Hi all, this is a question for all coders developing online banking websites for banks.
Why do banks all use java applet for their online banking websites? basically if you don't have JRE installed, you can't use thier websites.
if it is for security reasons, isn't SSL good enough?
BBVA.es, a major Spanish bank, does not use java.
Alfabank.ru, a major Russian bank, does not use java either.
Are there really that many banks that use java applets for banking?
I'd venture to say that your sample is statistically insignificant, because my sample pool (ie. banks that I use) do not in any way use Java applets :-)
My bank, USAA, does not use Java applets for normal, every-day banking but does use it for their Deposit@Home Service in order to deposit checks from, well, home. They probably use Java in this instance because it is easier to access the scanner and to manipulate the images of the checks once they're scanned.
I found a bank in Austria that uses a Java applet during normal banking use, Sparkasse. Here is the reason they give on their site as to why they use Java.
Since we consider the password an especially sensitive issue, we would like to give it special protection. Therefore, it is our opinion that it is necessary to encrypt your password in addition to SSL. To this means, we use an untrackable encryption functionality that encrypts your password and makes it illegible. A Java applet will be uploaded that can carry out the encryption. Thus, only an encrypted password is transferred to the server. This way we also ensure that no bank employee ever sees your password un-encrypted, or could pass on your password to you, since it is stored with us only as an encrypted version.
Here is the site with more details about this banks security.