Published date: 03/13/2017
Last Modified date: 03/13/2017
This article is a consolidated list of browser settings and official Browser Policy for supported browsers. See attached Digital_Insight_Browser_Policy June 2016 at the bottom of this article. The complete 'Browser Policy' can also be found in Admin Platform, under Home > Security and Compliance.
Browser Policy Review - We will provide updates to this policy on a periodic basis, and it will be posted within Admin Platform. We will send a communication when an update is available. If supported browsers for a specific solution change between Browser Policy updates, we will notify you via the release notes.
Adoption of New Browsers - Our goals are to support as many of your customers/members as possible and to help maintain security during their online banking sessions. We review industry browser usage trends, browser capabilities and security information when deciding which browsers to consider certified or supported. We also utilize browser usage data collected by our own solutions and focus our efforts on supporting those browsers that are most secure and have the highest market demand.
· Google Chrome: Supported, Tier 1
· Mozilla Firefox: Supported, Tier 1
o Safari 9: Supported, Tier 1
o Safari 8: Unsupported
o Safari 6 & 7: Unsupported
· Internet Explorer
o IE 11: Supported, Tier 1
o IE 8, IE 9, IE 10: Unsupported
· Microsoft Edge
Unless specifically called out in the attached Digital_Insight_Browser_Policy June 2016.pdf document, Digital Insight products and features and designed to work with the default settings supplied by each browser. There are a few instances where the default settings supplied by a browser will cause issues with usability of various websites, including Online Banking.
For instance, by default, Safari blocks all third‐party cookies from being accepted. This setting will cause parts of Online Banking, including FinanceWorks, Bill Pay and other third‐party services to function incorrectly.
If end users experience any issues accessing these parts of Online Banking using Safari, please verify their cookie settings by going to Safari > Preferences or by hitting ⌘, (Command key plus the comma key) and looking at the Privacy tab. The option for Block cookies should be set to Never.
Situations such as just described, which cannot be directly addressed by Digital Insight will have specific instructions called out in the Browser Policy.
Please note not all browsers behave in the same way nor have the same default settings. Browsers have in the past and likely will again in the future change their defaults for a variety of reasons. We will continue to develop our products based on a base level of defaults and secure functionality. We cannot guarantee all defaults will work all the time, esp when considering the unpredictable changes some browser updates introduce. Any issues with defaults will be analyzed by our Security team and documented in this article, and addressed in future Browser Policy updates as needed.
Google Chrome and Mozilla Firefox are released on extremely rapid release schedules. Because of this, Chrome and Firefox may release new versions of these browsers between releases of Digital Insights solutions; however, the content and functionally of these releases are highly unlikely to negatively affect Digital Insights solutions. Therefore, we will not test Digital Insights solutions against every release of Chrome and Firefox. When testing a consumer release, Digital Insights Quality Assurance teams will test the solution in the latest available version of the browser at time of the release to ensure that the experience is optimized for that version of the browser.
Support for Internet Explorer browsers is based on market penetration and user behavior. Internet Explorer 11 is free and available to download for users of Internet Explorer 10. It is recommended by Microsoft and is considered the superior of the two. Overall internet usage statistics are also very low for IE10. For these reasons, we are no longer supporting IE10 for testing and development and recommend all users upgrade to IE11.
As of January 2016, Microsoft has made significant changes to their support strategy of Internet Explorer. Microsoft will now only support their latest and most current version of Internet Explorer.
What this means is that IE8 and IE9 are no longer versions of IE that will be maintained or updated by Microsoft. Security patches, bugs, enhancements will only be updated on the most current version of Internet Explorer. Microsoft has elected to focus their usability and support on their main browser(s) and offers free upgrades to all users. At the time of publication, IE11 and Microsoft Edge are the only browsers being maintained by Microsoft. Based on this change to policy from Microsoft, and also due to very low usage statistics, Digital Insight will only support the most current version of IE and Microsoft Edge for Online Banking and Web Center Websites.
· Microsoft Edge is the Default browser for the new Windows 10 Operating System
· Overall usage as of May 2016 remains relatively low at just over 6% of total Online Banking users
· For this reason, we are certifying Microsoft Edge as a Tier 2 Browser. Full Tier1 certification will depend on higher usage rates.
Internet Explorer 11
Full Internet Explorer Settings attached at the bottom of this article.
Basic settings and Troubleshooting for IB, CST, Admin Platform and other issues are generally due to one of two things. Make sure 3rd Party Cookies are enabled and select TLS 1.0 and TLS 1.2.
Enable Third Party Cookies:
1. Click on TOOLS.
2. Select INTERNET OPTIONS.
3. Click the PRIVACY tab.
4. Click on the ADVANCED tab.
a. Put a check mark next to "Override Automatic Cookie Handling".
b. Select ACCEPT for "First-Party Cookies" and "Third Party Cookies".
c. Put a check mark next to "Always Allow Session Cookies".
1. Access Tools > Internet Options > Advanced tab
2. Scroll down to the Security section
3. Ensure that the box for "Use TLS 1.0" is checked.
4. Click OK
5. Close all open browser windows. Relaunch the browser and try again
Note: Depending on the site/financial institution there might be issues with using TLS 1.2 and Internet Explorer. If after ensuring that TLS 1.0 is checked and discovering that the user is still unable to connect to the online banking site, go ahead and uncheck the "Use TLS 1.2" box to see if that addresses the issue. Checking or unchecking other TLS boxes will not have any effect with troubleshooting online banking, and doing so may affect the user's ability to successfully access other sites, so please do not touch anything other than the above referred boxes.
Update regarding SSL and Poodle: (Dec 2014)
POODLE (Padding Oracle on Downgraded Legacy Encryption) is a new vulnerability exploiting a flaw in SSL (Secure Sockets Layer) 3.0 that has been in the news.
SSL 3.0 is a protocol over 15 years old but still used by many web browsers and servers to encrypt and secure data sent via the Internet between a client and server. While current web browsers use the TLS (Transport Layer Security) protocol by default, most browsers will retry failed connections with older protocols, including SSL 3.0 if initial connection attempts fail. Older browsers, such as Internet Explorer 6.0 and earlier, use SSL 3.0 by default and require manual enablement of TLS.
POODLE attempts to intentionally fail an initial connection, forcing an attempt to connect via SSL 3.0 and is most likely when using public WiFi or other non-trusted networks. Once the connection is secured via SSL 3.0, the flaw can be exploited to take malicious action. Due to this vulnerability issues, we will be disabling SSL 3.0 it server side on the DI side. Even if end user would still have SSL3 or SSL2 checked in his browser settings, it would still be disabled on our side and wont be used, TLS will be used instead.
Other possible settings: Under Options -> Advanced the following two settings might alleviate loading issues. Make sure these are checked on. This will enable IE to display content more effectively.
· "Use software rendering instead of GPU rendering"
· "Enable native XMLHTTP support"
· "Enable DOM Storage"
1. Bring up the FireFox Browser and click Options at the bottom of the screen:
2. Click Privacy on the left menu bar
3. Under the History section, select the drop down that states Remember History and select Use Custom Settings for History
4. Select Never from the drop down that is titled Accept third-party cookies. Then click the options Exceptions.
5. Enter the web site address for your Financial Institution, click Allow and then click Save Changes. You will then be returned to the previous screen and only cookies will be enabled for your Financial Institutions web site.