Security at ING Business

The solutions we offer always comply with the latest security standards. However, remember that the safety of your company's finances depends also on you.

 

More about safety rules

How did we take care of security at ING Business?

Automatic logout

Do you tend to forget to log out? The answer is probably yes. Fortunately, we are aware of that and we log you out 5 minutes after your last activity.

User authentication

It is done thanks to managing the private and public key or authorization with one-time SMS codes.

Encrypted internet connection

The communication between your computer and the bank's server is encrypted with the TLS protocol. We use Extender Validation (EV) certificates with a key length of 2048. These certificates:

  • are compatible with the latest browsers, e.g. Internet Explorer 11, Mozilla Firefox (last 3 versions), Google Chrome (last 3 versions)
  • guarantee safe data encryption, keeping it safe from the external changes and authenticating the computers which communicate with each other.
  • are issued only to trusted institutions. Obtaining them is associated with a very thorough verification of the applying company.

ING Business offers 2 alternative methods of logging in and authorizing orders:

Method based on login, password and SMS codes

  • When logging in, you must enter your login and 5 characters of the masked password.
  • Our system assesses whether logging in (or another activity in the system) requires confirmation with a one-time authorization code.
  • If so, an SMS will be sent before performing the operation – pay attention to the dates and details of the operation presented in it. If the data is correct, enter the authorization code into the browser.
  • SMS codes are sent to the mobile phone number provided in the system for your user.
  • The transmitted information is encrypted with the RSA algorithm.


Certificate based method

  • To log in you use a password and a token with an uploaded certificate.
  • When logging in and using the system, the token must be placed in the USB port.
  • The transmitted information is encrypted with the RSA algorithm.

Facilities for mobile app users

Mobile app users (and log in to the system using the login, password and SMS), can log in to the system via ING Business mobile app. You initiate logging in as usual, entering the login in the browser, but instead of entering the masked password characters, you can complete the process in the app: by entering the PIN, applying a fingerprint or using Face ID.

Advanced permission system

Create the security policy tailored to the needs of your company:

  • You add and remove users.
  • You adjust the rights in the system to the role of employees in the company.
  • If you want users to use the system only at their workplace, you can specify the IP addresses from which they will be able to log in.
  • If you would like users to use the system only during business hours, you can specify specific days and hours when the system can be used.
  • In case of the absence of one of the users, you can grant his rights to another person.
  • You decide who can sign and accept online applications and orders – use the multi-signature function.
  • Selected applications and instructions may also be signed by other authorized users – this is a great help in case of the absence of the company’s representatives.

Most applications for changes of access and authorization rights take place fully online, in real time.

Before you log in

If you use a token to log in, remember to follow the basic security rules:

  • connect it to the computer only when you use ING Business. After logging out, disconnect the token and store it in a safe place
  • use anti-virus software and a firewall
  • always use the latest version of your browser and update your operating system regularly

Login data

  • Never disclose your login, password, application PIN or authorization codes to third parties.
  • Do not provide this data on websites other than the bank's.

DO you log in with biometrics?

Remember that if you add a fingerprint or facial recognition of third party to your device, you will allow them to access your bank account. This will happen if you log into the application and the phone with biometrics.

SMSes

Do not click on links in SMS. Beware of payment requests – even for small amounts. Links from these SMSes may lead to fake pages.

Suspicious emails and text messages

Do not open emails from unknown senders, especially files and links attached to suspicious emails. Attachments may contain malware.

SMS from the bank

  • Our system assesses whether the activity you want to perform requires confirmation with a one-time authorization code. If so, we will send you an SMS before performing the operation – pay attention to the dates and details of the operation presented in it. If the data is correct, enter the authorization code into the browser.
  • We send SMS codes to the mobile phone number provided in the ING Business system for your user.


Remember about the safety rules

  • We do not send SMSes, e-mails asking to log in or provide private data.
  • We never require a login and a full banking password. This also applies to the SMS code – unless you are calling the bank and it is the authentication code.
  • Read carefully the text of the SMS you receive from the bank. Pay attention to the unusual forms of the address of our website.
  • We never ask you to change, nor send you new login details.


How fraudsters work

Fraudsters call our customers and pretend to be a bank employee. They claim that after the last bank failure, access to the system must be secured. They send an SMS with a link that leads to a fake website, very similar to the ING website. The fake website forces you to enter your full system password.

Installing the software

Do not install software from untrusted sources on your computer or phone.

Such applications may, a.o., steal your login details and authorization texts. How is this done? When you log into the bank, the malicious application displays a fake login screen. The criminals thus acquire your login and password.

Login page

Stay vigilant – you may fall victim to login phishing and risk losing money. Before entering your login and password, make sure you are on the ING Business login page.

How can you recognize that you are on the secure ING Business login page?

Check that the address shown in the bar in the browser window is:

It is best to log in via our website ing.pl and use the Log in option in the upper right corner of the screen.

How can you find a fake website?

Fraudsters can direct you to a fake bank website from various places, e.g. from a link in an SMS. When you provide login details on a fake website, the fraudsters log into banking with this data. They change the phone number to authorize the transaction or set a trusted recipient. You authorize such an order – by entering the SMS code on the fake website. Moments later, the thieves steal the money from your account.

We never do the following:

  • ask you to change your password or PIN to the application, nor do we send you new login details.
  • ask you to enter your login and full banking password when logging in.
  • send e-mails asking you to log in or provide private data, such as a phone number for transaction authorization.

Antiviruses

  • Use up-to-date anti-virus software on your computer and phone.
  • Choose programs that are versatile, e.g. those that protect your identity, Internet transactions, detect malware hidden in files and websites, and much more.

Password

When logging in you always get a certain set of characters – if you make a mistake and enter the password again – you get exactly the same characters to enter as in the previous attempt.

Watch out for bogus sites

  • If cyber criminals give you a fake login page, they may ask you for your password 2 or more times. Each time they will ask about his different signs. This way, they will know your entire password and gain access to your online banking.
  • You may also come across a fake login page where criminals will ask you for all the characters of your password.

Security on the phone

Remember about the safety rules:

  • Protect application PIN Moreover, set a fingerprint – the access to the phone will be difficult.
  • Beware of false security certificates.
  • Remember that we do not require installing any additional software or applications.
  • If you lose your phone, remove it from the list of trusted devices in ING Business.
  • You can download the ING Business application from authorized Google Play and AppStore stores.

We never do the following:


  • We do not ask you to change your password or PIN for the application, nor do we send you new login details.
  • When logging in, we never ask you to enter your login and full banking password. This also applies to the SMS code – unless you are calling the bank and it is the authentication code.
  • We do not send e-mails asking you to log in or provide private data, e.g. a phone number for transaction authorization.

Are you concerned about something?

Call us:

+48 (32) 357 00 24 or 801 242 242