Bank safelywith ING

In the Moje ING system the user is verified via the User Identifier and a masked access password to the system.

A masked password is a really good security measure, however, special precautions should be taken during logging into the system in public places. In practice, a masked password does not protect typed characters against being seen, but it prevents unauthorised persons from seeing the full password.

A number of possible draws of the mask elements depends on the password length. Repetition of an identical password mask has random nature. The likelihood of occurring the same mask decreases as the password length increases. However, there is still a chance that the identical mask will be repeated again even if the password consists of 30 characters. If the password consists of 10 characters, an identical mask may occur quite often, statistically after less than 300 attempts.

Moreover, if you fail to provide a correct access password to the system, during the next attempt to log in the mask will remain the same until you enter a correct password.

 

You receive access to the system after providing the User Identifier and access password (in a masked form). Communication between your computer and the Bank’s server is encrypted with 128-bit SSL protocol. It guarantees fully secure data encryption, it protects data against changes made from the outside and authenticates computers that communicate with each other. Due to certificates issued by VeriSign you can be sure that you have established fully secure connection with the Bank’s server.

At the moment, instructions in the Moje ING are authorised with authorisation codes. This method enables authorisation of instructions made via the Moje ING with one time authorisation code that is sent to a mobile phone number (of Polish or foreign mobile operator) identified during the service activation and/or to the HaloŚląski Customer Number. If the Bank concludes that the instruction requires authorisation, a code in from of a text message will be sent to you or you will receive a code via the HaloŚląski telephone service (automatic service).

 

A register of recent operations makes it possible for you to check if there were any attempts of logging into the system by unauthorised persons. Another security is blocking access to the system if during the fifth attempt a correct identifier is provided but the password is incorrect. To increase your security we introduced time parameters that are responsible for the user’s active session time. A web server closes the session automatically if the Moje ING system is not used. It means that if you do not perform any operation for a longer time despite being logged into the system, the web server will close your active session after some time and you will be asked to log into the system again.

Remember that you can also contribute to secure management of funds in your bank account. In order to do so, follow the recommendations below:

 

• use your access password to the system in a secure way,
• control date of the last logging to the system,
• control a register of recent operations,
• use the Log Out function once you finished using the Moje ING,
• remember to close all browser’s windows after logging out from the Moje ING and before you go away from the computer,
• systematically install patches published by the provider of the operational system and software,
• install anti-virus software and update virus signatures,
• install your personal fire wall that will enable rejecting all non-standards connections from/to your computer,
• take precautions while downloading files from the internet and opening attachments to e-mails received or downloaded from untrusted sources,
• do not use the electronic banking in public places (e.g. internet cafés), such computer workstations may have dangerous software installed to capture your data,
• do not respond to e-mails that ask you to disclose or verify your personal data or confidential information such as login, access password to the Moje ING system, one time password or account number. ING Bank Śląski never sends such e-mails. If you receive such e-mail you should ignore it and notify the Bank about it.

Yes. The Bank requires additional securities as it does not control your computer environment and access to different internet services. You have to make sure that your computer is secure.

Yes. The Bank publishes all information on that subject on its website and expects its customers to follow it. Information on that subject can be found in that website.

No. SSL technologies used for data encryption provide full confidentiality of the sent content. Unauthorised persons are not able to manage the account or see its content.

Data transmission in the Moje ING system is made in https protocol.
It is a variation of a http protocol created to exchange information that requires special protection due to its nature (e.g. financial information). A characteristic feature for https is encrypting the whole transmission with special encrypting keys, which practically make it impossible for unauthorised persons to capture data.

All financial services in the internet are provided with the use of this protocol, such as banking services or payments in on-line stores. If you use services based on https protocol, a virtual encrypted channel is created for the time of connection that connects you with the service server. You can securely submit data via this channel without a risk that the data will leak.

As soon as the encrypted connection is established, your browser in the address bar will display https protocol instead of http. Additionally, a small lock will be displayed on a status bar (at the browser window’s bottom). You can click it and read description of the server’s certificate.

 

You can check it in the Register of recent operations. It contains, inter alia, information on IP addresses that successfully or unsuccessfully logged into to the system. IP address is a unique number assigned to each computer with access to the internet. Additionally, computer IP address will be also displayed in the screen “Homepage” apart from information on recent loggings.

Presentation of IP addresses enables verification of places from which you logged into the Moje ING system. IP address is assigned by your internet services provider. In line with agreement with your provider you can use a fixed IP address or an assigned dynamic address. In the second case, each time during connecting to the internet, a computer is assigned an IP address from addressed that are at disposal of the internet service provider.

To learn what IP address was assigned to your computer you have to  complete a relevant system command. On the basis of currently assigned IP, a scope of addresses that can be assigned to you is determined. These addresses can be determined on certain websites (e.g. www.ripe.net). If you log into the Moje ING system from the same place each time, then IP in the history of logins has to be within addresses offered by the internet provider for this localisation.

The Bank is responsible only for actual and proven losses of customers resulting from incorrect or delayed execution by the Bank of instructions made via the Moje ING system.

The duration of a user’s session starts at the moment of logging into the ING BankOnLine and lasts:

• 15 minutes – if the user is inactive (if the user wishes to continue using the Moje ING system after this time, the system will ask for the access password again),
• 30 minutes – if the user continues to use the Moje ING system (after this time, the user will be ask to enter the access password again).