Sampo Pankki, the bank that was formerly known as Postipankki, Leonia and just Sampo was recently bought by the Danish Danske Bank. As part of the merger they switched their IT systems to Danske Bank infrastructure in a huge EUR 200 million operation over the Easter. The switch had a lot of issues, causing website downtime, faulty account data and non-functioning credit cards.

However, the downtimes were not the only big issue with the switch: in the process Sampo also switched from a reputedly very functional HTML-based web banking interface into a Java Applet that is doing some quite dubious snooping on user's computer. And of course they didn't do much cross-browser testing. Here is what I see with Firefox 3 beta:

I remember when our former accounting software SaaS vendor Procountor did a switch from HTML to Java Applet. Suddenly a very fast and easy UI was changed to slow and unusable semi-desktop-ish application. Needless to say, my company dumped them immediately. Java Applets may have had advantages in 90s, but in the Age of Ajax they are mostly obsolete.

Update: Apparently the Sampo service also has a Cross-Site Scripting vulnerability. All this bungling makes me remain quite a happy Nordea customer.

Technorati Tags: ajax, java, security, sampopankki