Home

An open letter to NatWest bank

Wed, 28/05/2008 - 6:27pm — tumbleweed

Subject: Strict Browser restrictions

Hi, I’m a customer of yours, and a GNU/Linux user who gets frequently frustrated by your browser detection.

Basically, the problem is that very few web browsers have been certified with your website. Now, I have no real issue with that, nobody has enough time to try every web browser in the world, and adjust their websites to fit around every browser’s bugs. But that doesn’t mean it’s acceptable to reject your users with a message like “The Internet browser you are using is not supported by online banking. Use the link below to see the complete list of browsers we support.”

Firstly, the browsers I use are listed as being supported on your list [1]:

  • On this laptop, I use a Firefox 3.0 beta. Firefox 3.0 is listed is being supported, and it works (if I tweak it to identify it as Firefox 2.0, then I can use the site just fine).
  • On my desktops, I use Iceweasel 2.x. Iceweasel is Firefox with a different name, to get around trademark issues. Ask your Linux-techies, they should know about it. Again, it works as expected.

Secondly, [1] states: “Netscape, Mozilla and Firefox users with other operating systems such as Linux may also be able to access the service.” How are we supposed to access the service if you deny us access?

More generally, locking out unknown browsers goes completely against your policy of Accessibility [2]. While the WAI [3] doesn’t specifically recommend against turning away unknown browsers, I think you’ll find that’s because the authors didn’t even dream of considering such a thing. The entire point of WAI, is to make your site as portable as possible, and to work for everyone with a far wider variety of user agents than you could ever test with.

I don’t know how you can call yourself WAI-compliant and reject un-“certified” browsers. Your webmasters should hang their heads in shame.

Now, I don’t intend to rant any more than that, because that’s the only problem I have with your site (and your service). Beyond this little niggle (which stops me being able to bank, without configuring my browser to lie) I’m very impressed with your services.

Please sort this out, it’ll turn me back into a happy customer.

SR

PS: I’d have sent this by e-mail, where I’d, but you don’t provide any e-mail contact details on your site. PPS: Only providing a small feedback form doesn’t help users give you real feedback, it just intimidates and irritates them.

1: http://www.natwest.com/personal/day-to-day/online-banking/g1/faqs.ashx
2: http://www.natwest.com/popup/global/access.ashx
3: http://www.w3.org/TR/WAI-WEBCONTENT/


Stefano Rivera
http://rivera.za.net/
H: +27 21 794 7937 C: +27 72 419 8559

Now, that was rather harsh to them, but this has been irritating me for ages. Then, when I did decide to do something about it, I was rather worked up, and ranted.

I got a call back from NatWest this morning, and was basically told that they aren’t going to change anything. I can understand their position, but I don’t that they were seeing mine. (Oh, and I think they are wrong.)

The reasons I was given for this non-approved lockout are:

  1. Support. But of course, if your web site is decent, then you shouldn’t have any support issues. (OK, that’s rather utopic, but the kind of people who use alternative browsers will be OK in such situations).
  2. Security. Apparently Opera caches previously visited pages as they were. Clicking back doesn’t revalidate with the server, and so someone who’s logged out of their Internet banking and gone on to google still has their private data visible in the history. Anyone coming up to their computer can go back to it.

Now, I don’t think point 2 is NatWest’s problem. If Opera doesn’t support revalidation, then Opera must fix it. If Opera do, and NatWest doesn’t send the correct Pragma headers, then it’s NatWest’s problem.

But still, that doesn’t mean you lock-out untested browers, dammit. Especially if you call yourself WAI-compliant.

I’d love to see some feedback from a WAI board member on this type of issue. I don’t think the WAI specs address it.

Oh, and everyone, please stand up for your right to browse the web however you see fit. If more people did so, these kind of issues would crop up less often.

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Mon, 02/06/2008 - 9:59pm — NatwestIceweaselUser (not verified)

same

I sent them the same sort of email. As I recall mine had a few more fucks and bastards in and I felt guilty after sending it…. stupid fuckers making me feel guilty just because they’re a set of bastards.

Ahhh I ended up here because I cant remember how to get to the iceweasel settings ‘about:something’ so I can get into natwest, but now Ive been distracted again.

Tue, 03/06/2008 - 6:17pm — tumbleweed

re: same

You want the user agent switcher. I use the following agent:

Firefox
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.1) Gecko/20061205 Firefox/2.0.0.1 (Debian-2.0.0.1+dfsg-2)
Netscape
5.0 (X11; en-US)
Linux x86_64
Fri, 20/06/2008 - 4:54pm — tumbleweed

Firefox 3.0 now supported

I’m glad that Firefox 3.0 has been supported in time for its release.

I did some more testing, with browsers where possible and User-Agent manipulation in Iceweasel where not.

  • All tested text-mode browsers are still blocked:
  • All the following Gecko browsers aren’t permitted: Iceweasel, Iceape, Epiphany, Camino, Flock, Netscape 9.0, SeaMonkey
  • All the following KHTML browsers aren’t permitted: iCab, OmniWeb
  • Galeon is permitted, as it identifies itself as a Firefox variant.
  • Maxthon is permitted, as it identifies itself as an Internet Explorer variant.
  • Konquerer isn’t permitted, but at least it supports masquerading by site out of the box.
  • Internet Explorer 8 isn’t permitted.
Mon, 12/01/2009 - 3:14pm — Anonymous (not verified)

I can't access Natwest from Malaysia

I am also a bit fed up of not being able to access Natwest from Malaysia now...I don't know what's wrong...Out of maybe 10 times, I only manage to get access maybe 2 times... Can somebody tell me what's wrong??? I used Internet Explorer, Google Chrome and Safari......zzzzz

Fri, 30/01/2009 - 4:21pm — Anonymous (not verified)

Cannot access NatWest from Malaysia

Same problem - what's going on?

Mon, 12/01/2009 - 3:18pm — Anonymous (not verified)

From

From http://www.natwest.com/popup/global/access.ashx

What the hell are these?

Keyboard shortcuts

PCs:

Microsoft Internet Explorer - press 'Alt' and the access key letter, then press enter
Mozilla/Netscape - press 'Alt' and the access key letter at the same time
Macs:

Mozilla/Netscape - hold down 'Control' key and then press the access key letter
Access key letter Action
H Load home page
A Load accessibility page
N Skip to the main navigation of a page
S Skip to the main content of a page

Sat, 31/01/2009 - 11:48am — tumbleweed

What the hell

What the hell are these?

Keyboard shortcuts, exactly that. Hotkeys that’ll link to specific pages. They aren’t the same in every browser (as explained). Having accessibility shortcuts isn’t the only thing one needs for true accessibility, but it’s good to have on any site.

Thu, 19/02/2009 - 9:22am — Anonymous (not verified)

I've not been able to access

I've not been able to access natwest.com or nwolb.com from California for the past few days and that sucks because I'm going to get a late fee for not paying my credit card on time! What's going on?

Thu, 19/02/2009 - 12:01pm — tumbleweed

Works for me

Not a clue. Traceroute / check with your ISP.

Mon, 20/04/2009 - 4:41am — Marc (not verified)

Chrome blocked now?!

Argh! For some reason they've decided to ban Google Chrome all of a sudden, it appears. I could login and bank without problems, just like on Firefox, but now they've screwed it up and shoved that horrible message in my face, the bastards. Which is strange, because it's essentially just a few tweaks to WebKit as many people know, which is at the heart of Safari, and loosely left tangled in the old KHTML legacy from Konqueror. They must've changed something in their crappy detection procedure. I wish they'd just check that the SSL works and leave the rest up to the bloody user! They already say that they're not liable for security holes on your PC if you don't keep it clean... Although they're trying to push people into downloading some browser toolbar that "provides an extra layer of authentication"... Hmm. Chrome, Firefox and Opera 9 already come with EV certificate validation, so no thanks.

Tue, 02/06/2009 - 4:37pm — Wu (not verified)

Chrome blocked - only v2

To Marc:
I don't think they changed something. It stopped working after installing Chrome v2.
I installed it on one pc and not on another and the one with older version could still log in no probs.

So it's just the lazy Natwest IT "professionals" that didn't think new version was just as good.

IT people are the laziest kind (I should know - I'm one myself)

Sun, 05/07/2009 - 11:41pm — brian_p (not verified)

Being rational gets you nowhere

A polite and well reasoned email. Succinctly argued and to the point. It will get you nowhere (my endeavours haven't as yet!).

RBS has too much invested in promoting the idea that banking security depends on what the user does and trying to be seen as an institution which protects the user from themselves. Does it matter what browser is used? It can never impact on the security of the site, assuming RBS have their webserver suitably configured. But in today's world, who questions the logic and assertions of web developers. One wonders whether they have replaced politicians as people to trust.

To be totally accurate: RBS does not support browsers; it supports bowser strings.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.