Tuesday, June 29, 2010

A Bunch of Bankers

Security of your financial data when using online banking is extremely important. This is why JP Morgan Chase bank is limiting access to its website to only those browsers which meet their rigourously high security standards. From July 18, 2010 if you use the wrong (insecure) browser you may not be able to access their site.

Why are some browsers not supported?
There are two primary reasons—security and popularity. There are dozens of browsers in use today, but not all offer the minimum levels of security that we require while others may not perform well with our site. The security of your accounts and private information is one of our highest priorities and some browsers, especially older versions, are simply higher security risks to use with our site.

As for popularity, we continually monitor the types of browsers that customers use to access our site. Based on that information, we know that supported browsers are used by more than 95% of our customers. If a new browser begins to grow in popularity, we will assess and test its security and performance with our site to determine whether or not we should support its use.

Why do I get a “Page Not Found” error now when I go to your site?
You may be using an outdated browser that we don't support. There are dozens of browsers in use today, but not all offer the minimum levels of security that we require while others may not perform well with our site. We strongly recommend that you upgrade your existing browser to one that we support. We strongly recommend that you upgrade your existing browser to one that we support.

So if a browser is blocked from their site, how will they be able to tell it has increased in popularity? And while some browser statistics (a notoriously arcane and inaccurate art) indicate some browsers have a lower percentage of users, on the internet that can still be millions of people, and thousands for any particular popular site. It's like a business excluding customers because they are wearing the wrong colour shirt. The only effect is to reduce clientele and damage the business's bottom line.

So, which particularly secure, popular browsers are the select few to meet the high standards of the Chase bank? Safari 3 or higher, Firefox 2 or higher, and Internet Explorer 6 or higher.

Internet Explorer 6? Perhaps the worst browser ever and the oldest, least compliant, browser still in use? A browser full of security holes? A browser even Microsoft doesn't want you to use?

There are also issues of accessibility since disabled users require specific browsers that have such low usage they don't even appear on the statistics, and mobile access (it seems no mobile users access JPMorgan Chase).

EoR feels that the JPMorgan Chase bank may, like so many before them, suffer the Streisand Effect (and many, many more sites).

This is not an approach taken by other banks. EoR's bank is quite happy to work with a browser considered 'insecure' by JPMorgan Chase. Another, PNC Bank, states:

PNC uses Extended Validation Secure Socket Layer Certificates (EV SSL) which works with high security browsers (Internet Explorer 7, Firefox 3.0, Opera 9.0, Safari 3.2, and their next generation browser versions, as well as Flock, Google Chrome and iPhone), to help you recognize when you are at the legitimate PNC site and not a "spoofed" site.

Oh, look! They're all those browsers JPMorgan Chase don't want to know about.


  1. I once had a friend who fancied himself a web designer - he deliberately coded all of his pages to bring up a smug error message if the user was on Internet Explorer, telling them to use Firefox instead. Unsurprisingly this lack of professionalism did not help his sites to become popular and most of them are no longer registered.

    I am unable to do my banking with ANZ unless I swap to Firefox, because Opera is unsupported. In fact, every other browser besides IE, Safari and Firefox will give you an error message. Why? If it's a lack of time to make the page work in every browser, then why support IE6 - an engine so terrible it fails almost every web compliance test? Surely that would require more work on the bank's end than, for example, developing a page that works in all browsers that pass acid2.

    Ultimately, though, it's pointless to argue about it since the majority of users WILL be using one of the three major browsers and those who do not are, for the most part, able to switch to one of the supported browsers for a few minutes to do their banking. It's inconvenient and outrageously poor customer service, but it will never change because the banks - these companies responsible for the safekeeping of billions of dollars - are unable or unwilling to do anything about it.

    Anyway, I didn't meean to rant about banks for so long! I actually had a question: I came to your site through 'Thinking is Real', which I discovered a few weeks ago when looking up info on the Dingle case. Now it seems that Thinking is Real has been made private and requires a login. Since you have it on your blogroll, I was wondering if you knew anything about why it has been closed, or had some way of contacting the author? I'd really like to continue reading if it's still being updated.

  2. Thinking is Real is offline indefinitely.

  3. Chrome is rising fast in popularity (and some stats give it a 14% market share, while Firefox is stagnant, so stating a browser is one of the 'big ones' is not an appropriate argument for a bank or other corporation (not so long ago, Netscape Navigator 3 was the big one). Of course, in the wired world, if a company won't let you in, you're only one click away from the next company... This is something that the large corporations seem unable to comprehend, and it's why large corporations are struggling so badly on the internet.

    There's also Acid 3 which Safari, Chrome, Opera all pass, while Firefox and Internet Explorer fail.

    If you mask your browser user agent to bypass the 'gatekeeper' on these sites they usually work perfectly well.

  4. And it also appears that JPMorgan Chase Bank isn't aware that it's the largest shareholder in, um, Opera Software.

    Foot, meet gun.

  5. Andy, come back! We miss you!
    (It's good to have you back after the 2 years off EoR)

  6. Back semi-ontopic, I use an Oracle Database support site that does not work with IE8, which I am semi-pleased with, even though I have to separately open Firefox to get to it. IE at work, anything else at home is my rule.


Note: only a member of this blog may post a comment.