Following revelations of a security flaw in St George's Internet banking service, more customers have come forward to say it's not an isolated case.

A week ago, an accountant at venture capital company Ebit found she could access the company's accounts and make transactions to her own personal online banking account.

At the time St George said it was an 'isolated case' and it was the first time the bank had been informed of a problem of this kind.

However, another of the bank's customers has refuted this claim saying that two company directors have been able to access his company's account and that St George resolved the glitch when he pointed it out to them.

"Basically the account was set up incorrectly," the customer, who is the managing director of an e-commerce company, said.

"Linking a director's personal account [to a business account] seemed to be set up as a default," he said.

"It was a human error but it absolutely shouldn't happen."

Like the Ebit accountant, the company directors had full access to the business account and could have potentially transferred money online from that account to their own.

St George representative Adam Cook, who last week said the glitch was a one-off, today said: "I guess if it's happened this time it could've happened before."

However, it's "really irrelevant" if employees who have access to a company's business accounts anyway can access them online, he said.

"If they embezzle money they're going to get caught."

Cook conceded that the situation was "not ideal" and that St George was "closing that loop".

The customer, who deals extensively with the banks in his daily business believes the banks are generally "very tardy" in response to security issues.

"The level of experience of the so-called experts in banks in the security of e-commerce is very low and lags that in other industries," he said.

"Most [bank] front-line managers don't understand security implications," he added. "Basically they wouldn't have a clue."

Another St George customer contacted ZDNet after she was confronted with a glaring security flaw in the St George Bank's online facility.

The customer, who has been with St George for about 20 years, claims that on two occasions when she went to use her online account, she could see the accounts of other customers.

Although she couldn't go into the accounts she had full view of account numbers and transactions that had been made.

On the first occasion, "I was in shock," she said. "I had about AU$129,000 in my account but when I opened up the details it was someone else's account."

"I got out of it really fast."

On the second occasion, which brought up an entirely different account, the customer took a screen dump - which captures and saves every thing you can see on the screen.

The screen dump shows regular fortnightly payments, a potential salary, going into the account from a Catholic non-profit organisation, fortnightly debits to financial group Ing Direct and regular Bpay phone payments.

"The fact that you can see someone else's details, in itself, is not acceptable," she said. "But my concern here is customer service. [St George] didn't even have the courtesy to contact me."

When confronted with this security flaw, St George claimed it was another "an isolated case".

"If it hasn't happened since then it must have been resolved," Cook said. "It's an issue we would have jumped on immediately."

However, he said he could not comment on the fact that no one from St George had bothered to contact the customer about the glitch.

"Our customers should not be concerned with the security of Internet banking." Cook said. "It's the best security available."

"On occasions there are problems that arise but we'll move quickly to resolve these whenever they're brought to our attention and we do take it seriously."

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.