processing. But only a
minimal amount.
Something like:
Insert junk into orders;
SELECT MAX(ID) AS OrderID from orders;
Wrapped in a transaction.

If two orders go in spectacularly close, the transaction will still
work properly.
I'm sure I have much more reading on the subject :-)

Quoting NC:
You understand SSL very well.

Hmm. I know that it encrypts data as it travels over the Internet, and
should be used for all sensitive form submissions and all pages
containing sensitive information.
Is there anything more a person needs to know?
Quoting NC:
You have basic domain expertise in banking (i.e., you know what a
routing number is, etc.)

Hmm. I do know what a routing number is, but only because I set myself
up with PayPal. Not really that incredible.
I suspect this might be my weakness.

Does anyone have any suggestions for learning more on the subject?

Matthew

Gottcha. I'll stick to the technology issues here from now on.
Thanks Jerry!

PR********@gmail.com wrote:

Quoting Jerry:

Short answer: yes, I have used transactional processing. But only a
minimal amount.
Something like:
Insert junk into orders;
SELECT MAX(ID) AS OrderID from orders;
Wrapped in a transaction.

There is a lot more to transactional programming than this.

For instance - how to you handle updating a record? I.E. a guy checks
his checking account balance and finds they has $500 in the account.
So, he decide to transfer $300 to savings - so he does it. But between
the time he checked his balance and he transferred the money, his wife
got $300 from the ATM. He is now overdrawn.

If two orders go in spectacularly close, the transaction will still
work properly.
I'm sure I have much more reading on the subject :-)

It's more than just reading. It's something which takes experience.

Does anyone have any suggestions for learning more on the subject?

Matthew

You really need to get some experience in the banking world, ideally by
working as part of a team where you can learn the ins and outs of what's
required.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

PR********@gmail.com wrote:

Quoting Phal: Quoting Phal:

To get proper quoting and attributions with the Google interface, don't
use the Reply at the bottom of the message. Click "show options" and
the Reply shown in the expanded message header.

Brian

--
If televison's a babysitter, the Internet is a drunk librarian who
won't shut up.
-- Dorothy Gambrell (http://catandgirl.com)