Skip to main content

An open letter to Kiwibank

Dear Kiwibank,

My suggestion isn't actually sensitive hence posting it on my blog. This could be a game changer for Kiwibank though.

I want support for requesting payments. I've run into "POLi" before, and it's rubbish - the fact it requires a particular operating system and browser, requires letting untrusted third-party code log into the user's bank account and "take control". Terrible for an untrusting geek like myself who wants to pay for a flight...
I realize POLi isn't the problem, or a Kiwibank product, but it is the current best solution because no bank is willing to lead and create a proper (and secure) solution to real time paying with online banking.

It would be a great benefit to many people, including trademe users, and small businesses who might need to take payments and deposits online. Heres how I imagine it could work:

  1. People wanting paid would be able to go to
  2. set up and email their payment request/invoice 
  3. you provide a secure gateway for the recipient to pay - if they are also your customer it could be a direct bank transfer or they could pay via credit card.

Other various considerations:
  • My main concern with using a system like this would be the trust of the identity of whomever I was paying. A bank given assurance of the receiver's and/or business name would stop phishers.
  • You would ideally provide at least a basic invoice creator page to upload logo's and customize a template. Wouldn't be hard to one up paypal on that front.
  • Once the payment is made you optionally alert the receiving party. Possibilities exist for automated behaviours on receipt.
  • With an api enabling websites to create and embed these requests dynamically you would be the bank of choice in no time.
  • Long term vision would be a worldwide bank-to-bank standard protocol but let's not rock the boat too much. Although Kiwibank leading the charge would  make me very proud.
Your already happy customer,

Brian Thorne

p.s. Why isn't the contact form linked to from your home page using an encrypted connection? If I'm on a public network you've just asked for my customerID and my question could be sensitive...

Popular posts from this blog

My setup for downloading & streaming movies and tv

I recently signed up for Netflix and am retiring my headless home media pc. This blog will have to serve as its obituary. The box spent about half of its life running FreeNAS, and half running Archlinux. I’ll briefly talk about my experience with FreeNAS, the migration, and then I’ll get to the robust setup I ended up with.

The machine itself cost around $1000 in 2014. Powered by an AMD A4-7300 3.8GHz cpu with 8GB of memory. A SilverStone DS380 case is both functional, quiet and looks great. The hard drives have been updated over the last two years until it had a full compliment of 6 WD Green 4TiB drives - all spinning bits of metal though.

Initially I had the BSD based FreeNAS operating system installed. I had a single hard drive in its own ZFS pool for TV and Movies, and a second ZFS pool comprised of 5 hard drives for documents and photos.

FreeNAS is straight forward to use and setup, provided you only want to do things supported out of the box or by plugins. Each plugin is install…

Driveby contribution to Python Cryptography

While at PyConAU 2016 I attended the Monday sprints and spent some time looking at a proposed feature I hoped would soon be part of cryptography. As most readers of this blog will know, cryptography is a very respected project within the Python ecosystem and it was an interesting experience to see how such a prominent open source project handles contributions and reviews.

The feature in question is the Diffie-Hellman Key Exchange algorithm used in many cryptography applications. Diffie-Helman Key Exchange is a way of generating a shared secret between two parties where the secret can't be determined by an eavesdropper observing the communication. DHE is extremely common - it is one of the primary methods used to provide "perfect forward secrecy" every time you initiate a TLS connection to an HTTPS website. Mathematically it is extremely elegant and the inventors were the recipients of the 2015 Turing award.

I wanted to write about this particular contribution because man…

Python, Virtualenv and Docker

Unsurprisingly I use some very popular Scientific Python packages like Numpy, Scipy and Scikit Learn. These packages don't get on that well with virtualenv and pip as they take a lot of external dependencies to build. These dependencies can be optional libraries like libblas and libatlas which if present will make Numpy run faster, or required dependencies like a fortran compiler.

Back in the good old days you wouldn't pin all your dependency versions down and you'd end up with a precarious mix of apt-get installed and pip installed packages. Working with other developers, especially on different operating system update schedules could be a pain. It was time to update your project when it breaks because of a dependency upgraded by the operating system.

Does virtualenv fully solve this? No, not when you have hard requirements on the binaries that must be installed at a system level.

Docker being at a lower level gives you much more control without adding too much extra comp…