Scorecard for 5 major Australian banks:
| Bank | Phishing | Keyloggers | Viruses & Worms | Instant Solution | Free Perm Solutions | Browsers | W3C’s Validator | Alternatives | Notes |
| A | Good | Average | Good | None | None | Recommends MSIE only, supports NS4.7 | Error city | None | Had to lie about browser ID to even read security info, info itself was very clear, with pictures and examples |
| C | Poor | Average | Good | None | AdAware | Recommends MSIE, NS4.7; supports Mozilla, Firefox, Safari | Claims to be XHTML 1.0 but is not, 16 errors | None | FAQ was detailed and informative in general, but blipped over some important issues |
| M | Average | Poor | Average | None | None | Discusses MSIE, NS; does not say what it supports | Error city | None | FAQ was very short |
| N | Average | Poor | Average | None | None | Recommends MSIE, NS; works with Mozilla but gives a monthly nag page | Error city despite a valid DOCTYPE | None | Security instructions very vague |
| W | Average | Poor | Average | Symantec | None | Strongly recommends MSIE, NS; works with Mozilla | 20 errors, mostly carelessness, few serious | None | Security instructions very brief and not glossaried |
It’s notable that none of these banks recommend the very simple step of not using software that has regular security issues and that none of these large, monied corporations could be bothered making their website standards-compliant.
I’ve had a go at asking two of them about other browsers and about standards, the response in one case was ”maybe one day” and “we have our own validator”; in the other it was “yes, thanks for your suggestion” followed by silence and inaction.
If you’re a bank reading this and wish to improve your online IQ, here are some free tips:
- Make all of your HTML standard; the tests above were run on your home page and it is doubtful that your internet banking pages would do better. Standard is simple and with very few exceptions works everywhere (thus eliminating 99% of browser compatibility issues).
- Go and visit Bank A’s site to see clear explanations and pretty pictures in bite-sized pieces (but be sure to tell the site you’re using MSIE; they failed their browser support check there) and Bank C’s site to see a generous quantity of information. Then ask some grandparents (at least four) to make head or tail of it. Take careful notes, write careful explanations for every single word or concept that they fail to comprehend, and link these words to popups with the explanations and mouseovers (title="text", not complicated scripts) with one-liner hints.
- Recommend at least two free online virus scanner sites for your MS-Windows-using visitors.
- Recommend at least AdAware and SpyBot spyware scanners for the same people.
- Recommend avoiding software which is scam-prone. Specifically, it is very simple to link to Firefox and Thunderbird, which are far safer than their most popular commercial competition and run on almost anything. Bonus points for offering some choices there. Of course, standard HTML is a prerequisite for this.
- Bite the bullet. Recommend that they use something other than MS-Windows (Macintosh and Linux being the obvious places to start) even though the vast majority will not take this advice. Likewise, the absence of ActiveX and other unportable nonsense in your banking applications is a prerequisite for this, too.
- Recommend the ClamAV virus scanner, which is not only genuinely free but also picks out many phishing scams. Bonus points again for offering choices rather than just one “option”.
Comments