All of ING's systems are continuously monitored for vulnerabilities and potential breaches (e.g. malware), including security state monitoring (e.g. configuration and patch problems) and monitoring on security breach events. Monitoring is performed by correlating data retrieved by specific sensors in our network, including intrusion detection systems, (web application) firewalls and other systems. Alignment with the international security community ensures that information on vulnerabilities is shared and acted upon immediately. This allows us to comply with the latest software standards and updates to our technologies which ensures our systems are protected.
All software deployed by ING is scanned for security code errors and tested for potential security issues prior to implementation, as well as periodically once in production. Additionally, ING runs an extensive Responsible Disclosure program, where members of the public and security professionals are rewarded for found and reported security issues. ING’s Cyber Crime Expertise & Response Team (CCERT) is responsible for reviewing and responding to computer security incident reports. It supports the business operations of the ING organisation through the rapid mitigation of all incidents adversely impacting the confidentiality, integrity and availability of its information infrastructure and assets.
Secure connection with ING
Computer viruses and other malicious software (malware and trojans) are common and rapidly spreading threats. Software like this can be very harmful to your computer and seriously threatens safe use of internet banking, other banking applications and personal data. When you log on to ING, a secure connection is established between the ING host system and your computer. This connection protocol is often called Secure Socket Layer (SSL) or Transport Layer Security (TLS), which means that all communication between you and ING is encrypted. SSL/TLS is the standard way of securing personal information and transactions on the internet.
To check if you work via a secure connection, please:
- Check that the address in the browser starts with https://
- Verify that the certificate is issued to ING BANK N.V. By clicking on the security icon in the browser, you can view the details of the security certificate in use.
Restricted log on time (time out)
If you need to leave your desk, log off the ING internet banking application and always lock your computer. ING will automatically log you out after 15 minutes of user inactivity. It is important to know that this will result in a loss of data changed since the last time that you saved your work, so please be sure that you save the transaction/order that you are working on before this period expires. After the session expires, you will need to log on again to access the application.
InsideBusiness is protected from unauthorised access because only registered users can enter the online banking applications. ING uses cutting-edge technology to encrypt and authenticate your transactions. InsideBusiness is secured by the ING I-Dentity Card and mToken for (strong) authentication and authorisation.
Segregation of duties, advanced permission schemes
InsideBusiness supports multiple authorisation levels, which act as security measures on a functional level. By limiting access to accounts and applying dual signatures on payments, the potential damage that a single compromised (system of a) user can invoke will be prevented or at least decreased significantly. A rich setup of user access and sign permissions is supported in the system. The combination of limits on a customer and account level allows segregation of duties and responsibilities on different levels within the company structure. Administrative configuration itself is also subject to dual control.
All of ING's systems are continuously monitored for vulnerabilities and potential breaches (e.g. malware), including security state monitoring (e.g. configuration and patch problems) and monitoring on security breach events.