An ANZ spokesperson said on Thursday that the bank plans to push the new service live by the middle of this year.
"The whole system is going to be replaced in a couple of months. The first implementation will be a mirror of our current functionality -- as we stabilise the new system. We will then look to add functionality. It is a bit early to say when it will hit but certainly in the next three or four months," the spokesperson told ZDNet Australia .
He refused to release any further details about the project.
Charles Heunemann, general manager of SurfControl APAC, on Wednesday highlighted the same vulnerability in both ANZ and rival Westpac's online banking sites.
According to Heunemann, the code could be used in conjunction with a phishing kit to create fraudulent sites.
"By not locking this down the banks just make it a little bit easier for criminals to ply their trade,' added Heunemann.
"Westpac takes customer security very seriously, and as a part of this, we are enhancing our fraud prevention through continuous process improvement. The issue that has been raised has been taken into account, and will be actively monitored," said Jennings.
Westpac is is already under pressure to improve its online bank's log-in interface after customers slated the new on-screen keypad.
In response to a ZDNet Australia news story in February describing the introduction of Westpac's on-screen keypad, users of the system have been critical of the keypad's functionality and even suggested it could make logging onto the online services less secure.
Typical comments from ZDNet Australia readers are summed up by someone identifying themselves as Ross: "When I use the ATM I cover the buttons with my hand for security. If I can't cover the monitor for security from prying eyes, how can I use Westpac's services in public, at work or overseas in an Internet cafe?"
Westpac's Jennings said the tool was designed purely to reduce the risk from keyloggers stealing customers' passwords: "The new sign on page does not attempt to prevent a standard phishing attack, nor is it designed to comprehensively mitigate all potential avenues of attack, but rather to help mitigate the risk presented by generic keylogging trojans deployed on customer PCs."