![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
blufive*(but not Netscape 6+ or anything more exotic)
Based on significant professional experience with [a major British bank I can't really name in public] I can reveal: it's a combination of Corporate Senior Management Paranoia and Lack Of Techie Resources.
The management is scared that the site is "insecure" in some way, and that all their customers' accounts are going to bleed cash all over the Internet. They want to cover their backsides.
These people are Long-Term Corporate Management types who, if questioned intensely would no doubt reveal (by their obvious ignorance) that they don't have a clue how the web works, and they wouldn't know an alternative browser if it bit them in the ass. Five years ago, a graphic designer moonlighting as a "pixel-perfect" web designer told them that MegaBrowser 3.x was "insecure", and now they lock out everything with a similar brand name, the same version number, or a logo the same colour.
Suspected browser caching of sensitive pages is often the thing they are most scared of. These guys want to flush your browser cache and reboot your machine at the end of every session on their site. Hell, if they thought they could get away with it, they'd use the HCF instruction to destroy your whole PC.
Before they're allowed to admit a new/minority browser, the (understaffed, natch) techies have to justify entry with utterly stupid levels of security testing which NO browser can pass. Or rather, they would, but the management won't allow them to test any new browsers, because they don't show up in the stats (of the site that only admits IE and NN4 [1])
IE bypasses the tests for free, because they can't lock all the customers out - and MS is a proper corporation (not one of these long-haired-hippy dot-com fly-by-nights) run by proper managers, who of course, would never release a browser with security problems.
All these decisions are made at the START of the project, and become the official policy, which then gets fossilized into the requirements, which won't change unless a metaphorical bomb goes off under the whole thing.
The stuff I was involved in 3½ years ago still[2] refuses to admit anything but IE and NN4.x[3] (allowing the management to nod and say the site is cross-browser) Except that their browser detection is so crappy that Opera falls through the cracks (even when it's not pretending to be IE6). They REQUIRE javascript for the site to function at all, launch in a nav-bar-less popup, etc, etc.
It's comical, frankly. Don't get me wrong, not all banks are this bad - there are some out there which are textbook examples of how to do a good job of this stuff.
[1] And while we're at it, the automated site monitoring software they use to detect problems with the site identifies itself as IE5.5, and accounts for approximately 50% of the site traffic. Another 25% of the traffic is automated screen-scrapers using the site as a data source for their own business, which also masquerade as IE. So, even without the systemic demographic bias due to entry requirements, the headline browser stats for the site are what those of us with statistical training refer to as "complete bollocks"
[2] Yes, I just checked.
[3] Despite the fact that the rest of their site uses CSS hacks to hide the style sheet from NN4, and looks a complete wreck as a consequence.
Based on significant professional experience with [a major British bank I can't really name in public] I can reveal: it's a combination of Corporate Senior Management Paranoia and Lack Of Techie Resources.
The management is scared that the site is "insecure" in some way, and that all their customers' accounts are going to bleed cash all over the Internet. They want to cover their backsides.
These people are Long-Term Corporate Management types who, if questioned intensely would no doubt reveal (by their obvious ignorance) that they don't have a clue how the web works, and they wouldn't know an alternative browser if it bit them in the ass. Five years ago, a graphic designer moonlighting as a "pixel-perfect" web designer told them that MegaBrowser 3.x was "insecure", and now they lock out everything with a similar brand name, the same version number, or a logo the same colour.
Suspected browser caching of sensitive pages is often the thing they are most scared of. These guys want to flush your browser cache and reboot your machine at the end of every session on their site. Hell, if they thought they could get away with it, they'd use the HCF instruction to destroy your whole PC.
Before they're allowed to admit a new/minority browser, the (understaffed, natch) techies have to justify entry with utterly stupid levels of security testing which NO browser can pass. Or rather, they would, but the management won't allow them to test any new browsers, because they don't show up in the stats (of the site that only admits IE and NN4 [1])
IE bypasses the tests for free, because they can't lock all the customers out - and MS is a proper corporation (not one of these long-haired-hippy dot-com fly-by-nights) run by proper managers, who of course, would never release a browser with security problems.
All these decisions are made at the START of the project, and become the official policy, which then gets fossilized into the requirements, which won't change unless a metaphorical bomb goes off under the whole thing.
The stuff I was involved in 3½ years ago still[2] refuses to admit anything but IE and NN4.x[3] (allowing the management to nod and say the site is cross-browser) Except that their browser detection is so crappy that Opera falls through the cracks (even when it's not pretending to be IE6). They REQUIRE javascript for the site to function at all, launch in a nav-bar-less popup, etc, etc.
It's comical, frankly. Don't get me wrong, not all banks are this bad - there are some out there which are textbook examples of how to do a good job of this stuff.
[1] And while we're at it, the automated site monitoring software they use to detect problems with the site identifies itself as IE5.5, and accounts for approximately 50% of the site traffic. Another 25% of the traffic is automated screen-scrapers using the site as a data source for their own business, which also masquerade as IE. So, even without the systemic demographic bias due to entry requirements, the headline browser stats for the site are what those of us with statistical training refer to as "complete bollocks"
[2] Yes, I just checked.
[3] Despite the fact that the rest of their site uses CSS hacks to hide the style sheet from NN4, and looks a complete wreck as a consequence.