SaaS Billing Software Issues - Professional Assessment of szamlazz.hu

Background and Personal Experience

I don't have a direct customer relationship with szamlazz.hu. However, I regularly receive numerous invoices from them (the ones issued to my company, CSE Business Kft). Thus, I've become an indirect user or "forced user" of the system. Over the years, I've noticed numerous deficiencies and various problems; however, in the summer of 2024, I encountered system errors that raised serious concerns for me, both as a customer and as an IT professional.

In recent years, the design and operation of high-availability systems and high-traffic websites/portals have become central to my expertise. With the proliferation of cloud-based systems and web applications, there has been a significant increase in the need to manage web server and database traffic, which has had a profound impact not only on server infrastructure but also on firewalls and required internet bandwidth. Additionally, countless "robots" continuously scan the internet, searching for potential vulnerabilities.

Cloud-based systems are significantly more exposed to cyber attacks since the applications are constantly exposed to open internet traffic, similar to a web portal. In contrast, traditional internal applications are easier to protect because numerous security solutions can be applied, such as Zero Trust architecture, which individually authenticates and authorizes each access attempt, regardless of its origin.

A web application cannot be left unprotected on the internet; it requires reverse proxies, Web Application Firewalls (WAFs), and other protective layers. As the number and sophistication of cyber attacks increase, and the activity of malicious bots intensifies, firewalls and defense systems continue to evolve accordingly. This evolved not only into an IT security issue but also a business continuity concern, particularly in critical sectors such as financial services.

The Problems: WordPress-Based System

The problem began with the links to invoices from szamlazz.hu regularly throwing WordPress-typical error messages. This was highly annoying, especially because I couldn't view/download the invoices – the links often didn't work at all, and I had to type them in manually. Very often, they would only open in Windows Edge browser, which I don't like to use because it requires another virtual machine. It's worth noting that I wanted to remove VirtualBox after the Kulcs Soft billing program became outdated, having run for 10 years, and it was the only program that ran smoothly for me on Windows in VirtualBox.

It's thought-provoking that a company operating in such a heavily regulated field would choose a platform primarily designed for prototyping, blogs, and marketing pages, rather than as a foundation for critical financial services.

The Suffering of User Experience

One of the most annoying problems that persists even today (in 2025!) relates to printing PDF invoices. The PDFs generated by szamlazz.hu cannot be printed in black and white – more precisely, when I attempt to print them in grayscale mode on a color printer, pages with almost completely black backgrounds and black text are printed. This problem exists both when using a MacBook and iPhone (although it might be specific to certain printer types, but I believe it's inherent in how the composite PDF is created).

Due to these errors and problems, I wrote to them in July 2024, also mentioning that CSE Business resources would be available for development. With over 15 years of ERP experience and expertise in high-availability (HA) and high-traffic systems gained in recent years, I offered to review the entire system and formulate development suggestions.

Security Questions

The fundamental problem is this: if szamlazz.hu leaves such serious errors in a basic function like PDF generation, what guarantees that the backend systems are properly secured? Several questions arise:

• What kind of Business Continuity and Disaster Recovery (BCDR) plan do they have?
• What is the system's Recovery Time Objective (RTO) and Recovery Point Objective (RPO)?
• Are the invoices and personal data secure?
• How do they handle load balancing and clustering?
• Is the system truly fault-tolerant?
• Do they have an effective Disaster Recovery (DR) strategy?
• How do they ensure data integrity (CIP)?

Since we lack information about the system's traffic, the number of customers, and per-second load capacity, it isn't easy to provide a comprehensive professional opinion on data security and system robustness. However, what is certain: using a WordPress-based solution for such a critical financial service carries numerous risks that are difficult to manage.

Changes That May Be Due to My Feedback

I've written to szamlazz.hu multiple times (most recently in February 2025), but not a single response has been received. Interestingly, however, I've observed that there have been developments in the system:

1. Today, they not only send links in emails but also attach PDF invoices – this is significant progress
2. The website has visibly transformed, although it still appears to be WordPress-based, and the WordPress icon/favicon is still there
3. Some previously experienced errors have disappeared

While I can't prove it, my professional feedback has likely contributed to these developments. Unfortunately, however, the problem with black and white printing of PDFs still persists, which is unacceptable for such a service in 2025.

My Professional Assessment

Operating a critical financial service system like szamlazz.hu on WordPress foundations carries significant risks and is not considered an optimal choice. Here are some arguments supporting this position:

1. Security risks: WordPress is an open-source platform that is frequently targeted by cyberattacks. While it can be protected with appropriate security measures, it was not fundamentally designed for financial systems, requiring many additional security layers.
2. Performance limitations: WordPress primarily functions effectively as a content management system (CMS), rather than as a complex data processing application. Performance issues can occur under heavy load, particularly when handling a large number of concurrent users and transactions.
3. Scalability challenges: While there are solutions for scaling WordPress, these often involve complex and potentially cost-ineffective approaches. A financial system needs to scale seamlessly as the load increases.
4. Compliance issues: Financial systems must comply with strict regulatory requirements (e.g., GDPR, domestic financial regulations). The WordPress base system does not contain built-in solutions for these special requirements.
5. Integration difficulties: Financial systems frequently require integration with other corporate systems and banking interfaces. WordPress is not optimized for this, so these integrations often require custom development and workaround solutions.
6. Maintenance burden: WordPress requires regular updates, and compatibility issues frequently arise between plugins. For a critical financial system, such maintenance windows and potential outages are difficult to tolerate.

What They Should Be Using

In my view, a more appropriate solution for a service of this volume and criticality would be:

• Dedicated, scalable backend system (e.g., Java, .NET Core, or other enterprise-level technology)
• Microservice architecture for flexible scalability and maintainability
• Purpose-built secure data storage and data management
• Redundant infrastructure with high availability (HA)
• Automated testing and monitoring
• Appropriate load balancing and clustering solutions

Conclusion

It's clear that there have been developments and improvements in the szamlazz.hu system. It's evident that they've learned from mistakes – for example, attaching PDFs to emails is a significant step forward. However, there are still fundamental deficiencies that are difficult to accept from a service of this caliber in 2025.

The use of WordPress as a base technology continues to raise questions about the system's security, scalability, and long-term sustainability. Unfortunately, the company's communication approach – the complete lack of responses to inquiries – does not help build trust.

I hope that in the future, the company will be more open to professional collaboration and continue developing the system to truly meet the technological expectations and user needs of 2025.