Ingram said there is a belief that customers are safe and privacy is protected through the use of SSL but "this is not the truth".

His statement was backed up by AusCert's analysis and assessment manager Kathryn Kerr, who said it is a serious issue for any organization offering Internet banking as well as anyone using VPNs or remote work.

Neal Wise, director of security firm Assurance Pty Ltd., said SSL does serve a good purpose but leaves users prone to a "man in the middle"-type attack.

"Unfortunately the only controls a bank can rely on for users to transport data is SSL encryption; it leaves them in an interesting situation having to cover related security issues they have not created," Wise said.

"We will see financial institutions, as part of shoring up their own risks, providing cut-price antivirus and content checking tools for their clients, because right now if someone manages to put a keystroke logger on a client computer, and a banking session gets recorded, banks have to cover that risk and it is not their fault."