BSB: 923-100

Security

Online security guarantee

Our online security guarantee is your assurance of our online banking safety.

Be confident that ING DIRECT Online Banking is safe and secure.

In the unlikely event that an unauthorised transaction takes place on your account, you will not be liable for the unauthorised transaction, provided you have complied with the terms and conditions of the account.

How you can protect yourself

There are plenty of ways that you can better protect your banking security to add to the security measures that we already take for you.

Security tips

Keeping yourself protected online can be easy. Remember the security tips below:

Install anti-virus software on your computer and keep it updated

Always enter your Access Code by "clicking" the on-screen keypad. Never type in the number using the numbers on your keyboard

Install a personal firewall on your computer to create a security barrier between your computer and the Internet

Avoid using online banking on computers at public places such as internet cafes

Always access online banking by typing ingdirect.com.au into your browser

Don't disclose your Access Code, card PIN or Security Code to anyone

Online security
Protect your computer
Install firewall software

You should install or configure a personal firewall on your computer to create a security barrier between your computer and the Internet. If you are using a Windows operating system, enable the "Windows Firewall".

Install anti-virus software

You should install anti-virus software to protect your computer against malicious software and ensure you keep it updated. You should regularly scan your computer for viruses.

Keep your computer software updated

Computer operating systems are complex and vendors regularly release patches to fix security weaknesses. You should regularly update your computer's software from the vendor's website. If you are using a Windows operating system, enable the "Automatic Updates" feature. You should also ensure you use the latest version of your web browser.

You should also regularly scan your computer using specialist anti-spyware software such as:*

*These links are provided for convenience only and do not represent an endorsement by ING DIRECT of the content, products or services offered by these companies.

Protect your identity
Be aware of phishing emails

Phishing is a term used to describe the method used by criminals to lure customers into disclosing their banking login and other personal details by sending out hoax emails linking to fake websites. These emails look like they came from your bank, but they did not, and clicking on the link inside the email may take you to a fake website or install malicious software onto your computer. If you wish to report a suspicious ING DIRECT email please forward the email to us (as an attachment where possible) at hoax@ingdirect.com.au. If you are unsure about an email you have received, you can contact us on 133 464 (+61 2 9028 4077 from overseas) 24 hours, 7 days."

Don't click on links or attachments in emails

To help protect yourself against phishing, follow these guidelines:

Don't click on links or attachments in emails that you were not expecting

Don't provide any login details or personal information in response to an email

Always access online banking by typing ingdirect.com.au into a new browser window (or use your favourites menu) and clicking on Online Banking

Note: ING DIRECT will never send you an email instructing you to click on a link to access online banking. We will also never ask for your login details or any personal information via email. To identify a legitimate ING DIRECT email, look for the following:

If you are a customer, the email will address you by your first or last name at the top of the email and will include your full name at the bottom of the email

The email will never instruct you to click on a link to access online banking

The email will never ask for your login details or any personal information

To ensure you receive ING DIRECT emails, add the domain @ingdirect.com.au to your safe senders list.

Social networking websites

Be careful about the amount of information you disclose about yourself on social networking websites such as Facebook and Myspace. Criminals may access these sites to gather identity information in order to steal your identity or access your bank accounts.

Shred unwanted papers

Regularly shred unwanted papers before disposing of them, especially papers containing personal details like name, address, phone number and date of birth. Examples include bank statements, bills and receipts.

Online shopping

Protect your personal information when shopping online by following these steps:

Shop at secure websites and ensure you are on the correct website by checking the address

Read the website's privacy and security policies

Pay by credit card where possible

Provide only necessary information about yourself

Save all transaction details

Keep your password private

Beware of deals that look too good to be true

Secure online banking
Log out when finished online banking

Never leave your computer unattended while logged onto online banking - you should logout of your online banking session as soon as you have finished.

Avoid using shared computers

Avoid using computers that are shared with other unknown people, such as at Internet Cafes and libraries, for online banking. If you do access online banking at one of these places, you should change your Access Code as soon as possible afterwards.

Protect your Access Code

Choose an Access Code that is difficult to guess

Do not select an Access Code that consists of repeated, ascending or descending numbers, or numbers that are associated with your birth date, Client Number or an alphabetic code which is a recognisable part of your name

Don't share your Access Code with anyone else

If you record your Access Code, store it in a safe place, separate from your Client Number

Change your Access Code regularly

Avoid aggregation sites

Don't provide your Access Code to another website for the purposes of account aggregation.

Verify the ING DIRECT website

With the threat of phishing and hoax websites designed to steal your login details, it is important to ensure you are accessing the genuine ING DIRECT website. Follow these simple steps.

Always try to access the ING DIRECT website by typing "ingdirect.com.au" into a new browser window. You may set a bookmark (or favourite) after doing this to save you time when returning to the website.

Ensure the address bar reads ingdirect.com.au or www.ingdirect.com.au.

When signing in to ING DIRECT online banking, ensure that there is a padlock icon on the bottom corner of your browser window.

Look for the green address bar when accessing ING DIRECT online banking, when you use compatible web browsers.

When you successfully sign in to ING DIRECT online banking, ensure you are greeted by your title and surname on the Welcome screen; this will verify that you are using the correct ING DIRECT website.

The Welcome screen will also display your last sign-in date and time. You should check this and if it is not correct please contact us immediately on 133 464 (+61 2 9028 4077 from overseas) 24 hours, 7 days.

If you see any unusual changes to the ING DIRECT online banking website, such as suspicious questions appearing asking for confidential information, please contact us immediately on 133 464 (+61 2 9028 4077 from overseas) 24 hours, 7 days.

Keep ING DIRECT updated with your details

It is important that we have accurate contact details for you at all times, in the event we need to contact you. You can update your contact details online or via our Contact Centre on 133 464 (24 hours, 7 days).

Check your statements

Regularly check your statement (or your online transaction history) for unauthorised transactions. Let us know immediately if you detect any unauthorised transactions on 133 464 (24 hours, 7 days).

Card security

If you have an ING DIRECT Visa card, you should take steps to ensure that your card and the associated PIN are protected from unauthorised access or disclosure.

Sign your Visa card as soon as you receive it.

Chose a unique PIN that is difficult to guess and is different to numbers used for other purposes.

Never write down your PIN.

Don't tell anyone your PIN. ING DIRECT will never ask for your PIN during a phone call.

Treat your Visa card like cash - don't leave your card unattended and don't give your Visa card to anyone else or allow anyone else to use it.

Know where your card is at all times and keep it in your sight when paying for goods and services. Ensure your card is returned after paying for goods. If possible when dining, walk to the counter to pay your bills, instead of giving your card to the waiter.

When shopping online, ensure the website is reputable and secure.

Always check your statements for unauthorised transactions.

Keep all receipts until you have reconciled your statement, then store your receipts securely or destroy them.

Keep a record of your card information in a safe place, in the event your card is lost or stolen.

Ensure that you can be contacted by us at all times (even when overseas), in the event that we need to contact you about unusual activity on your account. Update your email address, or ensure that your mobile telephone has "global roaming" activated if you are travelling.

If your Visa card is lost, stolen, used without your permission or you suspect your PIN is known to someone else, contact us immediately on 133 464 (+61 2 9028 4077 from overseas) 24 hours, 7 days.

General banking security

Phone security

Be aware of phone scams where criminals pretend to be calling from your bank. When receiving phone calls, be naturally suspicious and call back your bank if you are not comfortable.

On occasion, ING DIRECT may need to call you to discuss your account or to answer a question from you. As part of the call, we may need to verify that we are speaking to the correct customer by asking you some random security questions.

If you do not feel comfortable or have any concerns about the legitimacy of the call, please call us back on 133 464 (+61 2 9028 4077 from overseas) 24 hours, 7 days.

Remember that we will never phone you to ask you for your Access Code, Client Number, card PIN or Security Code.

ATM security

Ensure no-one else can view your PIN when using an ATM.

Try to use ATMs in locations where you feel safe such as busy and well lit areas.

Be alert for suspicious activity around ATMs or EFTPOS. In particular, suspicious individuals nearby or unusual attachments which may indicate the ATM has been tampered with. Do not use the ATM in these circumstances.

More Security information

If you wish to find out more about security, visit the following websites:

Protect Your Financial Identity has been developed by the Australian Banker's Association (ABA), the Australian High Tech Crime Centre (AHTCC) and the Australian Securities & Investments Commission (ASIC) to provide information about how you can protect your financial identity in everyday life and minimise the damage if a problem occurs.

Stay Smart Online has been provided by the Australian Government to help home computer users and small businesses to be safe when online.

ScamWatch - provided by the Australian Government, provides useful information on methods used by scammers and strategies you can use to protect yourself.

How we protect you

ING DIRECT takes the security of your information and money very seriously. We use technology and physical security measures to ensure a high level of protection for your information and money.

Knowing online banking is safe isn't just a nice-to-have. It's a must-have. Thankfully, as an ING DIRECT customer, your information and money is protected with industry standard security technology and practices.

Protection of your information

ING DIRECT takes the security of your information and money very seriously. We use technology and physical security measures to ensure a high level of protection for your information and money.

We continually monitor trends and work with industry experts and authorities to ensure that we provide a high level of protection.

Industry-leading encryption with Extended Validation Certificates

Our website uses 128-bit SSL (Secure Sockets Layer) encryption to ensure that others cannot read information travelling over the internet between your computer and our website. This can be verified by checking that there is a padlock icon on the bottom corner of your browser window, which will appear when you log into ING DIRECT online banking.

We've also made it even easier for you to make sure you're accessing the genuine ING DIRECT website, by using "extended validation" certificates. Simply look for the green address bar when you access ING DIRECT online banking (when you use compatible web browsers).

In order to use this feature, upgrade your web browser to the latest version available.

Login Security

Virtual keypad - We use a virtual keypad on our website when you are required to enter your Access Code. The order of the numbers on the keypad changes on each login. This keypad is designed specifically to help prevent hackers from capturing your Access Code and therefore gain access to your account.

Security tips - On login, you will see regularly changing security tips, to help you to protect your information and money. Please take a few moments to read these tips and follow the instructions.

Last login time displayed - When you successfully sign in to online banking, the Welcome screen will display your last sign-in date and time. This will help you to determine whether unauthorised parties have accessed your account.

Login timeout - If you do not perform any activity on online banking for 8 minutes or more, your online banking session will automatically timeout and you'll be logged out.

Account lockout - For your account protection, after three failed login attempts, your access to online banking will be suspended. To unlock your account you'll need to call us on 133 464 (+61 2 9028 4077 from overseas) 24 hours, 7 days.

Security codes

Security Codes (currently available to customers who have an Orange Everyday account or home loan account with online access) provides you with an additional level of protection. When banking online your existing Client Number and Access Code already provides you with a high level of security. But because you can't be too safe when it comes to your information and money, to enable you to perform certain transactions online with even greater confidence we've introduced an additional level of security called Security Codes.

These are once-only codes sent to your mobile phone. Once received, you need to enter the Security Code in the secure online area within 5 minutes of receiving it every time you perform certain online transactions such as paying bills via BPAY or changing any of your contact details (address, phone number, etc). Expiring after five minutes, they help to ensure it is you (rather than a potential fraudster) who is performing the transaction.

Security Codes are a form of "two-factor authentication" designed to protect you against many types of online fraud such as phishing, Trojans and identity theft. Two-factor authentication is a process designed to verify two things - something you know and something you have. In the case of ING DIRECT, we verify your Access Code (something you know) and your receipt of a Security Code sent to your registered mobile phone (something you have).

Security Codes are currently required for customers who open an Orange Everyday account or have a home loan account with online access.

A quick one-off registration process is required to set up Security Codes.

For more information including when Security Codes are required, see our Security FAQs.

Please contact us immediately on 133 464 (+61 2 9028 4077 from overseas) 24 hours, 7 days if:

you receive an SMS Security Code sent from ING DIRECT and don't know why;

the details of the SMS we send you are different from what appears on your computer screen;

you receive a request for your Client Number and/or Access Code via SMS. ING DIRECT will never request that you provide your Client Number and/or Access Code via SMS. We will also never ask you to reply to an SMS Security Code text message.

your online and phone banking access has been suspended.

Security codes

An online demo is available to show the simple process for registering and receiving Security Codes when transacting online. Click here to view our Security Code demo.

Email alerts

For customers registered for Security Codes (currently customers who have an Orange Everyday account or home loan account with online access), an email alert may be sent to your email address that we have on file after certain transactions have been performed.

To ensure you receive these important email alerts, please make sure that your email address registered with ING DIRECT is accurate at all times. You can update your email address online or via our Contact Centre on 133 464 (+61 2 9028 4077 from overseas) 24 hours, 7 days.

Please contact us immediately on 133 464 (+61 2 9028 4077 from overseas) 24 hours, 7 days if you:

receive an email alert from ING DIRECT and don't know why;

do not recognise the transaction described in the email alert;

receive a request for your Client Number, Access Code, card PIN, Security Code or any personal information via email. ING DIRECT will never ask you to respond to an email or click on a hyperlink in an email.

My Messages

My Messages contain a copy of all email alerts sent to you by ING DIRECT for customers who have registered for Security Codes (currently available to customers who have an Orange Everyday account or home loan account with online access). If you wish to confirm an ING DIRECT email alert is genuine, simply login to ING DIRECT online banking and click "My Messages". You should see a My Message identical to the email alert you received.

As with email alerts, if you receive a My Message and you do not know why, please contact us immediately on 133 464 (+61 2 9028 4077 from overseas) 24 hours, 7 days.

Please note that not all emails sent to you by ING DIRECT will appear in My Messages. For example, promotional mailings and online statement notifications will not appear in My Messages.

Daily limits

ING DIRECT apply daily transaction limits on some transactions, in order to protect your account. Refer to the Terms & Conditions for your account for full details.

Transaction monitoring

ING DIRECT operate a number of specialised industry standard systems designed to help us to detect fraudulent transactions performed on your account. In analysing and investigating alerts, we may need to phone you to verify activity on your account.

To help us contact you quickly, please ensure that your contact phone numbers registered with ING DIRECT are current at all times. Remember to activate global roaming on your mobile phone if you are travelling overseas. You can update your contact phone numbers online or by calling us on 133 464 (+61 2 9028 4077 from overseas) 24 hours, 7 days.

Communication to customers

We will communicate to you when we become aware of new threats to online banking by updating the Security Alerts and News section of our website, as well as the Security Tips page on login. If you have any concerns about the security of online banking, please contact us on 133 464 (+61 2 9028 4077 from overseas) 24 hours, 7 days.

Paperless statements

For Savings Maximiser, Savings Accelerator and Orange Everyday customers, you can receive your statements electronically. This allows you to securely access your statements without the risk of your mail going missing, as well as instant online access and up to 2 years of statements.

Security chip cards

ING DIRECT is committed to providing you with the highest level of security, so we are currently introducing security chip technology on our credit and debit cards. The security chip makes the information stored on your card more secure and far more difficult to fraudulently copy card details. For more information on the new Security Chip Cards visit our Security FAQs.

Verified by Visa

Verified by Visa is a free service that provides added protection when you shop online at participating Verified by Visa merchants using your Visa Debit or Credit Card. For more information on this service, visit our Verified by Visa FAQs under Security FAQs.