Heise Security, an online security company, said that Cahoot, Bank of Scotland and First Direct have failed to make their banking websites more secure from fraudsters, even though it alerted the banks to the problem over a month ago. Natwest has taken some steps but Heise said its customers are still vulnerable to attack.

In September Heise discovered a loophole that would have allowed criminals to steal users’ identities giving them access to the online accounts of seven of the biggest online banks.

It discovered that a fake page could be inserted onto the banks’ web sites which would be so convincing that customers would find it almost impossible to detect that anything was wrong. Customers would then be encouraged to type in security details such as user names and passwords which would then be captured by the fraudsters – a scam known as "phishing".

After Heise rehighlighted the problem all of the banks have been quick to reassure customers that the problem is now being fixed.

Rob Skinner at First Direct, part of the HSBC group, said: "We are updating our security this week. We are not aware of anyone who has lost out."

Morag Fleming at Cahoot said: "We are aware of the theoretical risk of which Heise has reported. We have been working on eliminating any potential risk and will have a permanent fix in place shortly."

Bank of Scotland has also promised to correct the flaw this week.

Jason Clarke at Bank of Scotland said: "We do not believe the issue identified constitutes a significant risk to the vast majority of customers, however, we have taken steps to resolve the matter in the interests of maintaining the highest levels of security. Work on the Bank of Scotland site and should be complete this week."

Bank of Scotland is already under fire over its use of technology after a technical error resulted in thousands of homeowners having their bank accounts emptied. About 7,000 Bank of Scotland customers had up to three mortgage payments taken from the current accounts on consecutive days.

WAYS TO PROTECT AGAINST FRAUD

* Install an anti-virus system and firewall on your computer and keep them up to date. A message will appear on your screen when updates need downloading.

* Experts do not recommend you click on any link in an e-mail, even if it seems genuine. Type in the web address, just in case. If in doubt, contact the bank using an advertised phone number.

* Do not divulge Pins or passwords to anyone.

* Avoid obvious passwords such as your child's name or your date of birth.

* Only make transactions on secure websites that begin 'https' or display a padlock icon in the corner of your web browser.

* More detailed advice on how to protect your computer is available from getsafeonline.org, which is backed by the government.

For more on consumer affairs visit www.timesonline.co.uk/consumeraffairs