Security

Why can't I do my banking when it suits me?

Protect your Online Banking

ING DIRECT takes the security of our customers' transactions and information very seriously and is committed to protecting our customers against online fraud. Banking online with ING DIRECT is secure provided you follow a number of important steps. These steps are detailed in the following list.

What you can do to help protect yourself online

  1. Be aware of phishing emails
  2. Don't click on links or attachments in emails
  3. Install anti-virus software
  4. Install firewall software
  5. Keep your computer software updated
  6. Protect yourself from spyware
  7. Avoid using shared computers
  8. Protect your Access Code
  9. Verify the ING DIRECT website
  10. Other steps to protect yourself online
  11. Protect your card and PIN
  12. Phone Calls from ING DIRECT
  13. Read advice from other websites

How ING DIRECT helps to protect you online

  1. Protection of your information
  2. Industry-standard encryption
  3. Virtual keypad
  4. Last login time displayed
  5. Login timeout
  6. Account lockout
  7. Communication to customers

What You Can Do to Help Protect Yourself Online

1. Be aware of phishing emails

Phishing is a term used to describe the method used by criminals to lure customers into disclosing their banking login and other personal details by sending out hoax emails linking to fake websites. These emails look like they came from your bank, but they did not, and clicking on the link inside the email may take you to a fake website or install malicious software onto your computer.

Look out for hoax emails claiming to originate from your bank. If you wish to report a suspicious ING DIRECT email please contact us on 133 464.

2. Don't click on links or attachments in emails

To help protect yourself against phishing, follow these guidelines:

  • Don't click on links or attachments in emails that you were not expecting
  • Don't provide any login details or personal information in response to an email
  • Always access online banking by typing ingdirect.com.au into a new browser window (or use your favourites menu) and clicking on Online Banking

Note: ING DIRECT will never send you an email instructing you to click on a link to access online banking. We will also never ask for your login details or any personal information via email.

To identify a legitimate ING DIRECT email, look for the following:

  • If you are a customer, the email will address you by your first or last name at the top of the email and will include your full name at the bottom of the email
  • The email will never instruct you to click on a link to access online banking
  • The email will never ask for your login details or any personal information

To ensure you receive ING DIRECT emails, add the domain @ingdirect.com.au to your safe senders list.

3. Install anti-virus software

You should install anti-virus software to protect your computer against malicious software and ensure you keep it updated. You should regularly scan your computer for viruses.

4. Install firewall software

You should install or configure a personal firewall on your computer to create a security barrier between your computer and the Internet. If you are using Windows XP, enable the "Windows Firewall".

5. Keep your computer software updated

Computer operating systems are complex and vendors regularly release patches to fix security weaknesses. You should regularly update your computer's software from the vendor's website. If you are using Windows XP, enable the "Automatic Updates" feature. You should also ensure you are running the latest version of your web browser.

6. Protect yourself from spyware

Be careful to avoid installing spyware on your computer, which can transmit information (including your Access Code) to third-parties without your knowledge. To avoid downloading spyware, don't open unknown email attachments, click on links in emails or visit questionable websites.

You should also regularly scan your computer using specialist anti-spyware software such as:

7. Avoid using shared computers

Avoid using computers that are shared with other unknown people, such as at Internet Cafes and libraries, for online banking. If you do access online banking at one of these places, you should change your Access Code as soon as possible afterwards.

8. Protect your Access Code

  • Choose an Access Code that is difficult to guess
  • Don't share your Access Code with anyone else
  • If you record your Access Code, store it in a safe place, separate from your Client Number
  • Don't provide your Access Code to another website for the purposes of account aggregation
  • Change your Access Code regularly

9. Verify the ING DIRECT website

  • Ensure the address bar reads ingdirect.com.au or www.ingdirect.com.au.
  • When signing in to ING DIRECT online banking, ensure that there is a padlock icon on the bottom corner of your browser window.
  • When you successfully sign in to ING DIRECT online banking, ensure you are greeted by your full name on the Welcome screen; this will verify that you are using the correct ING DIRECT website.
  • The Welcome screen will also display your last sign-in date and time. You should check this and if it is not correct please contact us immediately on 133 464.
  • If you see any unusual changes to the ING DIRECT online banking website, such as suspicious questions appearing asking for confidential information, please contact us immediately on 133 464.

10. Other steps to protect yourself online

  • Never leave your computer unattended while logged onto online banking - you should logout of your online banking session as soon as you have finished.
  • Regularly check your statement for unauthorised transactions.

11. Protect your card and PIN

If you have an ING DIRECT Visa card, you should take steps to ensure that your card and the associated PIN are protected from unauthorised access or disclosure.

  • Sign your Visa card as soon as you receive it.
  • Never write down your PIN.
  • Do not give your Visa card to anyone else or allow anyone else to use it.
  • Know where your card is at all times and keep it in your sight when paying for goods and services. If possible when dining, walk to the counter to pay your bills, instead of giving your card to the waiter.
  • When shopping online, ensure the website is reputable and secure.
  • Keep all receipts until you have reconciled your statement, then store your receipts securely or destroy them.
  • Ensure that you can be contacted by us at all times (even when overseas), in the event that we need to contact you about unusual activity on your account. Update your email address, or ensure that your mobile telephone has "global roaming" activated if you are travelling.

If your Visa card is lost, stolen, used without your permission or you suspect your PIN is known to someone else, contact us immediately on 133 464 during business hours (8:00am - 6:00pm Sydney time, Monday to Friday) or 1800 800 521 (after hours).

12. Phone Calls from ING DIRECT

On occasion, we may be required to call you to discuss your account or to answer a question from you. As part of the call, we may need to verify that we are speaking to the correct customer by asking you some random security questions.

If you do not feel comfortable or have any concerns about the legitimacy of the call, please call us back on 133 464.

Remember that we will never phone you to ask you for your Access Code or Client Number.

13. Read advice from other websites

If you wish to find out more about protecting yourself online, visit the following websites:

  • Protect Your Financial Identity has been developed by the Australian Banker's Association (ABA), the Australian High Tech Crime Centre (AHTCC) and the Australian Securities & Investments Commission (ASIC) to provide information about how you can protect your financial identity in everyday life and minimise the damage if a problem occurs.
  • Stay Smart Online has been provided by the Australian Government to help home computer users and small businesses to be safe when online.
  • ScamWatch - provided by the Australian Government. ING DIRECT supports this website, which provides useful information on methods used by scammers and strategies you can use to protect yourself.

How ING DIRECT Helps to Protect You Online

1. Protection of your information

ING DIRECT takes the security of your information very seriously. We use proven technology and physical security measures to ensure a high level of protection for your information.

We continually monitor trends and work with industry experts and authorities to ensure that we provide the highest level of protection available.

2. Industry-standard encryption

Our website uses 128-bit SSL (Secure Sockets Layer) encryption to ensure that others cannot read information travelling over the internet between your computer and our website. This can be verified by checking that there is a padlock icon on the bottom corner of your browser window, which will appear when you log into ING DIRECT online banking.

3. Virtual keypad

We use a virtual keypad on our website when you are required to enter your Access Code. The order of the numbers on the keypad changes on each login. This keypad is designed specifically to help prevent hackers from capturing your Access Code and therefore gain access to your account.

4. Last login time displayed

When you successfully sign in to online banking, the Welcome screen will display your last sign-in date and time. This will help you to determine whether unauthorised parties have accessed your account.

5. Login timeout

Your online banking session will automatically timeout and you will be logged out if you do not perform any activity on the website for five minutes or more.

6. Account lockout

After three failed login attempts, your account login will be permanently disabled. You will need to ring us on 133 464 to have your account unlocked.

7. Communication to customers

We will communicate to you when we become aware of new threats to online banking by updating this security page, the security tips page and occasionally on statements. If you have any concerns about the security of online banking, please contact us on 133 464.

Glossary

Account Aggregation

Some websites offer a service to automatically combine, or "aggregate" your financial information into one website. They do this by asking you for your Customer Number and Access Code, and using it to automatically log in to the ING DIRECT website to obtain your account information.

Anti-virus software

Anti-virus software is designed to protect you and your computer against known viruses, worms and Trojans. Ensure that your software is configured to download updates regularly.

Fake websites

Often linked from hoax (phishing) emails, the purpose of fake websites is to obtain your login details to access your bank accounts. They can also be used to obtain other personal information which could be used for identity theft.

Firewall

Software designed to protect your computer or network from unauthorised access, especially via the internet. It creates a security barrier between your computer and the Internet.

Hoax emails

Also called phishing emails, a number of customers from Australian financial institutions have been targeted with hoax emails that appear to be genuine bank emails. These emails usually claim to require your information and link to an authentic-looking, but fake website. They can also ask you to install software which often contains viruses or spyware.

Patches

A type of software used to repair or update existing software, patches are regularly distributed by operating system vendors such as Microsoft and Apple.

Phishing

Phishing is a collective term describing the use of hoax emails and fake websites to deceptively obtain personal information to be used in identity theft.

Spyware

Also known as "adware" or Trojans, spyware is hidden software that collects and transmits user information via the internet to third-parties such as advertisers or hackers. Often the user is unaware that spyware is installed.

You could become vulnerable to spyware if you click on unknown links in emails, download free games from sites you don't trust, or other software programs from unknown sources.

Virus

Viruses are malicious programs that can harm your computer or use your computer to harm another's computer or network.