ING’s security measures

All of ING's systems are continuously monitored for vulnerabilities and potential breaches (e.g. malware), including security state monitoring (e.g. configuration and patch problems) and monitoring on security breach events.

Monitoring is performed by correlating data retrieved by specific sensors in our network, including intrusion detection systems, (web application) firewalls and other systems. Alignment with the international security community ensures that Information on vulnerabilities is shared and acted upon immediately, to comply with the latest software standards and updates to our technologies to ensure our systems are protected.

All software deployed by ING is scanned for security code errors and tested for potential security issues prior to implementation, as well as periodically once in production. Additionally, ING runs an extensive Responsible Disclosure program, where members of the public and security professionals are rewarded for found and reported security issues.

ING’s Cyber Crime Expertise & Response Team (CCERT) is responsible for reviewing and responding to computer security incident reports. It supports the business operations of the ING organization through the rapid mitigation of all incidents adversely impacting the confidentiality, integrity and availability of its information infrastructure and assets.


Secure connection with ING

When you log on to ING, a secure connection is established between the ING host system and your computer. This connection protocol is often called Secure Socket Layer (SSL) or Transport Layer Security (TLS), which means that all communication between you and ING is encrypted.

SSL/TLS is the standard way of securing personal information and transactions on the internet.

To check if you work via a secure connection, please:

  • Check that the address in the browser starts with https://
  • Verify that the certificate is issued to ING BANK N.V. By clicking on the security icon in the browser you can view the details of the security certificate in use.


Restricted log on time (time out)

When you need to leave your desk, log off the ING internet banking application and always lock your computer.

ING will automatically log you out after 15 minutes of user inactivity. It is important to know that this will result in a loss of data changed since the last time that you saved your work, so please be sure that you save the transaction/order that you are working on before this period expires.

After the session expires, you will need to log on again to access the application.


Secure access means

InsideBusiness is protected from unauthorised access as only registered users can enter the online banking applications. ING uses cutting-edge technology to encrypt and authenticate your transactions. InsideBusiness is secured by the ING I-Dentity Card and mToken for (strong) authentication and authorisation.


Segregation of duties, advanced permission schemes

InsideBusiness supports multiple authorisation levels, which act as security measures on a functional level: By limiting access to accounts and applying dual signatures on payments, the potential damage that a single compromised (system of a) user can invoke will be prevented or at least decreased significantly. A rich setup of user access and sign permissions is supported in the system. The combination of limits on a customer and account level, allows segregation of duties and responsibilities on different levels within the company structure. Administrative configuration itself is also subject to dual control.