Chase Bank site - blocking access via SeaMonkey

[mpdooley]

Suspected they might pull this but site has worked well in the past.

Now get:
https://www.chase.com/services/browser-upgrade
When trying to login with Version 2.39.

[Andy Boze]

I didn't have a problem when I logged in about three weeks ago. Apparently they've "improved" their website, including defective browser sniffing. I changed my user agent string to remove the SeaMonkey part and I was able to log in fine just now. Maybe complaining to them will get them to fix it.

[JayhawksRock]

Maybe complaining to them will get them to fix it.

I doubt it... my bank will only recognize IE... always has, always will.
End of story.

[rsx11m]

Yeah, they screwed something up with their website - see https://bugzilla.mozilla.org/show_bug.cgi?id=1277111 and related https://bugzilla.mozilla.org/show_bug.cgi?id=1230783

[TPR75]

Yeah, they screwed something up with their website - see https://bugzilla.mozilla.org/show_bug.cgi?id=1277111 and related https://bugzilla.mozilla.org/show_bug.cgi?id=1230783

It was discussed before:
http://forums.mozillazine.org/viewtopic ... #p13948475
http://forums.mozillazine.org/viewtopic ... #p14057585

@mpdooley
Two things:
1) User Agent must be changed:
Add name "general.useragent.override.chase.com" with value "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko". Since then SeaMonkey will have fake Internet Explorer user agent but for chase.com site only.
2) Chase.com request "referer":
"network.http.sendRefererHeader" must be set to default "2".

As a customer write to the Bank and request better service.

[Peter Creasey]

Now get:
https://www.chase.com/services/browser-upgrade
When trying to login with Version 2.39.

m, the chase site still works fine for me with SM 2.40.

I wonder what the difference is (other than SM versions)!

[therube]

I use this page, https://chaseonline.chase.com/Logon.aspx & don't run into any issues.
(I only have a Chase credit card, so I don't see the banking end or anything else.
I wonder why I don't have a Chase bank account? Oh yeah, I remember, they closed all their branches here in Maryland.)


Also note that if you use NoScript, Can't login to chase.com anymore.
(Seemingly a newly needed "cdn", chasecdn.com, that needs to be Allowed.)


OK, here's are some URLs that all can visit to verify the "out of date":
> https://locator.chase.com/
> https://www.chase.com/


Just yesterday I emailed Chase....

...

Let your IT guys figure out what is wrong with staples, let
them look & see at the "tracking" & other crap that goes on
their, at how unfriendly it is... Then see if they can duplicate
that "experience" on your end .

Anyhow, the way this particular form on the chase website
works, falls into the same category.

All one need to do is to make an "errant" click & wham, bam,
thank you ma'am.

And if your IT guys can't see the issue & see that it is wrong,
fire them. (Trump surely would.)

Oh, & they will respond back.
I'll let you know how that goes.

their

Oops.
Was probably initially thinking, "their end", but then changed it to more along the lines of "over there".


Note if you close their "Please update your browser soon" message (the 'X'), it will not reappear - until you clear cookies (or until they actually start [incorrectly] blocking.


Probably this:
[ view-source: ] https://www.chase.com/c/061216/etc/desi ... -ux.min.js

"SeaMonkey" does show up in there, but looks like they do nothing with it.
Yet, oddly, with "Palemoon", they do:

Code: Select all

else if(P=="PaleMoon"&&(H=/\bFirefox\/([\d.]+)\b/.exec(a)))J.push("identifying as Firefox "+H[1]);

Seems like the minimum FF version they'll take is "30" & seemingly what they're looking at is "Firefox/30.0" part of the UA string. (Now that's for "desktop".)

Palemoon

Best I can figure, they're given a free pass.
Even this, Mozilla/5.0 (Windows NT 5.1; rv:2.0) Gecko/20140610 PaleMoon/2.0 SeaMonkey 2.0, fails to generate any message.

[therube]

Chase

Executive Office

June 24, 2015

therube...

We did not find any error's with the Ultimate Rewards website

Dear therube:

It was a pleasure speaking with you on June 10, 2016, about your Chase Ink Business card ending in
xxxx. Thank you for the opportunity to assist you.

After a thorough investigation with our online and digital partners, the Ultimate Rewards website is
operating as designed. We recommend that you add all of the information at the same time required to
submit and complete the redemption process in the future. We're sorry for the difficulties you've
experienced on the website and with our Customer Service. Thank you for your valuable feedback.

If you have any questions or further issues, please call me at 1-888-622-7547, extension xxx-xxxx.

Sincerely,

Michael Trotter
Executive Office

[bolding mine Oh & the 2015, that is not my typo, so that would seem to indicate the he did actually write this & it is not some canned response.]

And this was my original feedback to them about the way there website was working:

> ...
> i'm typing in information, i have to look up my
> routing number. i come back to the screen, /happened/ to
> click outside of the popup box, all the information
> already entered goes away, i'm taken back to the main
> rewards screen - for me to go through the whole procedure
> again.
>
> that stinks!
> an errant click should not negate everything done like
> that.
> that is no way for a form to react.

If you have a chase credit card, go to their "rewards" & try it & see how the website "is operating as designed" (wrongly ).

[DJGM]

Maybe complaining to them will get them to fix it.

I doubt it... my bank will only recognize IE... always has, always will.
End of story.

Then you should move your account to another bank in protest. There really is absolutely NO excuse whatsoever for any bank's
online banking site to restrict their users to IE these days, especially with overall IE usage in heavy decline.

Meanwhile, why on earth do they require your Social Security number to sign up for online banking?!? That makes no sense!

[BillT52]

I agree that if a bank's online banking site only works for IE, then unless they have some other service you absolutely need, change banks.

As to why they would ask for your SSN to register for online banking, many sites use their customer information database to link your eligible accounts to your online ID. Your SSN (which they already have) is usually the best key to access your customer record. They could also use your name, but if it's John Smith, they'd need additional information to make sure they have your record, and not one of the other dozens of John Smiths.

[Myhrddin]

Chase & SeaMonkey

Yes, until just recently it worked fine. They're "upgrading" the site and "security" and now, if you try to log in to manage your credit card it just boots you to a page asking you to download another browser and lists 4 they'll work with. Ugh.!

Well, I'm not about to use IE or Edge, they can forget that security nonsense.

I'm not likely to use Safari in Windows either as I don't know about it's weaknesses on the Windows platform.

As far as getting FireFox, well, SeaMonkey has that.. and more. I feel like SeaMonkey is less hackable than FireFox even.

So, its a matter of coding, of course. I've gone to Chase's Twitter "support" area and been talking to them for days on end now.. ever since the new bits came online at Chase.

Here's an odd bit you may not realize yet.. I can go to the same login page and successfully log into my checking account still. Its just the Credit Card login that boots out.

Please, go and make your voice heard to Chase. I've done the Twitter Chase Support, I've called several times and have emailed both them and Amazon (the base of my Chase visa account.. Amazon Rewards Visa) And, if enough people make themselves heard and raise their awareness of SeaMonkey, they will fix it. There is not any real security reason to deny access because of SeaMonkey at all. It's every bit as up-to-date and secure.

Sincerely, Myrddin
.end.trans.

[Myhrddin]

If you use SeaMonkey and Chase. You may want to do what I have just done as well.... I went and put a note on my Google+, on Facebook, and Twitter.
I'm pushing it to even use those 3 as the whole social thing isn't really part of my repertoire but, feel like this is important. If you do too, make your voice heard about this.

[Peter Creasey]

Whereas before I could use Chase with SM, now I have the same problem on login that others are reporting.

Definitely out of line for Chase to do this.

[therube]

Working here, business account, https://chaseonline.chase.com/Logon.aspx.

[Myhrddin]

Working here, business account, https://chaseonline.chase.com/Logon.aspx.

Yes, oddly enough, you can log into a bank account from the same login. It boots you if you attempt, from that same address, to log into a credit account.

The Only way Chase is going to fix this is if they hear about it .. and, its not easy to make someone who matters hear about it.

Their Twitter support account is a good place .. and, posting something on your Twitter feed may help too. Calling and making them let you speak with a supervisor or with someone in the Internet Support area but, asking again to speak to one of their managers ... If you only speak with the lowest level Reps, they can't do anything. They can't pass word up the chain of command to get the notice of anyone above them.

So, making a public stink over it and calling them directly and always making them allow you to speak with someone higher than the reps is the only way to possibly get good results from this nonsense they're enacting.

I've also noted publicly that coders who really know their stuff, Deep Tech Heads -- Well, they know SeaMonkey. So, you have to wonder who it is that's writing this new site.?.!

Any Social site post may help them to become aware of this oversight and fix the issue.