Closed Bug 66911 Opened 24 years ago Closed 21 years ago

nwolb.com - Natwest blocking NS6/Moz

Categories

(Tech Evangelism Graveyard :: English Other, defect, P1)

Product:
Tech Evangelism Graveyard
Component:
English Other
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
Future

People

(Reporter: matthew.booth, Unassigned)

References

(
URL
)

Details

(Keywords: ecommerce, Whiteboard: [BANKING] [DENY])

This page is just plain hosed. Unfortunately it's also my bank :( It appears to load and start to display a layer, but then everything goes tits up and I end up with a blank page. Their HTML is probably terrible.
*** Bug 66912 has been marked as a duplicate of this bug. ***
Assignee: asa → evangelism
Status: UNCONFIRMED → NEW
Component: Browser-General → Evangelism
Ever confirmed: true
OS: Linux → All
QA Contact: doronr → zach
Hardware: PC → All
Looked at the code. At the beginning, they have: var vNS = (document.layers)?true:false; and after that a lot of logic like: if (vNS) { // do something } else { // do something IE-specific (document.all, event stuff, etc) } The JS console reports that document.all has no properties, naturally. Reassigning to Evangelism so that the site owners will be contacted and asked to fix their broken code.
Please take a look at bug 65944 for additional comments
Reassigning evangelism bugs to bclary@netscape.com.
Assignee: evangelism → bclary
Whiteboard: [BANKING][PROPRIETARY-DOM]
Priority: -- → P1
Summary: DHTML issue (I think) → natwest.com - DHTML issue (I think)
tested 7/6/01. Received an alert box that they are testing with Netscape 6 (even though I used a Mozilla Trunk build 2001-07-02-04/win2k!). They redirected me to http://www.natwest.com/frontpage/dhtml/index.htm (FrontPage!) There are significant issues with the page: many elements that display in IE 5.5 do not display in Mozilla. Since this is a UK bank, reassinging to the Intl team.
Assignee: bclary → nitot
QA Contact: zach → momoi
I have been accepted as a tester of their new website (part of some "feedback" team I think). They'll get feedback for sure. Gently, politely, of course. They've had my custom for nineteen years so... Nightly builds are my meat and potatoes.
Javascript error now on their testing site https://www.nwolb.co.uk/customerfocus Comes up with "applet.set is not a function" in line 77 of https://www.nwolb.co.uk/netdata-cgi/db2www/throttle_macros/logon/newpreplog.d2w/main?Net46UpOnMac=false Oddly enough, Konqueror also has the same error. Surely they're not using proprietary Javascript? They couldn't be, could they? I've tried hacking the frames a bit, but it keeps coming up with this "applet has no properties" Javascript error. For your amusement, they've just sent out a text questionnaire to the customer focus group. It was sent as an email attachment in Word97 format.
Component: Evangelism → European
Product: Browser → Tech Evangelism
Version: other → unspecified
Good news. Their new "customerfocus" site WORKS in nightly builds. It was changed in the last day or so.
visited site, got a popup saying they are currently testing ns6, and their dhtml is working fine (somewhat slow, but that is us)
doran: same here. We'll keep open till the site works properly in Mozilla (this requires more thorough testing). I'll file a bug on the slow menus, and someone can profile it, duping if neccessary.
Moving to new component "West Europe". European component is being removed. See bug 95808 for details.
Component: European → West Europe
QA Contact: momoi → caillon
If you bookmarked http://www.nwolb.com/secure/ this site worked until yesterday now it doesn't anymore, it now returns... Service Denied: Reason: Unsupported Browser We are going backwards here!!!!
*** Bug 103093 has been marked as a duplicate of this bug. ***
Updating summary to incorporate another of their domains and reflecting that this is now a DENY bug. Upping to critical status. Arun/Nitot: can one of you get in contact with them?
Severity: normal → critical
Summary: natwest.com - DHTML issue (I think) → natwest.com - nwolb.com - Blocking NS6/Moz, DHTML issues
Whiteboard: [BANKING][PROPRIETARY-DOM] → [BANKING][PROPRIETARY-DOM][DENY]
Bug 103093 contains current contact info. Tristan, please talk to them.
Your contact is Geoff Passmore. Telephone: 020 7920 5575 from the UK, +44 20 7920 5575 outside Email: geoff.passmore@natwest.com Sounds like he really wants to help, and seems to know what's happening. He knows the Mozilla developers are concerned about this change in the bank's policy.
The Register has picked up this story: http://www.theregister.co.uk/content/6/22048.html
https://www.nwolb.com is the denier. cc: bc so he is aware of the situation
Summary: natwest.com - nwolb.com - Blocking NS6/Moz, DHTML issues → natwest.com[popup] - nwolb.com[deny] - Blocking NS6/Moz, DHTML issues
Status: NEW → ASSIGNED
It's now too late to call them (8:30 PM in Paris, and we are friday). I have left a voice mail to Geoff Passmore and will send him an e-mail message tonight. I'll try again to contact them monday first thing in the morning to find a solution. However, it appears it is not a problem with HTML/JavaScript, but rather something dealing with security, (according to the Register) because Communicator 4.76 and later versions are not supported either. John, Christopher, Doron, please let me know if you get in touch with the bank of the bank calls you. (nitot@netscape.com or AIM : nitot)
NatWest has responded to the register article: http://www.theregister.co.uk/content/6/22069.html
Called Geoff Passmore this morning. He mentionned that they have issued an answer to The Register article. I quote him : "The problem is on our side and has nothing to do with Netscape Software". Until recently, their policy was to "certify" software byt testing it extensively, but their Terms and Conditions document stated that the user could still use non-certified software but could not complain if there was a problem with it. Under Security manager's pressure, this policy has changed, and only certified browser access is allowed. They plan to certify newer versions, but it is going to take some time, due to scarce resources. I asked to have Netscape 6.1 tested in priority. Geoff and I will keep in touch to inform each other of the situation if it evolves.
Netscape 6.1 means Mozilla version 0.9.2. Can we push for both Mozilla/Netscape 6.1 or later, i.e. Gecko-based browser, rv 0.9.2 or later? So if they are unblocking Netscape 6.1, then they should unblock any 0.9.2 Gecko-based browsers. They are the same browsers.
Kat, I agree with you, but the bank seems to test/certify every version they receive. Even though 4.76, 4.77 and 4.78 are more tested and include security patches, but are otherwise extremely similar, they do not consider that they should be automatically certified.
I think the real evang issue is going to be to get them to allow each Mozilla build. This bug is in Bugzilla not Bugscape and needs to work in Moz for it to be marked fixed. What we really need to do is find a way to convince them to change that security policy...
Got e-mail message from NatWest : Geoff.Passmore@natwest.com wrote: Tristian, Thanks for your email and phone call. We were aware of The Register's article and we have responded appropriately. Subsequently The Register have posted a response article. I believe a colleague of yours first registered his concern of the action taken by us last week in blocking Browsers which we had not fully tested against our service. NWOLB has been designed to the standard supported by the majority of Internet Service Providers in the UK. This standard recommends the use of particular browsers to ensure consistency of security and the user experience. These are the browsers we support. Due to different features offered through other browsers they are not included within this standard. We are not saying that there is any security problem with your Browsers, but you will appreciate that until we have fully tested our application against a Browser then we are unable to guarantee consistency of security. The incompatibility of Netscape Navigator 4.76/4.77 with NWOLB has only recently come to light. We no longer support these browser versions because we cannot currently confirm full compatibility with our new service recently launched. We apologise for any problems this has caused. The exclusion of Version 6 Netscape Navigator browsers is mentioned on NatWest.com prior to signing up to NWOLB. To reflect this we have now blocked access to NWOLB through Netscape Navigator 6.0/6.01/6.1. However you can still access NWOLB through Netscape Navigator/Communicator (4.0 to 4.75). We are currently looking at the issues surrounding Netscape Navigator 4.76 and 4.77, however in the meantime we are suggesting that customers use alternate browsers. Regards Geoff
When I called their customer services department (about a problem accessing the site with IE6), they actually said IE6 was officially not supported, but they let it in anyway (this was about two weeks ago). When I said I couldn't access it using Nav6, they said they didn't know anything about it, and then I moaned I couldn't even use Opera with it. "What's Opera" was the reply :(. Anyway, the idea that any organisation is going to certify any *Mozilla* build for use on it's website is optimistic in the extreme; most organisations can barely bother to mention Netscape 6 let alone figure out what Mozilla is and where it comes from. Besides, even if they did certify Moz0.9.2, it wouldn't help those with 0.9.3 or above, and they probably won't want to think about non Windows platforms either. The fact that Natwest requires Java applets client-side and the numerous problems getting Java to work in moz builds on various platforms, we could very well be pretty much doomed here. </rant>
Does that email mean they are *not* investigating compatibility with NS6/6.01/6.1 and Mozilla? Is there a written copy of the "standard supported by the majority of the ISPs in the UK"? Aren't the RFCs and Javascript standards sufficient? The point is: the site IS "compatible" with Mozilla and, therefore, the appropriate internationall-ratified standards -- that's what I was using very happily, as reported to the Bank's Customer Focus Group of which I was a member, until the cut-off policy. Their security team needs to learn how Mozilla is built. And there are probably enough NatWest customers who are also Mozilla bug reporters (like me), or even Mozilla programmers, to make a difference if we all say the same thing. Front end is Microsoft IIS-5.0 by the way.
Received an e-mail from James Nichol <Nichojn@rbos.co.uk> Royal Bank of Scotland Group, Internet Core Systems, Retail E-Commerce Programme, IT Development & Operations Group Technology. James wanted to know if they could join a beta program to be able to test Netscape browser versions before they are releaed. I pointed him to Mozilla milestones releases explaining that they should test this for certification. Also mentionned this article http://devedge.netscape.com/evangelism/docs/articles/find-gecko/ to make sure they sniff both Netscape and Mozilla versions properly.
No visible movement on this issue after six weeks. As a customer, I was just checking again this morning.
In the letter from Comment #25, there is reference to a standard that "recommends the use of particular browsers to ensure consistency of security and the user experience." Where is this standard? And what browsers are on it?
I have asked precisely this question, and have received no direct answer.
asked again James Nichol <Nichojn@rbos.co.uk> what were the next steps. Waiting for his answer.
target Milestone : december.
Target Milestone: --- → Dec
January 8th 2002 -- still denying access. Browser testing programme has been going on for months. Should I calmly, as a customer, put my case again to their contact man, or is someone else still in contact with them? This is very annoying behaviour by my bank, particularly as their system worked perfectly on Mozilla until their consultants decided they didn't understand Mozilla.
Replacing Mozilla's usual User-Agent string with: Mozilla/4.76 (X11; U; Linux 2.4.18-pre7 i686) ...causes the site to work normally, just as it would in NN4.77 (actually, slightly better) So, NatWest Bank, how about doing some testing so I can put my User-Agent string back to normal? Actually, I've established a new profile just for the Banking operation, alone.
called them today. they say that they allow up to 4.78 , but are still testing => 6 . I managed to get passed on to a supervisor, who had "contacts" in the building that the web dev team are in, and thus will try to get them to call me back to resolve this. Something in the region of 10% of calls they are getting in are about ncsp/moz deny issues. (according to this guy)
from my investigations natwest.com is behaving properly in mozilla now (build id: 2002020803) and the dhtml behaves. I have created a new bug for it, however, in case they arise again. see bug 124437 for more.
URL: http://www.natwest.com/http://www.nwolb.com/
Summary: natwest.com[popup] - nwolb.com[deny] - Blocking NS6/Moz, DHTML issues → nwolb.com[deny] - Blocking NS6/Moz
Whiteboard: [BANKING][PROPRIETARY-DOM][DENY] → [BANKING] [DENY]
Blocks: 65944
Blocks: 124594
I originally submitted this. I have also changed bank. I hope they read this.
*** Bug 131192 has been marked as a duplicate of this bug. ***
3rd April 2002. Six months ago, the bank started to test Mozilla/NS6 (they say) when they started denying access to this browser. The bank still refuses connection from Mozilla. It works perfectly when Mozilla disguises itself as Netscape 4.78. This has been going on since 3rd October last year. Could someone see, please, why it takes them six months to check a browser? I'm happily using this service on Mozilla nightlies by using a separate profile in which the useragent string is set to NS4.78, but I'd like to use it without trouble. How can anyone expect Mozilla/NS6 to be accepted when one of the four major banks in the UK won't allow its use? There's probably some European law about this...
after some useragent cloaking, I tested the new NWB online stuff, and it's very horked. predominately layers problems, plus javascript executing all by itself. alot of work for the site team, so we're going to need to find a way to help these people along. I'll give them a call again sometime this week to see if we can [re]establish a contact. moving milestone to something reasonable - jul, milestone for getting a: contact, b: "schedule for works"
Target Milestone: Dec → Jul
If you can get a contact, tell them we (Netscape) are more than willing to help them. Ask them how many of their users use AOL :)
After leaving a message on natwest.com saying I was leaving NatWest due to their policy on blocking all untested browers I was informed that other browsers have not been tested because www.nwolb.com is in the process of being re-written. But I'm still switching bank because of their insistence to test every possible browser version, and denying everything else.
I complained again in email regarding this, and have received this response from "~ NWOL Customer Relations <NWOL.CustomerRelations@natwest.com>" today: Dear Mr Green NATWEST ONLINE BANKING I am writing in response to your recent communication regarding NatWest OnLine Banking. At the outset NatWest OnLine technicians were fully aware of the existing variety of industry-supplied browsers, wide range of Internet Service Providers and array of operating systems available in the public domain. As full technical support could not be given to this plethora of options, the decision was taken to sustain the most commonly used products. We have made recent changes to the service and I can confirm that this is part of a much larger process within NatWest. Once all these updates are in place we shall be able to adopt a more innovative approach to banking products and services. In the meantime, a consequence is that we are unable to extend the list of browsers that we support. In conclusion, I can confirm that there are no plans at present to support Gecko based browsers although the comments that you have made have been taken forward and will form part of our discussions for future updates to the service. I would like to assure you that we are committed to providing a first class Internet banking service and will extend the list as soon as we are able. Yours sincerely Mina Peacock Customer Relations Suggest adding keyword, "no-hope"...
Meanwhile, disguising Mozilla as NS4.76 continues to work just fine. I'm a NatWest customer, and have been for 20 years, and am on their panel of testers. I'm still annoyed!! Even Konqueror, when disguised, works!
perhaps you could get them to unblock us? I tried gettng a contact but have failed so far.
*** Bug 204726 has been marked as a duplicate of this bug. ***
No longer blocks: 65944
*** Bug 65944 has been marked as a duplicate of this bug. ***
ccing in from 65944. About time to make more noise. They have had a makeovewr and state: You may have noticed the great changes to our NatWest website, and we've changed the look of NatWest OnLine Banking too. The background colour of NatWest OnLine Banking has changed to reflect the other exciting improvements being carried out with the re-branding programme across NatWest. If they employed someone for a couple of days to change the background colour in the style sheets, surely they could get someone to remove the browser blocking code, as the site actually works when you go to the bother of UA spoofing.
They've lost another customer. Closed my accounts today, putting browser blocking, and the fact they've lied for years about 'testing' and eventual support, as my main reason. All used to work fine before the .asp stuff started appearing... Cheers, Ian
It is stupid not to CC people from the dup!
Summary: nwolb.com[deny] - Blocking NS6/Moz → nwolb.com - Blocking NS6/Moz
Just to note: HSBC online banking works perfectly with mozilla (and Firebird, of course) - no UA changes needed.
New Component
Component: Europe: West → English Other
en other default owner
Assignee: nitot → english-other
Status: ASSIGNED → NEW
QA Contact: z-caillon-obsolete2 → english-other
Target Milestone: Jul → ---
May I suggest we add "Natwest" to the summary?
> May I suggest we add "Natwest" to the summary? Added.
Summary: nwolb.com - Blocking NS6/Moz → nwolb.com - Natwest blocking NS6/Moz
Just a quick note - it's fast approching the three year anniversary of this bug and there is still no improvement from NatWest. I just tried to sign on for their online banking services. The following browsers are required: Operating System Browser PC Users Microsoft® Windows Microsoft® Internet Explorer 95/98/ME/NT4/2000 or XP version 4.01 - 6 inclusive or Netscape™ Navigator™ version 4.08 - 4.78 inclusive MAC Users OS 8.1 or above Microsoft® Internet Explorer version 4.01 - 5.2 inclusive or Netscape™ Navigator™ version 4.08 - 4.78 inclusive Does anyone have any idea how to best go about continuing to put pressure on NatWest to change this awful situation?
I've actually been considering leaving NatWest for a while, does anyone feel there would be any point in me threatening to close my account unless something is done? I wouldn't mind carrying out my threat at all, or kicking up an incredible fuss as I go.
I did close my account, and when asked for the reasons I asked them to make special emphasis on the web site's incompatiblity with anything other than IE and specifically asked them to see if that reason could get through to the web development team. And...well, nothing. It's still incompatible, and the site doesn't seem to have changed one iota. It's not just Mozilla I need letting in either - they don't allow Safari in either, so the default browser bundled with all Macs has been locked out. Clueless doesn't begin to describe them. After that last 'upgrade', I discovered that suddenly it was no longer possible to see my business card transations online. I asked what they were going to do about that, and they said "nothing". Leave 'em. I did. Cheers, Ian
Checking with MozFB 0.7 on SUSE Linux 9.0 . . . [quote] Service Denied: Reason: Browser does not support SSL The internet browser you are using does not meet our security requirements for accessing NatWest OnLine Banking. Please use one of the following browsers: * Internet Explorer Version 4 or above * Netscape Navigator 4 or above The most up to date versions of these browsers can be obtained from http://www.microsoft.com or http://www.netscape.com [/quote] Absolutely beyond redemption . . . !
*** Bug 232146 has been marked as a duplicate of this bug. ***
Still no access in Firebird. Has ANYBODY managed to get someone at NatWest to listen to our concerns?
(In reply to comment #62) > Still no access in Firebird. > > Has ANYBODY managed to get someone at NatWest to listen to our concerns? Why do you think they will even add support for 'Firebird' if they are not going to do a single step forward for mozilla? Remember this, 'Firebird' is NOTHING without 'mozilla' in front of it. .
? I just want them to unblock all but their "select" list of "certified" browsers so that those of us using Mozilla (or Firebird) don't have to hide our browser's identity just to get some work done.
It wouldn't be quite so bad if hiding our browser's identity wasn't an all-or-nothing things. I have to hide to identity for _everything_ so I don't show up in anyone's statistics as a Mozilla user -- and I can't use Java either. Actually, since I need to use Java for a _different_ online banking system, I've taken to using Konqueror for Nat West -- that allows me to fake my browser ident only for nwolb.com without breaking anything else.
Since they have not been responsive to evangelism, there is not much we can do by simply contacting them and asking them to support Mozilla, Mozilla Firebird or any other Gecko-based browser unless each and every one of you complain and complain and complain *to them* and/or take your business elsewhere and tell them why. One other tactic that may get more traction is to send in information on this to the Register and other tech publications and see if you can raise the negative publicity for them. Making customers use insecure, broken browsers which are succeptible to URL spoofing exploits is a sign of a company I wouldn't want to do business with.
Target Milestone: --- → Future
It looks like there might be movement on Natwest's part. A Royal Bank of Scotland representative posted in the RBS bug <http://bugzilla.mozilla.org/show_bug.cgi?id=119134#c21>: My name is Stuart and I work for the Royal Bank of Scotland Group. We just wanted to confirm that we have recently completed testing of Mozilla and Netscape 6/7 on Digital Banking and are planning to implement support for these browsers during March. This change will also be made to NatWest OnLine Banking which uses the same underlying system. Too late for me, as I've already moved to Nationwide, but it's good for people who stuck with them.
Yee-Ha! I will report back next week if they unblocked Mozilla.
*grumble* Same old "Service Denied" page with the default UA.
Is this fixed yet? Bug 119134 (for rbsdigital.com) is now fixed, and based on bug 119134 comment #21, the implication is that this one should be fixed as well.
(In reply to comment #70) > Is this fixed yet? In short, no.
Keywords: ecommerce
(In reply to comment #70) > Is this fixed yet? Longer answer would appear to be - not quite yet, a reply from customer support March 26th 2004, says they will 'very shortly be implementing some changes to the ways in which customers can access the service' including support for Moz1.5+ and NS 4.08 to 7.1.
Hi As posted previously our intention was to expand the number of browsers supported by The Royal Bank of Scotland and NatWest internet banking services during March. I am happy to inform you that the RBS update took place on 24 March and the NatWest update took place early this morning. We hope that our customers will enjoy using our services with Mozilla. For information, our list of supported browsers is now: Internet Explorer 4.01 and above Netscape 4.08 - 7.1 Mozilla 1.5 and above AOL for Windows Should you experience any issues we would be grateful of you could post them here or contact us directly via our websites. Regards Stuart.
I can confirm I'm able to log in today using Mozilla 1.4.2. It's over 3 years since I originally reported this, and while I've kept my account open for the sake of convenience, I now use the Halifax. While we should appreciate the fact that they moved at all, please don't lose sight of the fact that they took 3 years to listen to their customers. 3 years to change something which worked already (if you faked your user-agent string) if only they chose not to block it. I'd also like to thank to Natwest for being my bank through my unprofitable student days, before losing my business just as I got a real salary.
Ah c'mon, that's being rather harsh isn't it? You don't know if the people working on it now are the same people you originally reported things to. It's also hardly likely to encourage people to work for Mozilla compatibility if they get treatment like that at the end of it, is it? Plus if you read the details of the RBS bug, the problem was more than just Javascript compliance, it was in the HTTP headers as well. So although the site appeared functional, it was not as secure as their settings demanded. This did seem to be a genuine testing job. I think some thanks to the people who acted on this are due.
Indeed. Thanks for fixing it. In fact, thanks for the rest of the system too. Nat West's online banking system is generally a pleasure to use. I just took a 'NatWest One' mortgage which is actually an RBS account, and now I have to deal with their Java abomination I appreciate the original Nat West system _so_ much more :) I don't suppose there's any chance of these systems being 'unified' with the better implementation winning? If I could at least extract information from the RBS abomination to put into GnuCash it'd be helpful.
(In reply to comment #75) > > I think some thanks to the people who acted on this are due. THANKS!!!! VERIFIED FIXED?
Fixed.
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Umm.. is nwolb supposed to be working with just Mozilla (suite) or Firebird too? I have firebird and right now I get 'Service denied' at: http://www.nwolb.com
Doh I am such a fool... followed the wrong link.. please move along.. nothing to see..
Just one slight thing - They appear not to have changed the error message if you use an unsupported browser. If you try to use it using (say) Opera or Konqueror, you still get a message encouraging you to use IE or Netscape 4.x.
*** Bug 241344 has been marked as a duplicate of this bug. ***
Created new bug 353131 for denial on SeaMonkey
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in before you can comment on or make changes to this bug.