You’ll remember that I recently had a problem with Ally bank sending out incorrect amounts for checks via their bill pay service.

First, the good news. I did get a phone call from Ally on Monday with an update on what was going on, without having to call them first. That was better than the previous week where they said they would call back and didn’t. They indicated that eight other customers had the same (or similar) issue with bill pay and that they had now fixed it.

The stopped payment on the second mistaken bill pay did happen and they did credit the money back to my account, though it took a few days. And the third time did finally work, paying the difference that was still due to the electric company.

Then I got another call on Wednesday and that is where things took another bad turn. To start with they asked my to verify my account/security details. I replied that since you called me, this could be anyone and I’d be happy to provide those details by calling them back. The person who called made it sound like that would be difficult and instead I confirmed their identity first by having them provide my with the ticket number for my case. With that confirmed I answered their security questions.

This new person (different from the person who called me twice on Monday) didn’t know the whole story, so first I repeated that. She apologized for what had happened and said that they were using a new bill pay system and had found numerous problems with it and were working frantically to try and address them all. We went back and forth a bit, mostly I wanted to make sure she knew that mistakes of this nature are really, really, really bad and if they continued I’d have no choice but to not use their services and encourage everyone else to avoid them as well. Good thing this was just my electric bill, if this has been my mortgage payment the numbers would have been much larger.

She then provided what I found to be a very interesting detail. The technical people at Ally asked her to inform me that I should “press F5 on the bill pay screen and that would clear up the mistake”. That made the red alerts in my brain fire off repeatedly. I suspect what they really meant was Ctrl+F5, which in most browsers will force a cache refresh of the page. But the only reason for forcing a cache refresh on the bill pay screen as a method for solving this problem would mean that they were doing processing on the client side, probably in Javascript, that was altering the value I entered in. That did not sound good.

At this point I told her that I was quite familiar with web development and that if this truly was a bug involving their client side code altering the value I entered into a form field, then it made me quite nervous. If your servers can’t trust the data that they are getting back from a form submit then things are very, very bad. She wasn’t technical at all so she was simply telling me what her people had told her to say.

After reviewing my various concerns, she then asked if there was anything else about the site or the service that I had questions or concerns about. It just so happens that there was a minor issue with the site that I’d hoped they would get around to fixing, but hadn’t so far. This seemed like the perfect time to ask, so I did. I won’t got into details, I already had an idea of why this particular feature wasn’t working: using Flash to store cookies. I use Chrome as my primary browser and have specifically gone in and disabled Flash in Chrome. I hadn’t done any specific testing to confirm if this was actually the case, but I was reasonably confident about this being an issue with them relying on Flash to store cookies and I told her as much.

I could hear her typing on a keyboard as I mentioned that I suspected the use of Flash being the issue. Then she asked me what browser I was using. I told her Chrome, to which she replied that their site did not work correctly if you used Chrome. This was a bit of surprise to me since I’d been using Chrome to access ally.com for several months and with the exception of the one feature I mentioned (and this whole bill pay mess) the site had worked fine. The only supported browsers when using ally.com were IE 7 on Windows and Firefox on a Mac. And the reason Chrome isn’t supported: “because some of the additional security features that are included in Chrome cause the site to not work correctly”. So her recommendation was to use a less secure browser. At that point I told her that telling people to use less secure browsers was probably not a good way to pitch methods for accessing your bank account.

Some how I managed to resist the urge of ranting about how foolish it is to design a site that only works in IE or Firefox. It is 2011, how is it that there are still web devs out there that think that is a good idea?

I knew that the position she was in wasn’t easy, she was providing me the information that her IT people gave her. And even though I knew that it was either: completely bogus or a sign of some very bad decisions, there really wasn’t anything she could do directly about it. I said that I’d be happy to chat with one of their technical people. So if you are technical person at Ally bank give me a call, I could be totally wrong about this being an issue with Flash and I’d love to hear about it.