[tenaciousDaniel]

Although I can say that most financial institutions are not nearly as scrupulous in checking their systems as you would expect.

When I would work my way through their auth layer, I'd be sending them like 500 login requests every hour. They never contacted the account I used, so I have to assume they weren't checking for abnormalities like that.

The only time I really fucked up was when I tried to do that with a particular broker in Singapore. Singaporean companies have their shit _locked down_. I spent one hour debugging one of their endpoints, and it let off so many alarms that the CTO of their company was woken up in the middle of the night.

[matthewwiese]

I respect the need to abide by an NDA, and I assumed something along those lines would be the case. Thanks for the tidbits nonetheless! The intersection between finance and tech at the highest levels like that has always intrigued me.