Today I tried to complete an online purchase using my HSBC Visa Card (issued in Hong Kong), and when the merchant redirected me to HSBC for the Verified by Visa page, instead of the password prompt I used to receive, I saw the following:
Thinking that this must be an error (since it used to work fine before), I called up HSBC’s customer service hotline to find out what was going on.
I was shocked to hear that HSBC now officially only supports IE, and no other browsers are supported for Verified by Visa. I asked them what I’m supposed to do if I have a Mac and don’t have IE, and they responded that I’m supposed to use IE or nothing at all.
I asked why Firefox is unsupported since it used to work fine before and they gave a vague response that Firefox cannot exchange data with Visa properly (which does not make sense at all). They also said that their entire online platform is “built for Internet Explorer”.
The message from HSBC Hong Kong is clear: if you’re not using IE, don’t bother making online purchases with our Visa card.
My message to HSBC is this: if you’re not going to support Firefox, don’t count on me using your Visa card to make any purchases (online or offline).
In case anyone wants to comment on this, this is where the complaints need to go:
HSBC Attn: Credit Card Services 8 Floor, Block 2 & 3 HSBC Centre 1 Sham Mong Road Kowloon Hong Kong
I am responsible for overseeing the IT infrastructure of an office with about 40 Windows-based computers. We always keep the OS and relevant software patched, though sometimes even keeping Windows/Office/IE patched to the most current level is notenough.
The workarounds provided by Microsoft for this issue are frankly, not acceptable because website functionality with security set to ‘High’ is unacceptable and generate user complaints (and doesn’t even solve the problem completely).
Events like this give me cause to consider a company-wide deployment of Firefox as the default browser. We have no internal applications that rely on IE so this is not a sticking point for us as it is for many corporations. Plus, Firefox has far fewer “vulnerable days” as compared to IE (and when Firefox is vulnerable the potential risk to the system is usually lower).
However, there are a couple of blockers that stop me from taking this step. These include:
Lack of an automated/scriptable way to deploy Firefox that is supported by Mozilla (though bug 231062 has been filed for an MSI install package – almost 5 years later there is still no resolution).
Lack of any way to force Firefox product/security upgrades upon users. Without this, Firefox is arguably even more insecure than IE because at least with IE we can be reasonably sure that updates are being pushed out on schedule.
Lack of any centralised way to make sure plugins are up to date (I will concede that IE is not up to par on this front either).
There are probably a few other points that I can’t think of at the moment. However, our company is an SME with less than 100 computers and I find these issues troubling. Imagine a Fortune 500 company – the problem for them would be multiplied many fold.
I am unhappy about the latest problems with IE and unhappy that there is no patch yet for an exploit that is so clearly in the wild and unhappy that there isn’t even an acceptable way to mitigate the risk.
Having said all this – at the moment I don’t see that switching to an alternative browser is an acceptable solution to this problem for enterprise users for the reasons above.
If work was done to make Firefox more enterprise friendly, this would go a long way towards adoption in the workplace. As it stands, there are just too many reasons not to deploy even though the product is clearly superior from an end user standpoint.