Sunday, July 27, 2008

Citibank is BLOCKING Customers Who Use Linux

One of my laptops has Ubuntu 8.04 64bit and it works perfect. Then I went to Citibank's site to login for the first time, http://citicards.com. At first, you get this:

You should get this, however, unless you can login within 2 seconds the page switches to this :
Naturally, User Agent Switcher, a firefox addon, came to mind and it works perfectly but I was just not satisfied. None of the other banks I use do this, even the small ones. According to Citibank:
I called Citibank Technical Support and the person I spoke with said "the Citibank website supports Firefox but does not support uncommon operating systems like Linux".
I called again just to see if this was the official Citibank policy. This next person went into detail about how Windows is the only OS that offers "real security".

At this point I was a little offended.

The next two people I spoke with had never heard of Linux (in technical support!) and put me on hold to ask the manager if I could view http://citicard.com with Linux. Of course they came back and said Citibank only supports "secure operating systems" and that windows was the only option.

The Last person I spoke with at Citibank Technical Support had heard of Linux. She stated "I have Ubuntu on my laptop, and I love it!". She also assured me, off the record, that this is Citibank's official policy and they do not care.

Personally, this pisses me off. WHY would you block customers that use Linux, especially when your site works fine with Linux? This has clearly been an issue for over a year. This post is from Linuxquestions.org. In a post on movingtofreedom.org, Citibank: You’re on Notice, the author goes into detail about his similar experience with Citibank and their unwillingness to do a thing about it.

Maybe this is nothing but if you feel like calling Customer Support, use 800.852.7282, no waiting ::grin::.

Here is a video showing the problem. First I show that Citibank is using Solaris, via Netcraft, and then I attempt to go to http://citicards.com. As you can see, the page goes blank. I then right click on the page, press play, continue, continue, and close. This workaround, brings the login page up correctly.

If you work for Citigroup Inc. and you would like to share your thoughts, please contact me via email or in the comment section.

Update:
One or two Citibank employees have mentioned wanting to do something about it. If something had been accomplished, I would have already posted it.

Update:
neil1492 on digg.com pointed out a very interesting fact with this question:
"Now the question is why is there a flash animation for Linux but not for Windows or Mac?"
This is a very good question indeed and is probably a part of why Linux users are having this issue with Citibank.

Update:
omoshiroi on digg.com found this alternative:
https://www.accountonline.com
Note: You NEED to use both the https and the www or else it will fail. This is the address that http://citicards.com forwards to once a user logs in. I wonder why Citibank did not give this address to me when I called?

Update:
HAKdragon On Digg.com verified my suspicion that Citibank is using Solaris on their servers with this link to Netcraft. It appears that both http://citicards.com and http://citibank.com are running on Solaris. So Citibank is using an operating system that is, in their opinion, not secure. Very interesting ::grin::

Update:
cube3x3 on digg.com stated a second solution aside from using the User-Agent Switcher add-on:
1. Right Click on your browser in center area (after the page disappears)
2. Click on Play option
3. A window will pop up, click continue twice and close.
Note: you have to do this each time you goto http://citicards.com to login.

Update:
fotoman On Digg.com pointed out a rather interesting fix. If you goto http://citicards.com and hit a few times once you see the login page, the page will not disappear. You can then login without any problem. very nice.

Update:
earthmansurfer On Digg.com pointed out a 4th solution, very similar to the third.
Stop the page right after you get the log in screen. It will work fine, just have to time stopping the load.

Update:
chezifresh On Digg.com pointed out a funny workaround, but it requires some good timing. If you are able to click in the login field before the page disappears, the page will not vanish. I was able to verify this workaround a few times, however, some of the time it doesn't work, even if you click in the field before the page vanishes.

Update:
Clemens on blogger.com point out this more involved solution. Since I do not use greasemonkey, a Firefox add-on, I cannot verify it works. Here is the script:
#####Start#####
this greasemonkey script deals with the problem:

// ==UserScript==
// can be found at http://cdrews.com/citibank.user.js
// @name Citibank
// @namespace citibank
// @description Remove stupid help screen
// @include https://www.citicards.com/cards/wv/home.do*
// ==/UserScript==
//
//
try{
if(null != document.getElementById('help-overlay')){
var crap = document.getElementById('help-overlay') ;
GM_log('removing stupid help overlay')
crap.parentNode.removeChild(crap);
}
}catch(e){
GM_log( "encountered some problem, here's the exception:" + e)
}
######End######

Update
May on Digg.com have pointed out that if you have a flash blocker add-on for firefox, it will work. This is most likely do to the fact that it pauses the flash app giving you a chance to play it or not. This is very similar to hitting Esc while the flash loads or stoping the page before the flash app vanishes. This solution is definitely one of the easiest and potentially has other advantages.

Interesting Links and References:
Microsoft Business Solutions Joins Forces With Citibank Merchant Services .....
Microsoft Signs Citibank Indian Software Unit Deal
Citibank joins Microsoft bill venture

--from moulin1 on digg.com
Now this picture is starting to make sense. Lots of Microsoft+Citibank deals happening, I wonder.......

Citibank ATM breach reveals PIN security problems
PIN Scandal 'Worst Hack Ever' - Citibank Only The Start

--from
m6ack on digg.com

Citibank: You’re on Notice

--from Budding on blogger.com

Comments from Citibank Doesn't Like Linux Users on digg.com

42 comments:

Grus i Salaten said...

Because they are frightened by the tech savvy people with the skeelz to steal their money. That's my guess.

Jitendra Ram said...

There is a work-around that I use. As soon as the sign-on button is displayed, click on it and it will take you to this page where you can enter your credentials to login.
https://www.accountonline.com/cards/svc/Login.do

Sriram said...

I just logged on to Citibank a couple of days back and I had no problems whatsoever. I'm using Ubuntu Hardy with Firefox 3. I logged in just fine...

sketec said...

use flashblock, that fixed it for me.

haywire'd said...

What is your gnome theme / dock / etc?

Choqeel said...

have you try to use IE6 which is run on linux by utilizing Wine. Once Wine is installed you can run Wine-Doors to install IE6 on your Ubuntu. i did it on My Fedora Linux 9 and it's run perfectly!

Brent said...

I've been using citibank's website to pay my card from my gentoo laptop for a long time now. Granted, their tech support people are mostly idiots, but I'm also not convinced that their actively blocking Linux.

I just logged in (with Firefox 3.01) to see if anything had changed, and it hasn't. Works fine for me.

Robert said...

Citibank doesn't like your FF theme.
yeah the theme sucks, sorry.

Allen said...

It's a flash issue. I right click and hit "play" and suddenly the screen is visible, close the stupid flash popup and you're good to go. It's ridiculous that this breaks anything. I don't know who's to blame. the developers of the flash i'm using or citi group.

M. Barron said...

This is a FLASH problem, not Linux.

Just install flashblock.

Spot said...

actually... you are wrong that we are blocked.
I, too, use ubuntu and I use both citibank.com and citicards.com freely.

If you press "X" immediately after the citicards page loads, you can go ahead and log in normally. every page except for the landing page works juuuust fine. I think that that is just a bug in flash for linux, actually.

If you scroll down just a little on the citibank.com page immediately after you attempt a login, you will see a "continue" button on the bottom right. click it and do your online banking freely :-)

Matt said...

It's true that this is a mild problem, but the problem has nothing to do with Citi. The problem is flash support in linux. Flash10 might very well fix this problem...

Nanjundi said...

Just block
https://www.citicards.com/cards/wv/swf/filter1.swf
by adding it to adblock. Everything should work fine.

jdm64 said...

You should've asked if Solaris 8 or higher is supported because that's what there servers are running. They say that windows is the only "secure" OS, but they don't even use it! They use a unix based os! (see here)

Douglas said...

They must have been joking when they stated that Windowz is more secure than Linux. OMG, I hope so. I would hate to think my money is being managed by someone who is that uninformed.

Indus Creep said...

its the way firefox handles flash on linux...use adblock plus and block some .swf files to see the login screen in all its glory.

Teague said...

I had to deal with this on Citicards and it was driving me crazy. Initially I used Firebug to remove the element which covered everything up, but eventually I wrote a greasemonkey script which fixed the problem. If anybody wants this, I'd be happy to share it.

Adam said...

it's a problem with flash on Linux. citi have put a huge page sized advert on their front page, which is mostly transparent... the problem is that flash on linux doesn't support transparent movies, so you just see a big blank page.

as others have suggested, install adblock or flashblock and block the advert...

cantormath said...

I tried it with the default FF theme, with compiz turned off, no cairodocker, and I get the same results.

The Scientist said...

> Citibank is using Solaris ... So Citibank is
> using an operating system that is, in their
> opinion, not secure.

I should point out that there's nothing inherently secure or insecure about Linux, Solaris, or any *nix.

It's possible to set up a very secure Linux install indeed -- properly configured SELinux, well defined user policies, etc.

It's also possible to set up a very *in*secure Linux install. Xandros's policy of "all root, all the time" comes to mind.

Linux isn't inherently insecure. But it's not inherently secure, either. It's just very flexible but with that flexibility comes a responsibility.

bfarah said...

They have no experience with Linux, so they're scared of what people might come up with. Maybe there are exploits that you can only do on Linux that they're afraid of, etc.
Ignorant, yes, but not necessarily unfounded. A little knowledge is a dangerous thing :P

Mike said...

It's simple. They won't support Linux because their web developers and QA groups don't test on Linux. Since they don't test on Linux, they can't confirm that it works on Linux (even if it does), and therefore they can't officially say it's supported under Linux.

Why don't they test under Linux? More than likely there's a Pointy Haired Boss (PHB) who thinks Microsoft is the shizznit, and she/he won't endorse testing Linux.

They're also probably put off by the large number of Linux distributions - should they test Ubuntu? RedHat? SuSE? Slackware? Gentoo? Debian? Sure, we all know that it has more to do with the version of Firefox being run than the Linux distro, but the PHB doesn't know that.

You might think from the above that I work for Citibank. I don't - but I've worked in a very similar environment and have heard very similar arguments against Linux support.

Dread Knight said...

I was offended by my ISP tech support in a similar way the other days: "we don't support routers and linux, please connect the cable directly and install microsoft windows xp or vista and tell us the error number"

and the tech girls kept begging me to install windoze. (stfu in my mind ... ).
You can't be serios...

Jeff said...

Hey, what dock are you using on your ubuntu laptop? It looks a lot nicer than AWN.

Clemens said...

this greasemonkey script deals with the problem:

// ==UserScript==
// can be found at http://cdrews.com/citibank.user.js
// @name Citibank
// @namespace citibank
// @description Remove stupid help screen
// @include https://www.citicards.com/cards/wv/home.do*
// ==/UserScript==
//
//
try{
if(null != document.getElementById('help-overlay')){
var crap = document.getElementById('help-overlay') ;
GM_log('removing stupid help overlay')
crap.parentNode.removeChild(crap);
}
}catch(e){
GM_log( "encountered some problem, here's the exception:" + e)
}

cantormath said...

Clemens
nice solution.

For the record
Im using:
Cairodock (docker)
Compiz Fusion (Windows Manager)
Nasa Night Launch (firefox Theme)
Emerald (windows Theme)
The Gnome theme is one of the standard ones, I just changed the color to red.

these packages should be in the ubuntu repos....

Budding said...

This topic flares up every once in a while. Scott has already documented this.

http://www.movingtofreedom.org/2007/08/26/citibank-you-are-on-notice-support-free-software/

cantormath said...

@Budding

Thanks for the link, I added it to the post.

Michal said...

I have CITI credit card but can't use it because no WINDOWS in the house. Well..I even call CITI tech support, and he confirm , even he can't use it because it doesn't work

Michal Planicka
www.metrication.us

turbodebug said...

fedora 8 x64 firefox
I can browse the site。
it jump to
https://www.citicards.com/cards/wv/home.do

AnObfuscator said...

Hi;

I just came across this blog. I work for Citicards Web Solutions, and I use linux, and this is unacceptable. I'll see what I can do tomorrow, and let you know my results.

djreedps said...

The best workaround.

1. Go down to your local Citibank.
2. Close your accounts.
3. Tell them you are a Linux customer who is BLOCKING Citibank.
4. Take your money to a bank that doesn't suck.

tobiasly said...

agree completely with djreedps. until linux users start demanding that they not be treated like second-class citizens this is not going to change. there are way too many banks and credit cards out there, i get half a dozen offers in the mail each week. take your money, close the account, and let them know why you left.

Swapnil said...

Which DOCK are you using and what is the theme....my Ubuntu never looked that sexy...

Dusty said...

I just added "https://www.citicards.com/cards/wv/swf/*.swf" to my ad filter.

Justin said...

What an idiot neckbeard, going on a nerdrage tirade over a simple Flash issue.

Bhaskar said...

One solution is to turn off Javascript in Firefox and then go to the cards site. This presents the login screen. Then, enter the id and password, and turn on Javascript before clicking on the login button. Pain in the rear, but it works.

bvaccaro said...

I see this as more of a Flash on Firefox issue. If Flash worked properly on Firefox to begin with, they wouldn't be able to block us from viewing the site with a simple animation. Has anyone else even noticed that on half of the menus on websites that use Flash, the z-order of the site gets messed up and the menu displays below images? This conceals the menus and makes them unuseable. I'm anxiously awaiting Chrome for Linux. I think we'll see less of these problems with it. I love Firefox and would rather not switch to a Google browser, but come on guys.

Swizzler121 said...

Microsoft probably paid them off, more FUD propaganda...

Flerkin McBlerkin said...

Holy cow - Here come the spammers!
Outsourced IT Support

us drugstore said...

Thanks, helpful source.

Anonymous said...

Thank you Citibank Customer Care Toll Free Number for telling me The Right Way of Filling Online Complaint..