Tesco Bank says it has refunded £2.5m to 9,000 customers who had money taken in an attack on their accounts.
The number given for the current account customers hit by the fraud is fewer than half of the 20,000 initially reported to have been affected.
Personal data “was not compromised” in the attack, and all accounts affected had been refunded, the bank said.
Tesco Bank has said it was hit by “a systematic, sophisticated attack” at the weekend.
“We’ve now refunded all customer accounts affected by fraud and lifted the suspension of online debit transactions so that customers can use their accounts as normal,” said chief executive Benny Higgins.
Current account customers had been blocked from making online payments using their debit card since Sunday, an action the bank said it had taken “to prevent criminal activity”.
“We’d again like to apologise for the worry and inconvenience this issue has caused,” said Mr Higgins.
Mr Higgins said the bank knew “exactly” the nature of the attack, but could not say more because it was part of a criminal investigation.
The National Crime Agency (NCA) is leading the investigation into the case.
Despite a series of questions from BBC News, no more details have been given.
Andrew Bailey, chief executive of the Financial Conduct Authority (FCA), earlier told MPs he was worried about weaknesses in banks’ complex IT systems.
The more complex banks’ IT systems were, the more potential “points of entry” were available for criminals, he suggested.
“The heart of concern is what is the root cause of this [Tesco attack] and what it tells us about the broader threats,” Mr Bailey said.
Banks must refund unauthorised payments immediately in the case of fraud, unless they have evidence that the customer was at fault or the payment was more than 13 months ago.
Banks are also required to refund any charges or interest added to a customer’s account as a result of the fraudulent payments.
Tesco Bank has been owned by Tesco plc since 2008, after starting as a joint venture with Royal Bank of Scotland.