Irish banks are exposing themselves and their customers to huge risks by failing to invest in tougher security precautions, according to Greg McAweeney, general manager of new online bank RaboDirect. Even when the banks reimburse losses suffered at the hands of online fraudsters, victims are still exposed to identity theft as long as their personal details remain in criminal hands, he said.

All of the main Irish financial institutions, including AIB and Bank of Ireland, ask customers to input the same password every time they access their accounts online. But these static passwords, which are only changed occasionally if at all, can easily fall into the hands of online fraudsters, McAweeney said.

Once a fraudster has your online password he can empty your bank account in the same way as criminals who get their hands on your PIN number at an ATM.

"All the independent research we've seen confirms our belief that access codes and static passwords are very unsafe in this day and age, " McAweeney said. "Banks are evading their responsibilities by failing to invest in better online security. If they want more customers to overcome their understandable security concerns they are going to have to meet then halfway."

RaboDirect has given its 10,000 Irish customers a pocket device that generates a unique password every 36 seconds. The security device ensures that they have a different code to input every time their access their accounts.

McAweeney criticised a high-profile campaign, backed by the government, for concentrating on ways to improve existing security rather than promoting an upgrade to more sophisticated precautions. He claimed that the campaign is deeply flawed.

The makeITsecure campaign, backed by communications minister Noel Dempsey as well as IT giants Microsoft and Dell, advises internet users to use a password that is hard to guess and warns them not to share the code with anyone else. It advises them to pick random combinations of letters and numbers and to ensure the password has more than eight characters.

"While I fully support the idea of this campaign, I think that some of the advice falls way short, " said McAweeney. "If banks continue to use a combination of static passwords that don't change, even if they only ask for the third and fifth digit of a password for example, this is simply not secure in this day and age. Nor is it sufficient for banks to say that they will make good any losses suffered by customers as a result of fraud - they shouldn't run the risk of this as well the potential for identity theft."

An IBF spokesman defended makeITsecure, saying the campaign concentrated on the biggest threat to banking online - phishing - where crooks try to trick their victims into revealing their bank details online.

Bank of Ireland customers have been targeted on several occasions, with the fraudsters setting up bogus versions of the bank's website to get their hands on customers' passwords.

The spokesman said 31% consumers were aware of the danger of phishing, up from 13% before the campaign began. Awareness of identity theft has increased from 19% to 55% because of makeITsecure, he said.