We have done a limited security analysis of the system. BankID's basic design makes it difficult to use the system securely, making it extremely vulnerable to phishing attacks. The developers have also had significant problems with quality control.
We have a note (in Norwegian) giving an overview of the problems with BankID, and a technical paper (presented at EuroPKI 2008) with a discussion of the technical weaknesses found. (The banks have notified us of one minor mistake in the technical paper.)
The NoWires Research Group at the University in Bergen have also analysed BankID and other bank systems.