Security

Protect your Online Banking

ING takes the security of our customers' transactions and information very seriously and is committed to protecting our customers against online fraud. Banking online with ING is secure provided you follow a number of important steps. These steps are detailed in the following list.

What You Can Do to Help Protect Yourself Online

Phishing is a term used to describe the method used by criminals to lure customers into disclosing their banking login and other personal details by sending out hoax emails linking to fake websites. These emails look like they came from your bank, but they did not, and clicking on the link inside the email may take you to a fake website or install malicious software onto your computer.

Look out for hoax emails claiming to originate from your bank. If you wish to report a suspicious ING email please contact us on 133 464.

To help protect yourself against phishing, follow these guidelines:

Don't click on links or attachments in emails that you were not expecting

Don't provide any login details or personal information in response to an email

Always access online banking by typing ing.com.au into a new browser window (or use your favourites menu) and clicking on Online Banking

Note: ING will never send you an email instructing you to click on a link to access online banking. We will also never ask for your login details or any personal information via email.

To identify a legitimate ING email, look for the following:

If you are a customer, the email will address you by your first or last name at the top of the email and will include your full name at the bottom of the email

The email will never instruct you to click on a link to access online banking

The email will never ask for your login details or any personal information

To ensure you receive ING emails, add the domain @ing.com.au to your safe senders list.

You should install anti-virus software to protect your computer against malicious software and ensure you keep it updated. You should regularly scan your computer for viruses.

You should install or configure a personal firewall on your computer to create a security barrier between your computer and the Internet. If you are using Windows XP, enable the "Windows Firewall".

Computer operating systems are complex and vendors regularly release patches to fix security weaknesses. You should regularly update your computer's software from the vendor's website. If you are using Windows XP, enable the "Automatic Updates" feature. You should also ensure you are running the latest version of your web browser.

Be careful to avoid installing spyware on your computer, which can transmit information (including your Access Code) to third-parties without your knowledge. To avoid downloading spyware, don't open unknown email attachments, click on links in emails or visit questionable websites.

You should also regularly scan your computer using specialist anti-spyware software such as:

Avoid using computers that are shared with other unknown people, such as at Internet Cafes and libraries, for online banking. If you do access online banking at one of these places, you should change your Access Code as soon as possible afterwards.

Choose an Access Code that is difficult to guess

Don't share your Access Code with anyone else

If you record your Access Code, store it in a safe place, separate from your Client Number

Don't provide your Access Code to another website for the purposes of account aggregation

Change your Access Code regularly

Ensure the address bar reads ing.com.au or www.ing.com.au.

When signing in to ING online banking, ensure that there is a padlock icon on the bottom corner of your browser window.

When you successfully sign in to ING online banking, ensure you are greeted by your full name on the Welcome screen; this will verify that you are using the correct ING website.

The Welcome screen will also display your last sign-in date and time. You should check this and if it is not correct please contact us immediately on 133 464.

If you see any unusual changes to the ING online banking website, such as suspicious questions appearing asking for confidential information, please contact us immediately on 133 464.

Never leave your computer unattended while logged onto online banking - you should logout of your online banking session as soon as you have finished.

Regularly check your statement for unauthorised transactions.

If you have an ING Visa card, you should take steps to ensure that your card and the associated PIN are protected from unauthorised access or disclosure.

Sign your Visa card as soon as you receive it.

Never write down your PIN.

Do not give your Visa card to anyone else or allow anyone else to use it.

Know where your card is at all times and keep it in your sight when paying for goods and services. If possible when dining, walk to the counter to pay your bills, instead of giving your card to the waiter.

When shopping online, ensure the website is reputable and secure.

Keep all receipts until you have reconciled your statement, then store your receipts securely or destroy them.

Ensure that you can be contacted by us at all times (even when overseas), in the event that we need to contact you about unusual activity on your account. Update your email address, or ensure that your mobile telephone has "global roaming" activated if you are travelling.

If your Visa card is lost, stolen, used without your permission or you suspect your PIN is known to someone else, contact us immediately on 133 464 during business hours (8:00am - 6:00pm Sydney time, Monday to Friday) or 1800 800 521 (after hours).

On occasion, we may be required to call you to discuss your account or to answer a question from you. As part of the call, we may need to verify that we are speaking to the correct customer by asking you some random security questions.

If you do not feel comfortable or have any concerns about the legitimacy of the call, please call us back on 133 464.

Remember that we will never phone you to ask you for your Access Code or Client Number.

If you wish to find out more about protecting yourself online, visit the following websites:

Protect Your Financial Identity has been developed by the Australian Banker's Association (ABA), the Australian High Tech Crime Centre (AHTCC) and the Australian Securities & Investments Commission (ASIC) to provide information about how you can protect your financial identity in everyday life and minimise the damage if a problem occurs.

Stay Smart Online has been provided by the Australian Government to help home computer users and small businesses to be safe when online.

ScamWatch - provided by the Australian Government. ING supports this website, which provides useful information on methods used by scammers and strategies you can use to protect yourself.


How ING helps to protect you online

ING takes the security of your information very seriously. We use proven technology and physical security measures to ensure a high level of protection for your information.

We continually monitor trends and work with industry experts and authorities to ensure that we provide the highest level of protection available.

Our website uses 128-bit SSL (Secure Sockets Layer) encryption to ensure that others cannot read information travelling over the internet between your computer and our website. This can be verified by checking that there is a padlock icon on the bottom corner of your browser window, which will appear when you log into ING online banking.

We use a virtual keypad on our website when you are required to enter your Access Code. The order of the numbers on the keypad changes on each login. This keypad is designed specifically to help prevent hackers from capturing your Access Code and therefore gain access to your account.

When you successfully sign in to online banking, the Welcome screen will display your last sign-in date and time. This will help you to determine whether unauthorised parties have accessed your account.

Your online banking session will automatically timeout and you will be logged out if you do not perform any activity on the website for eight minutes or more.

After three failed login attempts, your account login will be permanently disabled. You will need to ring us on 133 464 to have your account unlocked.


We will communicate to you when we become aware of new threats to online banking by updating this security page, the security tips page and occasionally on statements. If you have any concerns about the security of online banking, please contact us on 133 464.

Glossary

Account Aggregation

Some websites offer a service to automatically combine, or "aggregate" your financial information into one website. They do this by asking you for your Customer Number and Access Code, and using it to automatically log in to the ING website to obtain your account information.

Anti-virus software

Anti-virus software is designed to protect you and your computer against known viruses, worms and Trojans. Ensure that your software is configured to download updates regularly.

Fake websites

Often linked from hoax (phishing) emails, the purpose of fake websites is to obtain your login details to access your bank accounts. They can also be used to obtain other personal information which could be used for identity theft.

Firewall Software

Software designed to protect your computer or network from unauthorised access, especially via the internet. It creates a security barrier between your computer and the Internet.

Hoax emails

Also called phishing emails, a number of customers from Australian financial institutions have been targeted with hoax emails that appear to be genuine bank emails. These emails usually claim to require your information and link to an authentic-looking, but fake website. They can also ask you to install software which often contains viruses or spyware.

Patches

A type of software used to repair or update existing software, patches are regularly distributed by operating system vendors such as Microsoft and Apple.

Phishing

Phishing is a collective term describing the use of hoax emails and fake websites to deceptively obtain personal information to be used in identity theft.

Spyware

Also known as "adware" or Trojans, spyware is hidden software that collects and transmits user information via the internet to third-parties such as advertisers or hackers. Often the user is unaware that spyware is installed.

You could become vulnerable to spyware if you click on unknown links in emails, download free games from sites you don't trust, or other software programs from unknown sources.

Virus

Viruses are malicious programs that can harm your computer or use your computer to harm another's computer or network.