Security
Protect your Online Banking
ING DIRECT takes the security of our customers' transactions and information very seriously and is committed to protecting our customers against online fraud. Banking online with ING DIRECT is secure provided you follow a number of important steps. These steps are detailed in the following list.
What you can do to help protect yourself online
- Be aware of phishing emails
- Don't click on links or attachments in emails
- Install anti-virus software
- Install firewall software
- Keep your computer software updated
- Protect yourself from spyware
- Avoid using shared computers
- Protect your Access Code
- Verify the ING DIRECT website
- Other steps to protect yourself online
- Protect your card and PIN
- Phone Calls from ING DIRECT
- Read advice from other websites
How ING DIRECT helps to protect you online
- Protection of your information
- Industry-standard encryption
- Virtual keypad
- Last login time displayed
- Login timeout
- Account lockout
- Communication to customers
What You Can Do to Help Protect Yourself Online
1. Be aware of phishing emails
Phishing is a term used to describe the method used by criminals
to lure customers into disclosing their banking login and other personal details by sending out
hoax emails linking to fake websites.
These emails look like they came from your bank, but they did not, and clicking on the link inside the email may take you
to a fake website or install malicious software onto your computer.
Look out for hoax emails claiming to originate from your bank. If you wish to report a suspicious ING DIRECT email please contact us on 133 464.
2. Don't click on links or attachments in emails
To help protect yourself against phishing, follow these guidelines:
- Don't click on links or attachments in emails that you were not expecting
- Don't provide any login details or personal information in response to an email
- Always access online banking by typing ingdirect.com.au into a new browser window (or use your favourites menu) and clicking on Online Banking
Note: ING DIRECT will never send you an email instructing you to click on a link to access online banking. We will also never ask for your login details or any personal information via email.
To identify a legitimate ING DIRECT email, look for the following:
- If you are a customer, the email will address you by your first or last name at the top of the email and will include your full name at the bottom of the email
- The email will never instruct you to click on a link to access online banking
- The email will never ask for your login details or any personal information
To ensure you receive ING DIRECT emails, add the domain @ingdirect.com.au to your safe senders list.
3. Install anti-virus software
You should install anti-virus software to protect your computer against malicious software and ensure you keep it updated. You should regularly scan your computer for viruses.
4. Install firewall software
You should install or configure a personal firewall on your computer to create a security barrier between your computer and the Internet. If you are using Windows XP, enable the "Windows Firewall".
5. Keep your computer software updated
Computer operating systems are complex and vendors regularly release patches to fix security weaknesses. You should regularly update your computer's software from the vendor's website. If you are using Windows XP, enable the "Automatic Updates" feature. You should also ensure you are running the latest version of your web browser.
6. Protect yourself from spyware
Be careful to avoid installing spyware on your computer, which can transmit information (including your Access Code) to third-parties without your knowledge. To avoid downloading spyware, don't open unknown email attachments, click on links in emails or visit questionable websites.
You should also regularly scan your computer using specialist anti-spyware software such as:
7. Avoid using shared computers
Avoid using computers that are shared with other unknown people, such as at Internet Cafes and libraries, for online banking. If you do access online banking at one of these places, you should change your Access Code as soon as possible afterwards.
8. Protect your Access Code
- Choose an Access Code that is difficult to guess
- Don't share your Access Code with anyone else
- If you record your Access Code, store it in a safe place, separate from your Client Number
- Don't provide your Access Code to another website for the purposes of account aggregation
- Change your Access Code regularly
9. Verify the ING DIRECT website
- Ensure the address bar reads ingdirect.com.au or www.ingdirect.com.au.
- When signing in to ING DIRECT online banking, ensure that there is a padlock icon on the bottom corner of your browser window.
- When you successfully sign in to ING DIRECT online banking, ensure you are greeted by your full name on the Welcome screen; this will verify that you are using the correct ING DIRECT website.
- The Welcome screen will also display your last sign-in date and time. You should check this and if it is not correct please contact us immediately on 133 464.
- If you see any unusual changes to the ING DIRECT online banking website, such as suspicious questions appearing asking for confidential information, please contact us immediately on 133 464.
10. Other steps to protect yourself online
- Never leave your computer unattended while logged onto online banking - you should logout of your online banking session as soon as you have finished.
- Regularly check your statement for unauthorised transactions.
11. Protect your card and PIN
If you have an ING DIRECT Visa card, you should take steps to ensure that your card and the associated PIN are protected from unauthorised access or disclosure.
- Sign your Visa card as soon as you receive it.
- Never write down your PIN.
- Do not give your Visa card to anyone else or allow anyone else to use it.
- Know where your card is at all times and keep it in your sight when paying for goods and services. If possible when dining, walk to the counter to pay your bills, instead of giving your card to the waiter.
- When shopping online, ensure the website is reputable and secure.
- Keep all receipts until you have reconciled your statement, then store your receipts securely or destroy them.
- Ensure that you can be contacted by us at all times (even when overseas), in the event that we need to contact you about unusual activity on your account. Update your email address, or ensure that your mobile telephone has "global roaming" activated if you are travelling.
If your Visa card is lost, stolen, used without your permission or you suspect your PIN is known to someone else, contact us immediately on 133 464 during business hours (8:00am - 6:00pm Sydney time, Monday to Friday) or 1800 800 521 (after hours).
12. Phone Calls from ING DIRECT
On occasion, we may be required to call you to discuss your account or to answer a question from you. As part of the call, we may need to verify that we are speaking to the correct customer by asking you some random security questions.
If you do not feel comfortable or have any concerns about the legitimacy of the call, please call us back on 133 464.
Remember that we will never phone you to ask you for your Access Code or Client Number.
13. Read advice from other websites
If you wish to find out more about protecting yourself online, visit the following websites:
- Protect Your Financial Identity has been developed by the Australian Banker's Association (ABA), the Australian High Tech Crime Centre (AHTCC) and the Australian Securities & Investments Commission (ASIC) to provide information about how you can protect your financial identity in everyday life and minimise the damage if a problem occurs.
- Stay Smart Online has been provided by the Australian Government to help home computer users and small businesses to be safe when online.
- ScamWatch - provided by the Australian Government. ING DIRECT supports this website, which provides useful information on methods used by scammers and strategies you can use to protect yourself.
How ING DIRECT Helps to Protect You Online
1. Protection of your information
ING DIRECT takes the security of your information very seriously. We use proven technology and physical security measures to ensure a high level of protection for your information.
We continually monitor trends and work with industry experts and authorities to ensure that we provide the highest level of protection available.
2. Industry-standard encryption
Our website uses 128-bit SSL (Secure Sockets Layer) encryption to ensure that others cannot read information travelling over the internet between your computer and our website. This can be verified by checking that there is a padlock icon on the bottom corner of your browser window, which will appear when you log into ING DIRECT online banking.
3. Virtual keypad
We use a virtual keypad on our website when you are required to enter your Access Code. The order of the numbers on the keypad changes on each login. This keypad is designed specifically to help prevent hackers from capturing your Access Code and therefore gain access to your account.
4. Last login time displayed
When you successfully sign in to online banking, the Welcome screen will display your last sign-in date and time. This will help you to determine whether unauthorised parties have accessed your account.
5. Login timeout
Your online banking session will automatically timeout and you will be logged out if you do not perform any activity on the website for five minutes or more.
6. Account lockout
After three failed login attempts, your account login will be permanently disabled. You will need to ring us on 133 464 to have your account unlocked.
7. Communication to customers
We will communicate to you when we become aware of new threats to online banking by updating this security page, the security tips page and occasionally on statements. If you have any concerns about the security of online banking, please contact us on 133 464.
Glossary
Account Aggregation
Some websites offer a service to automatically combine, or "aggregate" your financial information into one website. They do this by asking you for your Customer Number and Access Code, and using it to automatically log in to the ING DIRECT website to obtain your account information.
Anti-virus software
Anti-virus software is designed to protect you and your computer against known viruses, worms and Trojans. Ensure that your software is configured to download updates regularly.
Fake websites
Often linked from hoax (phishing) emails, the purpose of fake websites is to obtain your login details to access your bank accounts. They can also be used to obtain other personal information which could be used for identity theft.
Firewall
Software designed to protect your computer or network from unauthorised access, especially via the internet. It creates a security barrier between your computer and the Internet.
Hoax emails
Also called phishing emails, a number of customers from Australian financial institutions have been targeted with hoax emails that appear to be genuine bank emails. These emails usually claim to require your information and link to an authentic-looking, but fake website. They can also ask you to install software which often contains viruses or spyware.
Patches
A type of software used to repair or update existing software, patches are regularly distributed by operating system vendors such as Microsoft and Apple.
Phishing
Phishing is a collective term describing the use of hoax emails and fake websites to deceptively obtain personal information to be used in identity theft.
Spyware
Also known as "adware" or Trojans, spyware is hidden software that collects and transmits user information via the internet to third-parties such as advertisers or hackers. Often the user is unaware that spyware is installed.
You could become vulnerable to spyware if you click on unknown links in emails, download free games from sites you don't trust, or other software programs from unknown sources.
Virus
Viruses are malicious programs that can harm your computer or use your computer to harm another's computer or network.