Online Banking And Browser Support

robbo writes "Earlier this week, The Register ran a piece on major UK banks and E-commerce sites' refusal to support alternative browsers for online banking, and they followed up with a list of saints and sinners. The reasons vary from requiring support for proprietary technology to security. My own bank only recently started supporting Netscape 6 (but they still don't support Mozilla). Clearly, support for Mozilla, Konqueror, or Galeon are absolutely necessary if projects like GNUCash can successfully integrate online banking. How does the Slashdot crowd find their banking support? Is your bank a sinner or a saint?"

I love netbank

[NMerriam]

netbank rocks -- it's great for folks like me who move a lot and don't need physical bank access. Free bill payment, plus great interest rates and I don't think I've ever paid a fee for anything.

Works fine for me in Mozilla, and has ever since I switched to moz last year.

I used to be with SFNB, the first totally "online" bank, but when they were bought out a few years ago, they started charging fees like a regular bank, which kind of defeated the whole point of reducing transaction costs by being online.

A lot of browsers will work.

Regardless what they say their site "supports". Meaning, that they just physically CANNOT pay people to offer TECHNICAL support every browser out there, and it's configurations and various security flavors. It's not really an issue on the HTML side, as it is on the EMAIL/Phone Support side where you have old ladies calling in saying NetScape 3.1 isn't working with the website. They cannot offer help to people like that on how they can upgrade and change all their settings to work correctly etc.. Most banks choose a specific target platform to work with, brand it as "company standard" and go to work.

I don't see any problem with this, really.

Re:Mozilla Credit Union

[ender81b]

Good for yours, I found out my bank - a fairly large statewide bank - has iffy support across the board. While nearly everything can log in (as long as it supports 128 bit encryption which is a *Good Thing*) various functions don't work. I contacted the people about this and they said they would talk to the vendor soon about it. Well 6 months later I got tired of waiting and took a look at the code myself.

What was happening was they where using javascript for the pull down menu's that was only set to recognize MSIE 5/6 and Netscape 4/6. Note - this script would work in about everything I tested it in (opera, moz) but it was just set to only work if it detected those browser's strings. I sent them the fixed .js file that would work for everything but, of course, they declined to use it.

Sigh. Not much I can do about it anymore - besides set opera to identify itself as MSIE 5.0 but that doesn't help with mozilla.

Re:Wells Fargo

[Joe+Tie.]

I had a very refreshing experience with them. I started a new account there about a year ago, and a few months later someone called me up to make sure I was aware of their online banking. I'd had so many bad experiences with banks and non IE browsers that I hadn't even bothered trying. He actually quickly mentioned that their banking will work fine with Mozilla under Linux.

I know it's just one guy rather than some all reaching Linux education program there, but it was still very refreshing to not have someone in that position telling me that I should upgrade to Internet Explorer.

Just call the bank

[HTD]

Well here in Austria the Raiffeisen Bank had a few incompatibilities with Netscape 6 (when it came out) and Opera 5. I just called them, told them what it was and how to fix it and a week later the online banking thingy worked with all last generation browsers.

On the other side there are banks here that still use custom windows software with dial-in (cool for all Linux, Apple, DSL and Cable users/owners isn't it) or bet on Java Applets which of course only work in one browser be it Netscape or MSIE. Don't ask me how they manage to get applets working only on one platform and browser. Well i would switch bank if my online banking solution does not work for me - so switch and tell your bank why you switched, then things might change.

Re:Wells Fargo

[bomb_number_20]

My bank (Bank One) is excellent about accessibility. mozilla, netscape, opera and ie work fine. haven't tried konquerer there yet.

offtopic rant...

But I've had the same problems with college sites in general. For example, my college employment board requires all resumes to be submitted in MS *.doc or *.rtf format (for that stupid fscking buzzword parser).

Interestingly, if I create my report in staroffice 6.0 and save it as either a *.doc or *.rtf file, it STILL doesn't work. If I load the file into MS Office and then resave it it works fine. It's annoying to say the least; and I'm really curious as to why it doesnt work- especially the rtf version. ...end offtopic rant

Re:Things will only change if...

[Dolly_Llama]

Forget the webmaster, write the suits a letter about how their site is out of W3 compliance, even better raise some IE security issues.

Re:Can't support everything

[vidarh]

Thats just bullshit. My experience with various online banks is that the ones that are the most usable also work flawlessly across browsers. Why? Because they don't try to make their sites use all kind of fancy crap that just slow down and complicate things. When I log on to my online bank, I want to do one of checking my balance, looking at statements, or paying bills. Why would you need to use anything beyond basic HTML for that? Perhaps there are a few functions you want to use basic Javascript for, fine, but nothing that can't be trivially done so that it'll work even in Netscape 4, and nothing that should prevent the site from working with Javascript off.

I currently use Barclays (UK), and their site demonstrate my point well. It works. It's reasonably fast (and when it isn't, it's because their system is overloaded, not because they're trying to push hundreds of kb's of crap to my browser), and it works flawlessly even with Lynx (thought their pages look like crap, since they don't use empty alt tags to hide all their pixel gifs...

Can you explain to me exactly which advanced functionality your bank need to use to make their site work that hasn't been there since HTML 1.0?

Wells Fargo = Saint; Bank One = Sinner

[md17]

Since I do 95% of my banking online, and use Gentoo Linux on the desktop, it is an essential that my bank in Mozilla compatible. When I was a Bank One they changed some stuff which made their site non Mozilla compatible. I politely sent them an email and asked them to fix it. They did not. So I switched to Wells Fargo where now I enjoy Mozilla compatible online banking. Way to go Wells Fargo! (BTW: Bank One might have fixed this, since it was about 1 year ago.)

Bank of America

[hawkstone]

Just my $.019999:

Bank of America hasn't given me any problems, from Netscape 4 to Mozilla 1.1. I wouldn't necessarily say they are some wonderful bank -- they are a huge corporation and have all the associated pains, but at least they're not making me use Internet Exploder.

I refuse to use IE. If someone requires IE, they typically don't get my business and they usually get a nasty note as well. Same goes for sites that *require* flash, BTW. I only installed flash because of the games it lets me play. :)

Re:These articles proliferate the problem

[NineNine]

Welcome to Earth! On this planet, IE *IS* the standard. With genral usage at right about 95%, it has been the standard for several years. Ford and Chevy can't be compared, because neither is dominant in any market. If one of them had 95% market share, then yes, they would be standard.

I'm so tired of the same old "W3C is the standard" horseshit. Get over it. The W3C is irrelevant. It has been for years. Scream until you're blue in the face, but until you can convince billions of people to follow that arbitrary "standard", you're just wasting oxygen. IE is the standard. Deal with it. Move on with life. It isn't that important.

I refuse to Net Bank

I refuse to net bank , seems to me my bank
(ScotiaBank) and most other banks in Canada
and I assume the US are spending vast sums
of money and time trieing to get me to help
them get rid of their employee's , don't get
me wrong I've got plenty of computers of all
shapes and sizes and have been "online" for
over ten years but to me there is some things
that computers do that can take away from our
society , the local friendly bank lady's will
cash any cheque I put in front of them without
even a look , because they know who I am , and
what else could they do for a living or what
future jobs will they attain because they had
a start as a teller in a bank , we need as many
jobs that pay any wages as can be had , that's
why the economy is such a mess all the money go's
in none comes out !

HBCI: Browser no longer necessary

German Banks support an online banking standard called HBCI. Since two weeks ago, GnuCash supports this protocol through the excellent OpenHBCI library. All you German /. readers out there, go get it! A stable release is scheduled for this December.

HBCI basically offers a NEW interface to online banking. No Web server, no Browser, no compatibility issues. HBCI (Home Banking Computer Interface) is a bank-independent standard that defines the communication between an arbitrary finance application and any arbitrary HBCI-capable bank server. Roughly half of the banks in Germany offer home banking access through HBCI. The OpenHBCI library enables programmers of finance applications to seamlessly integrate HBCI functionality into their programs, without having to know anything about HBCI details. HBCI business actions, like for example statement retrieval, bank transfer initiation or issuing of debit notes, can easily be invoked through very few lines of application program code.

cstim

Re:Wells Fargo

[Clived]

hmmn, just raising a point here. My bank (Cdn Bank) TDCanadatrust supports the latest browsers
Netscape and Explorer 6 but only from a Windows computer. Mybe they support Opera but NOT from a linux box. I asked about this and NO one on the tech support was prepared to comment. Consequently I have to do my net banking from a winbox on my network. Which sucks, but that's Canada for you, 100 years behind the times

My two bits

Re:Things will only change if...

[ma++i+ude]

So get off your ass, knock up a form letter, keep it handy, and complain!

I did. It looks something like this.

Dear Sir / Madam,

An article published on The Register a few days ago (and available at http://www.theregister.co.uk/content/23/27756.html ) prompted me to write to you regarding the browser support on your Online Banking service. A long-time Linux user browsing with Mozilla and a customer of your bank for a couple of years now, I am very frustrated by your lack of consideration in supporting alternative operating systems and web browsers. Supporting only one or two platforms for such an essential service as online banking shows short-sightedness and disregard for your customers.

There are various reasons why it is a bad idea to limit your support to certain web browsers or operating systems and instead use proprietory solutions. These include:

- Some people are unable to use certain technologies. The visually impaired, for example, may need special hardware and/or software to access the Web. Phone banking is not an acceptable alternative; everyone should have access to the World Wide Web. The World Wide Web Consortium (www.w3.org) is working hard to achieve this goal by setting standards, so breaking them is inherently the wrong thing to do.

- The actual standards in place today are very secure and well designed, something which cannot be said about the proprietory extensions in most Microsoft products. Limiting your support to certain 'tested' browsers is by no means going to improve the security of your system; in fact, trying to improve security through using Microsoft products is an oxymoron and laughable at best.

- The method by which you are trying to limit access is useless but annoying. Most 'alternative' browsers allow the user to set their browser identification to anything they like, that is, the browser will present itself as, say, Microsoft Internet Explorer 5.0. Therefore, most knowledgeable users who are unable to access your site because of this limitation will change their browser identification and be permitted. However, this is a bad idea because (a) it will produce misleading browser statistics for you, (b) it lets anyone access your site tailored for a certain, non-standard-compliant browser, and (c) it may lead to situations where the user is allowed access but, because of the non-standard nature of your site, will not be able to navigate as intended.

I realise that Microsoft Internet Explorer is by far the most popular browser but there are many alternatives available. Ignoring these alternatives is utterly irresponsible of you, as well as bad business practice. Even if just ten per cent of people use the alternative browsers, that's ten per cent of potential customers to lose to your more considerate competitors.

The Register published a hall-of-fame as well as a hall-of-shame (http://www.theregister.co.uk/content/6/27777.html ). Of your competitors, Barclays, Lloyds TSB and Nationwide are among the considerate. I am sure I can find a bank which values its customers by providing the means to actually use their money. Unless I can see a considerable improvement in your support in this matter, I will be forced to change banks.

Sincerely,

UK banks and browsers, money==standards pls

[fiddlesticks]

My current bank is the Halifax

Their site is fast, HTML only as far as I can tell (little JS, NO Java, NO Flash etc) and it's bloody great. Works fine on Moz, Phoenix, Konq, NN4..and IE :)

They have to do a little more server-side than if it was some massive bloated 'application' that allowed you to, say, add a new regular payment_and_then add money to that payment_and_then_do_something_else_ (which is why so many of the others seem to do it so wrong, as they want to do it all so 'seamlessly client side') but hell... it just works

My previous bank was the Woolwich who, after years of not doing anything online, suddenly started closing branches, moving everything over the phone banking and Net banking. This is where the problem comes if your almost-essential-to-users-lives website doesn't work properly. I can't NOT use my bank's website, or only do my banking in work hours/ on a Windows machine.

ANything beyond the login page of their site, needless to say, was unusable on anything other than IE4 & 5 (not even IE6!) Terrible hierarchical menus in Java, JS used to calculate balances, show recent transactions, etc. Half the time I was staring at a screen that said 'you have a balance of "undefined call to variable bar...."'

The Woolwich didn't get it right AT ALL - I would call and report it as a fault, they'd panic, then eventually realise I wasn't running IE, and their support people would tell me all sorts of rubbish about 'Mozilla isn't secure' or 'Java is supposed to do that' (crash :) so I left them. I wrote them and told them why as well. They have lost the ~300 UKP a year they made from running my account. (a figure half-remembered from a recentish survey about average profit per bank customer in the UK)

A bank's website - or an ecommerce website - is different to, say, a whizz-bang movie release website that needs Flash, or a vanity site that asks for plugin foo - they have websites to keep customers, and allow them to save costs. If even the 2% of people quoted elsewhere in this thread can't use their service - hell, they'll just move.

End of story. IF you have a serious, customer facing website that you are relying on to help you cut costs and increase efficiency, it is NOT an option to restrict what software the site runs on. Just ask amazon.

United Credit (West Australian)

[drsparkly]

When I first joined UC their homepage didn't work with Moz - some bolloxy DHTML menus. I complained, and I assume others did too, and they fixed it when they redesigned their site.

However they just recently redid their online banking site which used to work fine, and now it doesn't work with Moz. I think it's because their menu JS file does browser detection and refuses to work with `non-supported browsers' whatever they are.

Whoever did the new site did a horrid job - goddam DHTML popup windows everywhere, then click for a DHTML menu, and each of those menu items has a rollover DHTML popup.

And I've seen those sorts of popups before, and I really hope its not the same developer, because he used to code using variables called Fred and Barney and Pebbles.

Browser spoofing == DMCA violation

Spoofing your user_agent to get into websites that block browsers is illegal under the DMCA. The user_agent blocking system IS an access control device that restricts access to a copyrighted work. The copyrighted work of course is the website. The DMCA is about access control devices, not copy protection systems, though copy protection systems are access control devices.

My bank works fine... now

[Cecil]

CIBC (Canadian Imperial Bank of Commerce) had some issues for a long time and I was quick to blame it as being their fault. However, after many months, someone commented on the CIBC bug in Bugzilla that it was working in a newer version of Mozilla. So, as it turned out, it was actually a problem in Mozilla's SSL support, not in CIBC's site. Go figure.

And for everyone who is complaining that Mozilla can't change the useragent... Yes it can. You can either set the following pref in your prefs.js:

user_pref("general.useragent.override", "fake agent string");

Or install the following toolbar widget thing to change it on the fly (very handy!):

UABar

Philadelphia Federal Credit Union

[edgarde]

As long as I'm putting the Mozilla UserAgent string in people's server logs, I figure the hint's being made.

All my online banking via PFCU works for me in Mozilla (Windows & Linux). Site claims "optimized to work best with Microsoft Internet Explorer", but includes a Netscape icon. I'm guessing they need to encourage browsers that support reasonable encryption, and are choosing to keep it simple.

Note the dreaded browser detection code. Seems to pass Opera, Moz, IE & WebTV.

function VerifyBrowserType()
{
// *** BROWSER VERSION ***
var is_major = parseInt(navigator.appVersion);
var is_minor = parseFloat(navigator.appVersion);
var is_nav = ((agt.indexOf('mozilla')!=-1) && (agt.indexOf('spoofer')==-1)
&& (agt.indexOf('compatible') == -1) && (agt.indexOf('opera')==-1)
&& (agt.indexOf('webtv')==-1));
var is_nav35up = (is_nav && (is_major >= 4 || (is_major=3 && is_minor >=5)));
var is_ie = (agt.indexOf("msie") != -1);
var is_ie4up = (is_ie && (is_major >= 4));
//Check for IE 4.0 and up
if (is_ie4up)
{
document.logon.BrowserType.value = "-1";
}
else
{
//Check for Netscape 3.5 and up
if (is_nav35up)
{
document.logon.BrowserType.value = "0";
}
else
{
//Some other HTML 3.2 and Java Script 1.0 browser
document.logon.BrowserType.value = "2";
}

(indentations made ugly to pass Lameness Filter)

I'm wondering if Credit Unions are more prone to pass the non-IE test because they have less $$ for flashy sites, and keep things simpler.

Re:Can't support everything

[Reziac]

You say, "My experience with various online banks is that the ones that are the most usable also work flawlessly across browsers."

Let me expand on that: in my experience with sites of all descriptions, the ones that are most usable also work flawlessly across browsers.

And this is exactly for the reasons you state: they keep it as simple as it CAN be for everything to still work.

What's more, these sites are often the most legible as well as the most visually-attractive, even with js and image loading off!!

Capital One

[Adaere]

Capital One is one of the worst violators. Mozilla will not work even after changing the user agent. In fact, it appears they are just deliberately blocking Mozilla from working and refuse to stop. Here's the discussion of the bug at mozilla.org