Sampo Bank online problems continue

Security expert warns of possible vulnerabilities

print this

Problems that emerged with the new online banking system of Sampo Bank on Tuesday were not limited to breaks in service and incorrect or missing information on money transfers and bank balances.
     The glitches, that continued on Wednesday, were prompted by changes enacted at Sampo aimed at integrating its operations with the Danish Danske Bank, which bought Sampo last year.
      One customer in the Uusimaa region noticed on Wednesday that his monthly housing loan payment had been deducted from his account twice.
     The bank admitted that the problems were linked with the new system and promised to return the money to the customer's account.
     
Various types of glitches have affected users of Sampo's online banking service, and the problems have been a major topic in Finnish Internet chat rooms. Many have said that their bank balance had indicated an empty account, even though there was money.
     Problems with access to the online banking service led to massive queues at the bank's branch offices on Tuesday.
     
A security breach was found in the Sampo online banking service on Wednesday, which might have made Sampo customers vulnerable to e-mail phishing scams.
      After the matter had been reported in the media, Sampo said that it had fixed the breach.
      Mikko Hyppönen, head of research at the online security company F-Secure, called the mistake "primitive".
      "It is surprising that an error of this magnitude was found there so easily. When a website such as an online bank is set up, a very basic operation is to test it against attacks", he said.
     He added that Sampo's new online banking system still has a number of cross site scripting (XSS) vulnerabilities.


Previously in HS International Edition:
  Serious problems with launch of new online service of Sampo Bank (26.3.2008)

Helsingin Sanomat