A joint responsibility

Online security

Internet banking is a great success, but this success also has a downside: criminals are increasingly targeting internet banking and are trying to find methods to break into systems and divert funds.

ING does everything in its power to prevent any misuse of ING’s internet banking services. ING continuously invests in upgrading software and improving security measures. However, secure internet banking is a shared responsibility between you and ING. As a valued bank customer, you are responsible for properly securing your computer and (network) environment against misuse by unauthorised persons.

For this reason, we present a number of important points of attention for improving the security of your environment when working with internet banking and accompanying security tools:

 

 

ING regularly updates these pages as well as provides security information within the closed banking environment. Regularly check for updates and always take action based upon the provided information.

Please inform your ING contact as soon as possible when you suspect something is amiss, explaining your concern. With your help our employees can determine whether your internet banking subscription has been misused and block access to prevent further abuse.


Important information

If fraud is detected and in progress, always notify your ING contact immediately. Even if a transfer has already been made, an attempt can be made to block the funds before they disappear.

If your ING contact is not available, please call ING Wholesale Banking, Fraud operations at +31 20 584 7840. If the fraud occurred a while ago, please report the case via e-mail to wb.fraudalert@ing.com.

 

For more information download our leaflet 'What to do in the event of fraud' (PDF).


 

Select a topic

Simple steps to safe internet banking

Getting access to your security details may enable third parties to view your account information and probably use it for illegal purposes. Be aware that protecting your security details is your responsibility.

  1. Always use the ING provided I-Dentity Card and ING I-Dentity Reader. When using other readers, your PIN may be retrieved and misused.
  2. Your PIN is strictly confidential and for personal use only. Employees of ING will never ask for your PIN. Neither via the internet, nor via e-mail, nor by telephone or otherwise. Your PIN is the key to your account. Never disclose your PIN to other people!
  3. Never write down your user ID and PIN. Make sure nobody is watching when you key in your PIN on the ING I-Dentity Reader or your user ID on the screen.
  4. If you lose your ING I-Dentity Card or suspect a third party knows your PIN, you must inform ING immediately to  prevent misuse. To report theft or loss you can contact your helpdesk, or contact the 24/7 available security desk Alarm and Communication Centre ING +31(0)88 464 2224 (local rate / for InsideBusiness users).

Phishing: be suspicious of a fraudsters attempt to acquire your security credentials

A phishing attack is an online fraud technique used by criminals which involves sending official-looking e-mail messages with return addresses, links and branding that all appear to come from legitimate banks, retailers, credit card companies, etc. Such e-mails typically contain a hyperlink or QR code to a malicious website and mislead account holders to enter user ID and security details under the pretence that security details must be updated or changed or in order to prevent blocking of your bank account. Your (personal) information and credentials can be used to steal account information or create fraudulent transactions. Never click on the hyperlinks in such e-mails.

It is important that you are suspicious of anyone asking for your security or account information. ING staff will never enquire after your security credentials. Neither via the internet, nor via e-mail, nor by telephone or otherwise. Never give your security credentials to other people!

Be careful when using the internet

More and more often criminals use internet websites to persuade you into revealing confidential information, or to tempt you into downloading and running malicious software. Always be aware of this risk when you are working on the internet.

Any file you download from the internet may be infected by a virus, even if it is just a funny movie, a nice picture or a good PDF paper or article. Starting downloaded executables and so called freeware may compromise the security of your computer. Never install software which you have downloaded or received via e-mail, unless you are certain about its origin and integrity.

In case of doubt, contact your system administrator or IT helpdesk.

Starting and closing ING internet banking services

Starting ING internet banking:

  • Check the URL in the address bar of your browser. This should say: https://insidebusiness.ingwb.com/ or  www.ingwb.com/insidebusiness-trade.
    If this is not the case, do not continue; you do not have a secure connection with ING. Please contact ING’s helpdesk.
  • Once logged on, check whether the displayed last logon date and time is in line with your actual last logon. Any discrepancy in this is an indication of fraudulent use of your credentials and must be reported to the bank immediately.
  • Click on the 'closed padlock’ icon in the address bar of your browser. Information on the secure connection is shown. Check whether the Secure Socket Layer (SSL) certificate is issued to ING.

Ending an internet banking session:

  • When you are done with your banking activities, always close the active session properly by clicking on ‘Log out’; otherwise someone else can misuse your still active connection with the bank.
  • If you have downloaded or opened a report or another kind of document, a copy has been stored on your hard disk. Make sure you clear your browser cache afterwards.
  • Close all browser windows.
  • Remove your ING I-Dentity Card from your ING I-Dentity Reader immediately after closing ING internet banking and store it in a safe place. This way you can be sure it will not be abused.

Do not leave your computer unattended

When you leave your computer unattended while you are logged in to ING internet banking, others can take advantage of the situation. Do not leave your computer unattended or lock your computer.

Check before you sign a transaction

Check the amount and beneficiary of the transaction before authorising. If you process a large number of transactions via ING internet banking, we advise the use of an accounting or ERP system. Within ING internet banking applications, the validity of the transactions can be verified by using the ‘hash check’ functionality.

When authorising your order you can check if it has been modified in ING internet banking. When importing transactions you can request a so called ‘hash check’. This is an extra method of checking whether your file was modified (the check provides no guarantee). You can contact your helpdesk if you need more support with using this functionality. 

Prompt checking of correspondence

Always check news and advices sent to you by the channel and immediately notify the bank for any discrepancies.

More information on access means for login and authorisation

Protect your computer against computer viruses

Computer viruses and other malicious software e.g. malware and trojans are common and rapidly spreading threats. Software like this can be very harmful to your computer and seriously threatens safe usage of internet banking, other banking applications and personal data. As a consequence you may not be able to use the ING I-Dentity Card, until you have removed the harmful software and reinstalled the software of the smartcard reader.

Make sure you always use the latest version of your anti-virus program and update it regularly. Always check whether the anti-virus software is active when using your computer and regularly scan your computer for viruses.

Keep your operating system up-to-date

The operating system of your computer works in close cooperation with internet banking. Ensure that your operating system is still supported by the vendor, keep it up-to-date by installing all available security updates and patches. To prevent unauthorised people from using possible vulnerabilities in your operating system and penetrating your computer environment. When using Microsoft Windows, you can use the update functionality provided by Windows or download updates from the Microsoft Windows site. Consult the website of the supplier of your operating system for more information.

Update your internet browser

Internet browsers are regularly challenged by unauthorised people trying to use security leaks to gain access to your system. Make sure your internet browser is always up-to-date and install security updates as soon as possible. When using Microsoft Internet Explorer, you can use the update functionality provided by Windows or download updates from the Microsoft Windows site. Consult the website of Microsoft or the supplier of your browser for more information.

Install a firewall

When using an internet connection, you run the risk of unauthorised people accessing your computer via the internet. Use a firewall as a basic protection for your computer. Your internet provider or IT supplier can give you more advice.

Secure your network infrastructure

If your computer is connected to a network, you should be careful when sharing files or programmes via this network. Have the file sharing options with other computers switched off or use very strict settings. Prevent unauthorised users from accessing your network and ensure all access is supervised.

Create and maintain a clear responsibility matrix within your organisation

Internet banking is protected in several ways. On top of that, it is necessary that you implement security measures within your organisation. Be sure that you always know who is mandated and responsible for using internet banking and ensure that the right usage is supervised.

Using different roles for approving orders before they are sent to ING makes it more difficult for fraudsters to make fraudulent payments.

Last but not least

Do not use a public computer to access ING’s internet banking services for example in an internet café or library, because the security level of such computer is unknown.

Do not use foreign networks such as free hotspots or public Wi-Fi to access ING’s internet banking services. You don’t know who is eavesdropping on your communication.

ING’s systems and applications

All of ING's systems are continuously monitored for vulnerabilities and potential breaches (e.g. malware), including security state monitoring (e.g. configuration and patch problems) and monitoring on security breach events. Monitoring is performed by correlating data retrieved by specific sensors in our network, including intrusion detection systems, (web application) firewalls and other systems. Alignment with the international security community ensures that Information on vulnerabilities is shared and acted upon immediately, to comply with the latest software standards and updates to our technologies to ensure our systems are protected.

All software deployed by ING is scanned for security code errors and tested for potential security issues prior to implementation, as well as periodically once in production. Additionally, ING runs an extensive Responsible Disclosure program, where members of the public and security professionals are rewarded for found and reported security issues.

ING’s Cyber Crime Expertise & Response Team (CCERT) is responsible for reviewing and responding to computer security incident reports. It supports the business operations of the ING organization through the rapid mitigation of all incidents adversely impacting the confidentiality, integrity and availability of its information infrastructure and assets.

Secure connection with ING

When you log on to ING, a secure connection is established between the ING host system and your computer. This connection protocol is often called Secure Socket Layer (SSL) or Transport Layer Security (TLS), which means that all communication between you and ING is encrypted.

SSL/TLS is the standard way of securing personal information and transactions on the internet.

To check if you work via a secure connection, please:

  • Check that the address in the browser starts with https://
  • Verify that the certificate is issued to ING BANK N.V. ; by clicking on the security icon in the browser you can view the details of the security certificate in use.

Restricted log on time (time out)

When you need to leave your desk, log off the ING internet banking application and always lock your computer.

ING will automatically log you out after 15 minutes of user inactivity. It is important to know that this will result in a loss of data changed since the last time that you saved your work, so please be sure that you save the transaction/order that you are working on before this period expires.

After the session expires, you will need to log on again to access the application.

Secure access means

InsideBusiness is protected from unauthorised access as only registered users can enter the online banking applications. ING uses cutting-edge technology to encrypt and authenticate your transactions. InsideBusiness is secured by the ING I-Dentity Card and mToken for (strong) authentication and authorisation.

Segregation of duties, advanced permission schemes

InsideBusiness supports multiple authorisation levels, which act as security measures on a functional level: By limiting access to accounts and applying dual signatures on payments, the potential damage that a single compromised (system of a) user can invoke will be prevented or at least decreased significantly. A rich setup of user access and sign permissions is supported in the system. The combination of limits on a customer and account level, allows segregation of duties and responsibilities on different levels within the company structure. Administrative configuration itself is also subject to dual control.

Please note

The information on this page is provided to you solely for informational purposes in order to make you aware of the most frequent cases of fraud and provide you with recommendations to protect yourself against it. This information does not ensure that your company, acting upon these recommendations is or will be protected against any occurrence of fraud detailed on this website. No rights can be derived from the use of and reliance on the safeguards you take by following up these recommendations. ING does not accept any responsibility or liability with respect to your reliance on and the actions you take as a result of these recommendations. This disclaimer is governed by Dutch law.

 

Online security

Simple steps to safe internet banking

Getting access to your security details may enable third parties to view your account information and probably use it for illegal purposes. Be aware that protecting your security details is your responsibility.

Read more

Ensuring a safe work environment

Computer viruses and other malicious software e.g. malware and trojans are common and rapidly spreading threats. Software like this can be very harmful to your computer and seriously threatens safe usage of internet banking, other banking applications and personal data.

Read more

ING’s security measures

All of ING's systems are continuously monitored for vulnerabilities and potential breaches (e.g. malware), including security state monitoring (e.g. configuration and patch problems) and monitoring on security breach events.

Read more