In the past decade banks invested heavily in internet technology so as to engage in e-business and e-commerce activities. However, this development exposed banks to threats, such as online fraud. Consequently, there was a need to adopt security measures and controls to mitigate such threats. Banks in developed countries have developed a level of ‘best practice’ to reduce such online threats. The objective of this study was to explore the extent to which banks in the developing world were benefitting from the experiences of banks in the developed world in terms of how they address online security threats. Case studies of two Nigerian Banks were undertaken using interviews and short questionnaire. The findings show respondents perceived the level of threats to e-banking in Nigeria to be low. When adopting e-banking security controls, the case study banks placed more emphasis on the technical dimension than the human dimension. Senior management commitment is a significant barrier to adopting best practice, which is highlighted in limited financial resources being provided for new investment in training or customer education. The study concludes that senior managers need to change their perceptions and priorities towards IT security to reduce the vulnerability of their e-banking services.