Online Banking And Browser Support

robbo writes "Earlier this week, The Register ran a piece on major UK banks and E-commerce sites' refusal to support alternative browsers for online banking, and they followed up with a list of saints and sinners. The reasons vary from requiring support for proprietary technology to security. My own bank only recently started supporting Netscape 6 (but they still don't support Mozilla). Clearly, support for Mozilla, Konqueror, or Galeon are absolutely necessary if projects like GNUCash can successfully integrate online banking. How does the Slashdot crowd find their banking support? Is your bank a sinner or a saint?"

Mozilla Credit Union

[DeadBugs]

Mozilla 1.1 works just fine at my little Credit Union (Only 2 offices).

So if a tiny little non-profit credit union can do it, then the larger banks should have no problem.

Re:Mozilla Credit Union

[dizco]

Sigh. Not much I can do about it anymore

You could find another bank.. they do exist.

--Sean

It's the protocols and standards that matter

[Vlijmen+Fileer]

The banks are doing wrong something else; they are "developing" for certain browsers, while they /should/ be designing with accepted web standards.
Then there would be less problems. Web designers and browser developers can then both spend more time on adding functionality, because they only have to support 1 peer instead of n.
My bank, the Dutch ABNAMRO, states somewhere that they only support IE. But Mozilla works, although a tad ugly.

Re:Online banking is a stupid idea

[Whatsthiswhatsthis]

Convenient for people too lazy to write a check by hand, or go to a drive through teller, or something. Yes, some people may not have cars, but they find a way to get to work, don't they?

Banks have limits on how many teller assisted transactions one can do (usually per quarter or statement). Also, some people work during all bank hours (usually 9 to 5).

The internet may not be as secure as anyone would wish it to be, but it's still more secure than handling things in the branches. As a former teller, I can tell you that there are massive amounts of fraud that bank branches have to watch out for. With a good password your information should be safe.

Who cares what they say they support?

[tgd]

I've been using online banking since the whole thing started... using the web for probably seven years, with SFNB (the first online bank, showing off S1's software), to RBC and now RBC/Centura. They've always listed such-and-such browser version requirements, and I've never had a problem using another browser before.

How many banks really *block* a given browser? And if they do, how many really wouldn't work if you masqueraded your user agent?

It sucks that these places don't officially support other browsers, but if anyone here has ever worked on an externally-facing web-based software package, you know that there is just so many combinations of things your QA department can test, and a good company will only say they support those, even if they know others would work. Its not responsible to say you support Mozilla if you've only ever tested Netscape 6, officially.

Can't support everything

[dirk]

While in theory it would be great for banks to support everything out there, the reality is they just can't. They have to pick the biggest browsers and target their software for them. Imagine if they said they supported any browser available, how many different tech people would you need to sort through a problem? "Well, it works on IE, Netscape, and Opera, but Mozilla nd Konquere don't work, we need to figure out the problem and then rework the whole page." And they woudl also have to support user calls on every browser, which could also be a nightmare. This isn;t a generic website, this is banking information. They need to limit the possible ways things can break, which means they need to limit the software that can be used. If there is a problem discovered with Opera (for example) that suddenly means the information going to your browser isn't secure, people will blame the bank, not the browser. If your password gets hacked because Konquer (or IE, or whatever) does something wrong, people will hold the bank responsible, even if it's because they didn't upgrade their own browser.

Re:Can't support everything

[reaper20]

They have to pick the biggest browsers and target their software for them.

You don't write web pages for browsers, you write web pages to standards.

It's not too hard, for inspiration, Wired News recently switched to full xhtml compliance with css. Their stuff works fine in any compliant browser.

People who complain about "I try to write to standards but all the browsers are broken", or "you can only do $feature on a certain browser" are lazy. That was a valid excuse 5 years ago, but not today. It is easier to write the stuff compliant to begin with than play around with stupid browser detection and NS4.x workarounds.

Re:Can't support everything

[vidarh]

This is a ridiculous argument. The bank has no way (or right) to control how the user secures his or hers machine, so why do they care about the browser? The user can have "HackMeProxy 1.0" installed, that intercept all IP traffic and post it to Usenet for what the bank knows, and it might be what the user wants. Face it, the bank has NO WAY of ensuring security by dictating browser type.

And if they do care about the browser, all logic would dictate that they shouldn't support IE, given the security track record IE has.

Fact is, this is entirely laziness and incompetence from the banks technical departments.

In the end though, the incompetent banks will lose out - I've already cancelled one bank account due to a ridiculously bad online bank (a 1.5MB java applet that required write access to your hard disk to write an encrypted profile that you needed to move around to any machine you wanted to access their bank from, which in itself made it useless to me, as the reason I use online banking is to be able to do my banking from anywhere I please - add to that that the applet had severe problems on anything but Windows...). While my account on it's own only accounted for a few hundred dollars a year in lost revenue for them, I'm sure I'm not the first and won't be the last they lose.

These articles proliferate the problem

[MobyDisk]

The article says:

Linux users, or just people who prefer alternative browsers (such as Opera)

Ahhh! This is the very cause of the problem! Why are they acting like IE is the "standard" and everything else is "alternative!" Is Ford standard, but Chevrolet alternative?

Another scary point is that these articles indicate that browser spoofing often works. This means that the only reason some of these sites don't work, is because they refuse to! There are no real incompatibilities

Re:These articles proliferate the problem

[vidarh]

Or, as in the case of me most of the Linux users I know: Highly paid software developers, development managers, etc.

Anyway, you'd be surprised to know that most banks see colleged kids as some of their most valuable customers, as hooking a colleged kid now means they are likely to get a customer that will stay with the bank for years, will get a high paid job, will get a mortgage, credit cards, personal loans and more.

Banks have been known to go to quite some excesses to get college kids to move to their bank, including special graduate loans, high credit limits, preferable interest rates and more.

And you're right, business is about profit, not market share, which is exactly why it's important for a business such as a bank to deal with non-IE browsers:

Their cost is essentially the same - they merely need to give their tech team the right guidelines, unless their tech team consists of people who should never have done software development in the first place. The development time should be the same or LESS. The maintenance costs will DROP, as they don't have to change their site every time there's a new version of IE with different quirks.

And their potential market is then 5% larger.

All their other fixed costs stays the same, and for a bank the fixed costs are incredibly high. Adding 5% to their potential market share could easily add 10-15% to their bottom line.

Re:Why the heck /should/ banks support "alt" brows

[bomb_number_20]

I'm sure this is flamebait, but....

The problem is that there is an open set of standards out there that banks should be developing to- not specific browsers. Otherwise, there isn't any point in having standards, is there?

And yes, you can code to standards without killing cross-browser compatibility. I think the idea that you can't is one of the biggest myths of web development. It takes work, but then if you are a professional that should be your job.

Generally speaking, I think these sites come around through lazy or inexperienced developers who only know or are required to use a specific set of tools because it's 'cost-effective' and/or 'faster' instead of actually doing their job.

Whether it's the developers fault or management is up in the air- probably a little bit of both.

I _don't_ want them to support Moz, Opera, Konq...

[Jack+Hughes]

...Because that is surely missing the point.

I want them to support standards like HTML, XHTML, CSS and so on.

Then the sites will work with any current or future client technology that also supports those standards.

Nowadays, there is no reason why your site should not be valid

Not always the developers

[barzok]

Often I've been in a situation where I hear "there are things other than IE?" and "I use IE, I don't care to think about anything else" from the people calling the shots as far as the specs & what will be paid for.

Then we have to go back to them with our site stats and say "are you willing to piss off X percent of users?" Luckily they wake up then. Lately, we've reversed the position - we tell them what browsers we're supporting, and why we cut off specific support for some browser versions where we do.

There are a lot of "Internet users" who don't have any concept of the Internet beyond IE, and even scarier, they're now the ones deciding how sites should be built.

Re:Attribution of blame.

[Stradivarius]

I don't think it's fair to place the blame entirely on "lazy developers".

As I see it, there are two possibilities when a bank site doesn't work with non-IE browsers:

1. The bank wanted a solution that would work with all browsers, but the developer cut corners and didn't provide it.
2. The bank didn't care.

For #2, I think it's safe to say the blame lies solely with the bank.

For #1, it seems the blame is largely with the developers. After all, the site's ability to work with all browsers was either explicitly stated, or it was implied. There's no reason an ordinary person would think "I want you to build my website" would be interpreted as "I want you to build a website that only some of my customers can use". Unless the developer explicitly states that their proposal is limited to IE, the expectation is (rightfully) that there is no such limitation.

At the same time, though, any organization contracting out such a significant job has a responsibility to exercise some due diligence. Especially a financial organization, due to the need for security. They ought to do enough research (either themselves, or hire a consultant) to know how to discriminate between competing bids. And they ought to ensure before accepting a bid that the developer truly understands their requirements, and that all requirements are in the contract. If they do all that, and the developer doesn't provide everything they said they would, that's breach of contract. If the bank doesn't do its due diligence, then it has to accept a share of the blame for having a half-assed website.

FWIW, Bank of America's site seems to work fine with Mozilla.