Slashdot Mirror
OS-Independent Web Banking?
"I recently wrote again, and received no response at all, even though I mentioned that I would be writing an editorial for Slashdot, whether I could report a happy ending or not. That happy ending seems to be out of reach now. I even offered to contract to fix the problem myself.
The big question is, is there any bank with a good Web banking component that geeks can rely upon for good cross-platform support? TD's site is not only incompatible, but it relies on all sorts of client-side JavaScript to do things that could 99% of the time be just as easily done on the server side in PHP, CGI, ASP (which they are using now - another questionable decision), etc. Ideally I want to be able to log in from a text console using lynx and do my banking... and it seems to me with a little planning there's no reason I shouldn't be able to do so.
Another, broader question that comes to mind is this: Who makes the technology decisions at the big banks? These companies influence our daily lives to an astonishing degree, since they control our financial lives. When my bank decides to change their Web site to make it incompatible with my platform of choice, it really leaves me floundering. Who is responsible? What consulting firm is recommending these unfriendly, unnecessarily glitzy, and altogether unsound choices? If they're unaware of the needs of their less-than-mainstream customers - betraying a certain lack of thoroughness - can we really trust their security decisions?
Practically speaking, I'd like advice on a new, geek-friendly bank, if indeed such a thing exists. Preferably somewhere I can do my banking in a text-mode browser, but at least somewhere committed to supporting the most common graphical browsers on *all* platforms. For myself, the other requirement is that the bank be Canadian, though I think discussion of banks in other countries would be very interesting as well. The good thing about TD is that they have a no-fee minimum account level, which is convenient; a geek-friendly bank with a good service plan to boot would be ideal.
To be fair to my bank, I've been reasonably happy up until now. However, my inability to get any satisfaction on this matter has forced me to consider a move, if a better alternative exists."
Funny note - the VP in charge of Citibank's online retail banking operation is one of my limo customers, and has been for years. After many long conversations about Linux and alternative OSes, he made sure the Citibank site was totally cross-platform, which was not only a good customer move but also made a lot of the Unix and Linux coders who work there real happy and got him a *lot* of respect from them.
This person, who I would rather not name here, has since bought a dual-boot home computer from a small, local vendor, and is gradually falling off the edge into Linux.
BTW, I filed my taxes last year using TurboTax online -- in Linux -- and the small local bank where I keep both my personal and limo-business accounts runs platform-independent online banking and plans to keep it that way.
Let the bankers know you're out there, and that your choice of banks is at least in part dependent on their ability to serve your needs. This works especialy well with small local banks, and even better if you also own a business, even a small one, because business accounts are better profit sources than persoanl accounts.
- Robin
If you don't want to use an operating system that the bank's -- or ecommerce etc -- system supports, that is your perogative. However, you can't expect them all to support every operating system there is. That simply isn't possible.
Actually, in the case of a web app, it IS possable to support any operating system that has a browser with SSL capabilities. All that's required is keeping the display reletivly simple and functional. I don't know of any browser that can't handle a form with the POST method. That's all that's really required.
Simple pages like that also place less load on the server. If the banks insist on a bunch of eye candy, perhaps they should start with a simple form like that as a functional prototype and keep it available for those who aren't using exactly the same version of browser as the web developer.
Interestingly, simple forms like that are also more accessible for the visually impared and more adaptable to WAP and PalmVII. Another OS in a partition won't help a blind person use a clueless web banking app that only likes the standard (non text to speech) version of their browser.
I ran into this as well. They supported Linux for a very long time and then they decided to make some updates to the page to make it non-Linux compatible. It was REALLY stupid and I even called them and told them how to fix the page to make it work with Linux again, but they would hear nothing of it. I actually posted a comment to slashdot about this a couple of months ago in a story that had some remote links to this topic. I told TD support that I would post information all over the web about their treatment of people who didn't want to use Windows or MacOS. They actually told me to go out and buy Windows if I wanted to use their site!! I was really pissed off and managed to speak to the manager, who told me that they were developing a better site. She gave me access to this beta site, which actually does work, and I can verify that they now do support Linux. I guess enough people called to complain. They were ->- that close to losing me as a customer after 21 years, and with me, losing some serious commercial business too. Be patient. Within a month or two (hopefully), it will work again. The new site is much faster and more full-featured too.
I know it's frustrating, but they know what it's all about now.
As someone who has been there, I can say pretty safely that the folks coding up those web banking sites don't like to deviate from Microsoft too much, and it's for an interesting reason: the product sells better to non-tech types when you can say it's a Microsoft tech. Floored me when I first heard that, but I suppose some people haven't figured out that Microsoft != secure. As far as they're concerned, Microsoft products (ASP, IIS, etc) make for a quick rollout that has good security and customers are comfortable with. I'd say two of those are right...
Don't think about using their investment stuff, it sucks. But the bank is actually a different company (used to be telebank) that E*Trade bought. They have very high interest rates and the pages work with Lynx. I've been very pleased.
Just don't get me started about their brokerage accounts.
Heya. I've read much of the above commentary and no one seems to've hit this part of things so I will.
Basic point: No online banking scheme is secure.
Sub-point: Some are more secure than others.
If your bank is not using SSL for online banking, stop right now and save yourself some trouble. Call them up and make sure that web access to your account is completely disabled. Without a lot of checking (which would be more of a pain in the ass than solving your problem -while- using your old bank... details below), you aren't likely to know whether internet traffic to your bank is properly handled and filtered or if there's another host at their end which can packet sniff. If they're just a colo or a virtual host on someone's webfarm, anyone else with an account on the same net can get curious.
If they use SSL, you're still not guaranteed security but it's at least not a completely trivial thing to get your account information. Then you get into OS security and how intelligent the hosting ISP -really- is when it comes to filtering at their routers. I've seen some that are. I've seen none that are vehemently pro-active about it. I'm fairly certain that many NT/Lucent shops out there are content to merely keep the frequency of reboots as low as possible. Sometimes a customer will want to keep using a piece of software that is dependant upon an outdated version of an OS (read: as secure as swiss cheese). That's where you really get into the necessity for filtering at the routers so that only the traffic that's absolutely necessary gets through.
Other posters have noted that there are protocols which are quite well suited for everything that could be needed for a (reasonably) secure and usable online banking transaction. You seem to understand the JavaScript used by this bank. If you telnet in to the server handling these transactions (and hopefully need to authenticate yourself via SSL) you can probably manually input any function you wish to call. I've not had personal experience with it, but I believe C-Kermit compiled with OpenSSL support will allow you to pull this off. It's all just bits in the end, and most of the time it's even ASCII. I've used similar methods to deal with mail via pop3 (and to a lesser extent smtp) for years. I didn't have a home base to read and save email onto, so learning a bit of the protocol was much easier than constantly installing and deleting mail clients. We don't need no stinking national ISP's! =)
Hope this helps some...
Lanir
I have found that Citibank web banking works excellently with Netscape on Linux, Netscape and IE on Mac, and Netscape and IE on Windows.
Union Bank of California has decent online banking. Their stuff works fine with any browser.
Doesn't do you much good if you aren't in California, and Toronto ain't.
There is an increasing presence of "ActiveX" controls (I think that's what they are) on web pages -- they simply will not work with non-MS products.
It really is a shame to see the internet, paid for with taxes, much of it built for free in spare time, by fairly selfless people, as a open and standards compliant means of communication, get bastardized by the scum at microsoft.
But I completely agree that if you can find another bank that has employees with enough skill to make their web presence platform neutral, go for it.
Make sure you let the previous bank know why you left.
Treatment, not tyranny. End the drug war and free our American POWs.
See my user info for links.
In the US, if you couldn't do your banking with lynx on a text console I think the bank could be sued under the Americans with Disabilities Act. As I recall, the only browsers that blind people can reasonably use are text-based browsers (through some form of text-to-speech conversion). AOL had some trouble over this within the last year or two (they settled by agreeing to spend money on developing interfaces for the blind, IIRC) and a bank is a "public accommodation" that should be subject to the ADA. If there are similar laws in Canada, pointing this out might do the trick.
Does onybody remember when the Web was supposed to be the thing that made OS irrelevant, the thing that was supposed to be platform-independant?
Doesn't the W3C release standards to promote this effect?
And doesn't MS and Netscape blatently ignore these standards (specifically to create a platform-dependant experience, in the case of MS a Windows-dependant experience...)
I know I'm preaching to the choir here, but I lay the blame for ruining the interoperability of the web squarely on the major browser writers.
Who would have thought that Free (as in beer) software from companies with an agenda could do so much damage?