A security notice posted to Slashdot this weekend has grabbed our attention, as it appears that JP Morgan Chase is taking banking security to new heights. According to an advisory from the banking giant, users of the Opera and Chrome web browsers might be blocked from Chase.com on or after July 18, 2010.
“Clearly this is a disappointing situation. Not only will they exclude our desktop users in the U.S., they will also exclude Nintendo users and many AT&T users from accessing their site,” said Thomas Ford, the Senior Communications Manager at Opera, who responded to us earlier this afternoon.
Ford added that AT&T users are a consideration not only because of Opera Mini on the iPhone, but because Opera is also the backbone for ATT.net.
“This is why we support Web standards and a standards-driven, rather than market share driven approach to Web development. By crafting with Web standards first, then tweaking design and functionality for non-standards compliant browsers, sites support the vast majority of the browsers in use today and most devices used to access the Web.”
JP Morgan Chase responded as well, however their response was a quick and short “we’ll decline comment.”
An interesting business note in all of this is that JP Morgan Chase owns 17,000,000 shares of Opera stock, 14.22-percent of the top 20 [link].
Given that Chase has a vested interest in seeing Opera grow, the decision to block access to software that they themselves have invested in remains a mystery.
We’ve asked Google for comment. They have not responded as of yet.
The announcement is located in the supported browser FAQ on Chase.com [link]. In it, Chase explains that more than 95 percent of its customers use at least one of the supported browsers listed. Chase says that supported versions include Internet Explorer 6 or higher, Firefox 2.x or higher, and Safari 3.0 or higher on Macintosh systems only.
The interesting detail taken from the FAQ isn’t the old browser versions supported by Chase but rather the note that reads: “After July 18, 2010, you may not be able to access our website with a browser we do not support.”
“There are two primary reasons - security and popularity,” Chase’s FAQ explains. “There are dozens of browsers in use today, but not all offer the minimum levels of security that we require while others may not perform well with our site.”
“As for popularity, we continually monitor the types of browsers that customers use to access our site,” it adds. “Based on that information, we know that supported browsers are used by more than 95% of our customers.”
Another section deals with 'page not found' errors, and is addressed with a warning that such errors occur if the customer is “using an outdated browser that we don't support.”
“We strongly recommend that you upgrade your existing browser to one that we support,” Chase notes.
The Chase FAQ openly supports Internet Explorer 6 and Firefox 2.x, noteworthy because Microsoft and Mozilla actively urge consumers to update to the latest versions of their respective software.
While in the Enterprise, it isn’t all that uncommon to see Internet Explorer 6. For the home user, Microsoft consistently pushes the move to Internet Explorer 8, and soon Internet Explorer 9.
Mozilla, for its part, would much rather see users on the 3.6 branch of the popular Firefox browser, but even 3.5 is better than the 2.x branch when it comes to security and stability.
When it comes to the competition, Chase seems to lag where browser support for customers is concerned. PNC Bank tells customers about the use of EV SSL as part of its layered approach to security, and recommends that Internet Explorer 7, Firefox 3.x, Opera 9.0 or Safari 3.2, as well as Flock, iPhone (Safari), and Chrome, be used to access online banking [link]. In addition, PNC notes that if a customer’s browser isn’t up to snuff when it comes to security, the banking application will warn them.
Bank of America, while missing a listing for Opera, encourages that customers use Chrome, as well as Internet Explorer 7 or better, and Firefox 3.x or higher. When it comes to OS X, Mac users are encouraged to use Safari 3.0 or higher, in addition to the same versions of Firefox and Chrome that Windows users can deploy [link].
Moreover, Bank of America has a browser check on its Help page that, while it isn’t listed as a recommended browser, shows Opera 10 as a functional option for online banking.
Regarding the option to block, it’s clear that Chase has left Opera and Chrome off the list of recommended browsers largely due to its customer base. What Chase is aiming for is a stronger consumer experience for the majority of clients doing business online.
To be fair, Chrome and Opera work as of now on Chase.com, but the cut-off date raises questions about forcing a customer’s hand when it comes to online banking. Should Chase opt to deny access to online banking for customers who use Chrome or Opera? Is that fair to them? Is it even a viable security solution?
Leave a comment and share your thoughts.
We’ve reached out to JP Morgan Chase to ask about the security FAQ. We focused on any studies or internal data, other than what is mentioned in the supported browsers document, which would lead Chase to block two popular browsing platforms. In addition, we addressed the suggestion to use Firefox 2.x as well as Internet Explorer 6.
Moreover, aside from contacting Chase, we have also reached out to Google and Opera for their reactions. When one or both of them respond, we’ll update this report accordingly.