Online banks are not doing enough to protect customers from fraud online, according to analysts at Heise Security, who published a report last month that details their research into seven online banks.

Four of the seven have not done enough to protect their systems against phishing scams. What Heise Security is most worried about is spoof pages that are somehow inserted into an online system's site. The fake pages look like the real thing, complete with the padlock icon and an https preface.

Heise named the four banks as First Direct, Cahoot, NatWest, and Bank of Scotland, all of which have not done anything to improve their site security since last month's report.

The Guardian newspaper received responses to enquiries from all four banks, nearly all contrite. A spokesman for the Bank of Scotland said that “work on the Bank of Scotland site will be completed imminently”, while First Direct's spokesman said that the system would be changing in the next few days. Cahoot's Morag Fleming told the Guardian's reporter that the bank is working hard on “eliminating any potential risk from spoof framing” and will have a fix shortly.