tag:infinitekind.tenderapp.com,2009-01-14:/discussions/online-banking/15756-discover-appears-broken-againInfinite Kind: Discussion 2021-03-01T14:50:26Ztag:infinitekind.tenderapp.com,2009-01-14:Comment/482272292020-04-07T16:21:11Z2020-04-07T16:21:11ZDiscover appears broken again<div><p>Hi Bill,</p>
<p>Confirmed. I first noticed this yesterday.<br>
Fortunately, manual downloads are still available.</p>
<p>-Kevin N. (not a member of MD support)</p></div>-Kevin N.tag:infinitekind.tenderapp.com,2009-01-14:Comment/482272292020-04-08T14:10:11Z2020-04-09T14:27:33ZDiscover appears broken again<div><p>I have an open case, but private discussion on this same issue and updated it this morning. My workaround was to reset synch and it would download transactions, but this morning it is not working at all.</p>
<p>I also see missing OFX headers but also access denied. I did disable and set up online banking again, by searching for Discover Bank, but the same errors continue.</p>
<p>Using MD 2019.4 (1904), for some time already on macOS 10.15.4</p></div>matthiastag:infinitekind.tenderapp.com,2009-01-14:Comment/482272292020-04-10T11:47:25Z2020-04-10T11:47:26ZDiscover appears broken again<div><p>Having the same issues. Tried the beta version with no success yet.</p></div>Robtag:infinitekind.tenderapp.com,2009-01-14:Comment/482272292020-04-10T11:48:07Z2020-04-10T11:48:08ZDiscover appears broken again<div><p>Same issue on version 2019.4 (1899). Had been working fine and now won't download.</p></div>Brucetag:infinitekind.tenderapp.com,2009-01-14:Comment/482272292020-04-10T15:40:16Z2020-04-11T13:08:13ZDiscover appears broken again<div><p>Hi All,</p>
<p>I left a message on the developer's Slack channel regarding Discover.</p>
<p>I'll post back here if I hear anything from him.</p>
<p>-Kevin N. (not a member of MD support)</p></div>-Kevin N.tag:infinitekind.tenderapp.com,2009-01-14:Comment/482272292020-04-12T20:59:03Z2020-04-12T21:01:13ZDiscover appears broken again<div><p>Me too. Both my Discover credit card and Bank savings have gone out. Did not notice it until today as no error message shows up, until you look at the comm via Console - I am seeing "you don't have access...." for both accounts. Reseting accounts and replacing the encrypted account number with the real one did not help. Credentials still work on the bank website. Using build 1904 on OS X 10.13.6.</p></div>avp2tag:infinitekind.tenderapp.com,2009-01-14:Comment/482272292020-04-12T21:05:49Z2020-04-12T21:05:49ZDiscover appears broken again<div><p>For the moment, I was able to download the transactions in quicken format, and Moneydance took that. I was able to reconcile the account. However, not being able to download is still an issue.</p>
<p>On a related note, Citibank is having problems as well. At lest they are giving an error message, though.</p></div>flapeyretag:infinitekind.tenderapp.com,2009-01-14:Comment/482272292020-04-13T16:33:07Z2020-04-13T16:33:07ZDiscover appears broken again<div><p>I'm also stuck. MD 1904. On-line setup fails to ask for password, greys out the account info, and pushes me to the Discover website. So, its still a problem in 1904.</p></div>shoppertag:infinitekind.tenderapp.com,2009-01-14:Comment/482272292020-04-13T16:59:49Z2020-04-13T16:59:49ZDiscover appears broken again<div><p>Just had long discussion with Discover service. They claim no changes have been made to their OFX service since last Sept. Clearly, the info has not been passed down yet. The response (in both 1904 and 1880) I see from their server is as follows:</p>
<p>connecting to: <a href="https://ofx.discovercard.com">https://ofx.discovercard.com</a> with method: POST<br>
Connecting with https headers:<br>
POST / HTTP/1.1<br>
Content-Type: application/x-ofx<br>
Host: ofx.discovercard.com<br>
Content-Length: 650<br>
Connection: close</p>
<p>---end headers HTTP/1.1 403 Forbidden<br>
Server: AkamaiGHost<br>
Mime-Version: 1.0<br>
Content-Type: text/html<br>
Content-Length: 269<br>
Expires: Mon, 13 Apr 2020 16:05:44 GMT<br>
Date: Mon, 13 Apr 2020 16:05:44 GMT<br>
Connection: close</p>
<p>HTTP response headers:<br>
mime-version: [1.0]<br>
date: [Mon, 13 Apr 2020 16:05:44 GMT]<br>
server: [AkamaiGHost]<br>
content-length: [269]<br>
expires: [Mon, 13 Apr 2020 16:05:44 GMT]<br>
content-type: [text/html]<br>
connection: [close]<br>
Reading message from <a href="https://ofx.discovercard.com">https://ofx.discovercard.com</a></p>
<p>uh oh, we've gotten some OFX with no headers:<br></p>
<br>
<br>
<br>
<h1>Access Denied</h1>
<p>You don't have permission to access "http://ofx.discovercard.com/" on this server.</p>
<p><br>
Reference #18.6c5832b8.1586793944.f878ea3<br></p>
<br>
<br>
BEGINRESPONSE>>>>><br>
<br>
<br>
<br>
<br>
<br>
<h1>Access Denied<br></h1>
<p>Reference #18.6c5832b8.1586793944.f878ea3<br></p>
<br></div>avp2tag:infinitekind.tenderapp.com,2009-01-14:Comment/482272292020-04-13T17:24:23Z2020-04-13T17:24:23ZDiscover appears broken again<div><p>Shopper: If you have a web URL inserted in the Account setup (near bottom) and the direct connect fails, MD will attempt to connect to the URL using its internal browser. You then log in, if you like (for manual transaction download, etc). It is somewhat more convenient than having to do it outside of MD, when it works. Unfortunately, not all websites do work with the MD browser, for example, Rabo, Mechanics and Pacific Premier banks. If you leave the Account Setup URL entry blank, MD will not try to open your institution's site with its internal browser. BTW, I use the comment box to save useful things about the account, like the bank's URL.</p></div>avp2tag:infinitekind.tenderapp.com,2009-01-14:Comment/482272292020-04-14T16:18:58Z2020-04-14T16:18:58ZDiscover appears broken again<div><p>Sean: Did a website transaction download and import to MD for my Discover Card account. Worked fine. But, on opening the downloaded file in a text processor (I was curious), I noticed the FI ORG and ID were different than the what we have been using. Naturally tried those, using advanced online setup, but they resulted in the same response message "http 403, denied and you don't have permission to access this server". Part of the download file below. May be it will help. Don't know if it is normal. Never looked at a manual transaction download before. Seems that there is some indication of Discover using Intuit servers/service?</p>
<p>OFXHEADER:100<br>
DATA:OFXSGML<br>
VERSION:102<br>
SECURITY:NONE<br>
ENCODING:USASCII<br>
CHARSET:1252<br>
COMPRESSION:NONE<br>
OLDFILEUID:NONE<br>
NEWFILEUID:NONE</p>
<p><code>0INFO20200413213318.210[-4:EDT]ENGDiscover Card Account Center96259625my user ID0</code>0INFOUSDmy coded acct #20200311200000.000[-4:EDT]20200411120000.000[-4:EDT]CREDIT20200410160000.000 ..............................</p></div>avp2tag:infinitekind.tenderapp.com,2009-01-14:Comment/482272292020-04-14T20:28:22Z2020-04-14T20:28:22ZDiscover appears broken again<div><p>I also reported this problem, on a separate thread which I'm now closing.</p>
<p>Seems to me the "Access Denied" error may be related to the failure to prompt for a password. As I've tried to redo the setup many times, I have no way of knowing what happened the first time it failed. Are there log files that might be found, or are the downloaded OFX files saved somewhere (or recoverable)?</p></div>david.dtag:infinitekind.tenderapp.com,2009-01-14:Comment/482272292020-04-14T21:17:14Z2020-04-14T21:17:14ZDiscover appears broken again<div><p>The Console window (under Help) will show OFX comm. I think there is a log file that records the Console, but do not remember where it is at.</p>
<p>I do not think this is a password problem. Discover changed something in their service and their online banking tech support staff appear to have been kept in the dark about it.</p>
<p>Seems to be some big OFX service changes being made these days - supposedly to improve security. For instance, Pacific Premier's OFX provider recently went to a setup (Intuit provided OAuth validation) that, so far, only works with Quicken. I hope not many others follow their example.</p></div>avp2tag:infinitekind.tenderapp.com,2009-01-14:Comment/482272292020-04-14T21:34:55Z2020-04-14T21:34:55ZDiscover appears broken again<div><p>Well, a setup that only works with Quicken would certainly explain the present problem.</p>
<p>From: avp2 <a href="mailto:tender+d353acc1d8@tenderapp.com">tender+d353acc1d8@tenderapp.com</a><br>
Reply-To: <a href="mailto:support@infinitekind.com">support@infinitekind.com</a></p></div>david.dtag:infinitekind.tenderapp.com,2009-01-14:Comment/482272292020-04-15T01:03:43Z2020-04-15T01:03:43ZDiscover appears broken again<div><p>Not saying I think that is what has happened with Discover. Do not know what they changed.</p></div>avp2tag:infinitekind.tenderapp.com,2009-01-14:Comment/482272292020-04-15T04:12:11Z2020-04-15T04:14:36ZDiscover appears broken again<div><p>Just noticed this was happening again, no error message so it's not obvious. I seem to remember someone mentioned a SSL certificate issue ended up being the cause / solution last time?</p></div>hannasmtag:infinitekind.tenderapp.com,2009-01-14:Comment/482272292020-04-15T18:43:50Z2020-04-15T18:43:52ZDiscover appears broken again<div><p>I'd really like to see an error from MD when this happens, rather than fail with no indication that transactions could not be downloaded. I mean, I guess I'd really like Discover to work reliably, but I'll take what I can get.</p></div>andytag:infinitekind.tenderapp.com,2009-01-14:Comment/482272292020-04-16T16:22:38Z2020-04-16T16:22:38ZDiscover appears broken again<div><p>just a user,</p>
<p>That is odd that MD does not report an error. If you didn't know you had new transactions, you wouldn't know the Discover connection is not working. Isn't there a way where you can capture the communication between MD and Discover?</p>
<p>I checked the console log and it shows an error, but MD does not report to user.</p>
<p>uh oh, we've gotten some OFX with no headers:<br>
Unhandled OFX message set: HEAD<br>
Unhandled OFX message set: BODY</p></div>mhoggietag:infinitekind.tenderapp.com,2009-01-14:Comment/482272292020-04-16T19:48:37Z2020-04-16T19:48:37ZDiscover appears broken again<div><p>I'm more disappointed that a issue affecting so many has not been solved, or at least the technical issue relayed by MD staff. Would be nice to be kept informed, and comforted that the issue is being investigated. This is a connection that many MD users rely on and is working on Quicken. I think this issue requires more attention, or at least some official feedback. The suggestion of an error message is a good one, and maybe a message of how many transactions were downloaded when successful. Many of us are converting from Quicken, but having to download transactions from Discover's website is exactly what Quicken provides when online access is terminated.</p></div>Bobtag:infinitekind.tenderapp.com,2009-01-14:Comment/482272292020-04-16T21:10:36Z2020-04-16T21:10:36ZDiscover appears broken again<div><p>MD normally does show OFX comm error messages and how many transactions have been downloaded. This particular problem, however, seems to not trigger the error message and, in my setup, is causing MD to not show the disable/change window. Discover has actually been pretty reliable for me in the past. BTW, there does seem to be some similar fails showing in Quicken's forum lately, for instance this partial comm log:</p>
<p>20200317 09:38:05: QFN: Beginning send to <a href="https://ofx.discovercard.com">https://ofx.discovercard.com</a><br>
20200317 09:38:05: <em>**QFN kQFFinished: returns 67305875<br>
20200317 09:38:05: The application has been denied access to the server. Try again now, or wait and try later.<br>
20200317 09:38:05: QFN: End send to <a href="https://ofx.discovercard.com">https://ofx.discovercard.com</a>, netstatus 15<br>
20200317 09:38:05: QFN: Beginning send to <a href="https://ofx.discovercard.com">https://ofx.discovercard.com</a><br>
20200317 09:38:05: *</em>*QFN kQFFinished: returns 67305875<br>
20200317 09:38:05: The application has been denied access to the server. Try again now, or wait and try later.<br>
20200317 09:38:05: QFN: End send to <a href="https://ofx.discovercard.com">https://ofx.discovercard.com</a>, netstatus 15</p></div>avp2tag:infinitekind.tenderapp.com,2009-01-14:Comment/482272292020-04-17T12:40:29Z2020-04-17T12:40:31ZDiscover appears broken again<div><p>@Bob it would be unsurprising that Quicken would continue to work given that their default connection method is not Direct Connect, but their proprietary Quicken Connect, and in this instance they appear to be operating Discover's Direct Connect server or at least proxying requests to a server through their own server.</p>
<p>If you select DirectConnect in Quicken the URL it accesses is</p>
<p><a href="https://services.quicken.com/ofx-secure-plus/7101">https://services.quicken.com/ofx-secure-plus/7101</a></p></div>m155htag:infinitekind.tenderapp.com,2009-01-14:Comment/482272292020-04-17T16:33:49Z2020-04-17T16:33:49ZDiscover appears broken again<div><p>A post from MD on this situation would be nice.</p></div>avp2tag:infinitekind.tenderapp.com,2009-01-14:Comment/482272292020-04-17T19:31:56Z2020-04-17T19:31:56ZDiscover appears broken again<div><p>Hi all,</p>
<p>I must apologize for the lack of response on this thread.</p>
<p>We are aware of the issue and we believe the bank is making some changes at their end. Our connection specialist is currently investigating the problem and actively working to find a permanent solution.</p>
<p>In the meantime, the best way to get your transactions into Moneydance is to use a web browser to download files from your bank's web site.</p>
<p>We'd recommend you download using the OFX or QFX file format if available. If not, use the QIF file format. (These files are sometimes referred to as Quicken or MS Money files). You can import the files to Moneydance using File --> Import.<br>
The steps for manually importing your data are outlined in <a href="https://infinitekind.tenderapp.com/kb/online-banking-and-bill-pay/manual-downloads">this article</a> from the knowledge base.</p>
<p>Finally, there's an existing ticket (#5386) in our ticketing system that we've attached to this discussion. Please stay assured that you'll be notified as soon as there's an update.</p>
<p>Sorry for the inconvenience and thank you for your patience.</p>
<p>--<br>
Maddy, Infinite Kind Support</p></div>Maddytag:infinitekind.tenderapp.com,2009-01-14:Comment/482272292020-04-24T12:47:24Z2020-04-24T14:24:16ZDiscover appears broken again<div><p>Discover card has now merged it's account access, e.g. Bank Checking, savings, and Discover Card is accessed from a single login. Still receiving the same OFX header messages and updates to all accounts fail silently.</p></div>ExCobraPilottag:infinitekind.tenderapp.com,2009-01-14:Comment/482272292020-04-25T22:44:22Z2020-04-25T22:44:23ZDiscover appears broken again<div><p>The Discover OFX server is sensitive to the order of headers in the HTTP Request.<br>
Requests with less than 5 seconds between them result in a "temporarily unavailable" response.<br>
An alternate working set of parameters is: FID = 9625, ORG = Discover Card Account Center, URL = <a href="https://ofx.discovercard.com:443">https://ofx.discovercard.com:443</a><br>
The following order of headers works:</p>
<p>h = HTTPSConnection("ofx.discovercard.com:443", timeout = 30)<br>
h.putrequest('POST', None, skip_host=True, skip_accept_encoding=True)<br>
h.putheader('Content-Type', 'application/x-ofx')<br>
h.putheader('Host', 'ofx.discovercard.com:443')<br>
h.putheader('Content-Length', len(ofx_query))<br>
h.putheader('Connection', 'Keep-Alive')<br>
h.endheaders(ofx_query.encode())<br>
res = h.getresponse()</p></div>ExCobraPilottag:infinitekind.tenderapp.com,2009-01-14:Comment/482272292020-04-26T02:33:11Z2020-04-26T02:33:11ZDiscover appears broken again<div><p>ExCobraPilot:<br>
Is this something a person who doesn't understand programming can fix, or must TIK fix it?</p></div>davet65tag:infinitekind.tenderapp.com,2009-01-14:Comment/482272292020-04-26T15:48:25Z2020-04-26T15:48:26ZDiscover appears broken again<div><p>@ExCobraPilot: It would be a violation of the HTTP protocol specification for the behavior to be dependent on the order of the headers, so that seems unlikely. Furthermore, that code snippet you pasted won't work in practice, since the <code>Content-Length</code> header value is being calculated incorrectly (the unencoded length is provided as opposed to the encoded length). Is that code from Moneydance itself?</p></div>estadtherrtag:infinitekind.tenderapp.com,2009-01-14:Comment/482272292020-04-27T20:00:26Z2020-04-27T20:00:26ZDiscover appears broken again<div><p>It would be a violation of the HTTP protocol spec to require a specific order of the headers, but it does seem to be happening. There are companies that provide http client fingerprinting on behalf of server operators that attempt to distinguish between trusted clients and unauthorised bots. The Discover server seems to have had this kind of filtering for a while which is why Moneydance has sent headers in a very specific order for connections to their servers. Their very picky order seems to have either changed recently or they have additional fingerprinting requirements that we are not meeting.</p>
<p>There is also another bank server First Tech Credit Union which seems to use a similar (or maybe identical) fingerprinting service. With that service, Moneydance 2017 can connect, but when a customised version of Moneydance 2019 sends the exact same http message (down to the last bit), the connection is rejected. My conclusion is that they are also fingerprinting based on the TLS parameters such as available encryption algorithms in the negotiation stage.</p>
<p>I'm doing my best to replicate the TLS parameters to get the connections working again for both Discover as well as First Tech, and I hope to have a solution very soon.</p>
<p>I'm guessing that ExCobraPilot's http message would go through fine since in the vast majority of cases the encoded value would be the same as the unencoded string. The contents of an HTTP POST wouldn't need extra characters such as percent encoding. It'd only be non-ASCII characters which might need an extra byte or two.</p>
<p>Thanks,<br>
Sean</p>
<p>--<br>
Sean Reilly<br>
Developer, The Infinite Kind<br>
<a href="https://infinitekind.com">https://infinitekind.com</a></p></div>Sean Reillytag:infinitekind.tenderapp.com,2009-01-14:Comment/482272292020-04-27T21:27:37Z2020-04-27T21:27:38ZDiscover appears broken again<div><p>That's interesting about the fingerprinting. I wonder if the fingerprinting recognizes Quicken but not Moneydance, in which case working with Discover to trust Moneydance's fingerprint (on all platforms) would seem to be a more sustainable fix than backing into a solution that happens to meet their fingerprinting. This is especially true if the TLS negotiation is part of the fingerprinting, since it might be hard to keep a static fingerprint as the JRE receives security updates.</p></div>estadtherrtag:infinitekind.tenderapp.com,2009-01-14:Comment/482272292020-04-28T15:07:09Z2020-04-28T15:07:10ZDiscover appears broken again<div><p>Banks don't work with personal finance app companies unless their name starts with a Q and ends with uicken.</p>
<p>Quicken is already proxying Discover Direct Connect requests through their own server. It seems like it's a matter of time before the Discover DC server becomes no longer publicly visible at all.</p></div>at563jn