How can we help?
Popular searches
Loading…

Security

FAQs

Documents and forms

Latest security alerts

Scam update - 28 June:

We have been made aware of a fictitious scam related to Telstra bonds, where the ASX-listed bonds issued by XTB are used as a point of reference.

Please do not provide your personal or financial information on comparison investments websites or over the phone. If you have been a victim of this scam, please call us on 133464.

For more information, visit https://asic.gov.au/about-asic/news-centre/news-items/warning-telstra-bonds-investment-opportunities-are-fake/


1st April 2021

We are aware of a significant increase in scam text messages (SMS) and emails pretending to be real targeting Australians. Fraudsters and scammers are currently attempting to exploit people's concerns about coronavirus (COVID-19) through phishing campaigns and often pretend to be trusted businesses who Australians use regularly.
These phishing SMS and emails are used by cyber-criminals and imitate trusted and well-known organisations or government agencies looking to steal your personal and financial information. If you think it’s suspicious, please ignore and delete the message when you get it. If you're unsure, you can always call us on 133 464. We’re here to help.

The ING Team

How you can protect yourself

Do not disclose your Access Code, card PIN or Security Code to anyone (the only exception to this is when you call our Contact Centre, they may send you a Security Code to help verify your identity). Please always check the details in the message before proceeding.

There are plenty of ways that you can better protect your banking security to add to the security measures that we already take for you.

Security tips

Keeping yourself protected online can be easy. Remember the security tips below:

Install anti-virus software on your computer and keep it updated. You should regularly scan your computer for viruses.

Always enter your Access Code by "clicking" the on-screen keypad. Never type in the number using the numerical keys on your keyboard

Install a personal firewall on your computer to create a security barrier between your computer and the Internet

Avoid using online banking on computers at public places such as internet cafes

Always access online banking by typing ing.com.au into your browser

Don't disclose your Access Code, card PIN or Security Code to anyone (the only exception to this is when you call our Contact Centre, they may send you a Security Code to help verify your identity)

Never leave your computer unattended while logged onto online banking - you should logout of your online banking session as soon as you have finished.

Online security
Keep your computer software updated

Computer operating systems are complex and vendors regularly release patches to fix security weaknesses. You should regularly check and update your computer's software by running the update software functions provided (e.g. Windows Update or updates tab in Mac OS App Store).

Protect your identity
Be aware of phishing emails

Phishing is when hackers attempt to fraudulently obtain your personal details, such as online banking login details, passwords and other personal information by claiming to be from a trustworthy source via text messages, email communications or instant messages. These messages look like they came from your bank but clicking on the link may take you to a fake website or install malicious software onto your computer.

If you wish to report a suspicious ING email please forward the email to us (as an attachment where possible) at hoax@ing.com.au . If you are unsure about an email you have received, you can contact us on 133 464 (+61 2 9028 4077 from overseas) 24 hours, 7 days

To help protect yourself against phishing, follow these guidelines:

Don't click on links or attachments in emails that you were not expecting

Never provide login details in response to an email

Note: ING will never send you an email asking for your login details.

To avoid being a victim of a phishing scam or hoax websites, look for the following:

Treat emails (and other electronic communications) that ask for personal or financial information with caution. Most financial institutions will not send you an email asking you to provide this type of information.

Be vigilant and check your statements regularly for suspicious transactions.

With the threat of phishing and hoax websites designed to steal your login details, it is important to ensure you are accessing the genuine ING website.

When signing in to ING online banking, ensure that there is a padlock icon in the address bar.

The ‘Welcome’ screen in online banking will display your last sign-in date and time. You should check this and if it is not correct please contact us immediately on 133 464 (+61 2 9028 4077 from overseas) 24 hours, 7 days.

If you see any unusual changes to what you thought was the ING online banking website, such as suspicious questions appearing asking for confidential information, please contact us immediately.

To ensure you receive ING emails, add the domain @ing.com.au to your safe senders list.

Social networking websites

Be careful about the amount of information you disclose about yourself on social networking websites such as Facebook, Twitter, LinkedIn and Instagram. Criminals may access these sites to gather information in order to steal your identity and gain access to your bank accounts.

Shred unwanted papers

Regularly shred unwanted papers before disposing of them, especially papers containing personal details like name, address, phone number and date of birth. Examples include bank statements, bills and receipts.

Online shopping

Protect your personal information when shopping online by following these steps:

Shop at secure websites and ensure you are on the correct website by checking the address

Read the website's privacy and security policies

Provide only necessary information about yourself

Save all transaction details

Keep your password private

Beware of any deal that looks too good to be true, as it could be a scam.

Secure online banking
Protect your Access Code

Choose an Access Code that is difficult to guess

Do not select an Access Code that consists of repeated, ascending or descending numbers, or numbers that are associated with your birth date, Client Number or an alphabetic code which is a recognisable part of your name

Don't share your Access Code with anyone else, make sure you change your Access Code if you think someone else may know it.

If you record your Access Code, store it in a safe place, separate from your Client Number

Change your Access Code regularly

Avoid aggregation sites

Don't provide your Access Code to another website for the purposes of account aggregation.

Keep ING updated with your details

It is important that we have accurate contact details for you at all times, in the event we need to contact you. You can update your contact details online or via our Contact Centre on 133 464 (24 hours, 7 days).

Check your statements

Regularly check your statement (or your online transaction history) for unauthorised transactions. Let us know immediately if you detect any unauthorised transactions on 133 464 (24 hours, 7 days).

Reporting vulnerabilities

Have you discovered any vulnerabilities in our systems? Please help by reporting these vulnerabilities to us by following the process detailed in this link, so that we can improve the safety and reliability of our systems together.

Secure online banking

Regularly check your statement (or your online transaction history) for unauthorised transactions. Let us know immediately if you detect any unauthorised transactions on 133 464 (24 hours, 7 days).

Scams

How to keep yourself safe from scams and fraud

Scammers can be very convincing – they can pretend to be from your bank, the government, police, charities, financial advisors, international lotteries, travel agencies and service providers, like for your electricity, internet or phone. They can contact you using emails, phone calls or text messages and try to get personal information about you that they can use to access your accounts.

Learn more about scams here

How can you protect yourself?

ING will never send an email or text message asking you to confirm your account details or login details. This includes log in for phone and internet banking. If you want to check on your accounts, log in directly through our app or our website – don’t click on links from emails or text messages to log in or use the phone number mentioned in the email unless you’ve confirmed through publicly available sources. If you want to verify the legitimacy of the email, it is best to locate the phone number for the company through a trusted source (such as verifying it on their website)

Government agencies and other legitimate businesses will not send you a link asking you to update your details. Also avoid opening attachments from people or companies you don’t know or aren’t expecting to contact you. Be aware and think about what’s being asked for – does it make sense?

If you’re unsure about something to do with your account, you can call your provider directly to check on your account.

Do your homework! If something looks too good to be true or you are invited to invest, make sure you research the investment and weigh up the risk before committing to anything. Scammers can appear to be legitimate entities and they often will make an offer which looks too good to refuse. Check out the company’s online reviews or moneysmart.gov.au for any reference to the company being linked to or suspected of being a scam.

Stay one step ahead by periodically reviewing the security you have in place on your devices and computer. Updates are often released for device operating systems which are superior in security and virus protection software often needs to be updated to be effective.

Has a company asked to remotely access your computer, device or mobile? Be vigilant. Were you expecting to receive a call or be contacted by this company; asking for a second opinion from a trusted expert can be an important step in assessing the risk. Important personal information is stored on your computer and allowing remote access can make the information visible to the third party.

Do not download any software or allow access to your computer unless you are 100% certain the person you are speaking with is legitimate. Scammers may access your bank accounts and transfer money without your knowledge.

How can ING help?

Call us immediately on 133 464 if you think you’ve given a scammer your bank details. You should also call us if you notice any unusual activity on your account. Is it a scam?

Does the email or text message contain links that look suspicious? Does it have an unusual internet address connected to the link? Is the email address from the company? Does it contain spelling and grammatical errors? Scam emails can look legitimate at first glance, so always check. It is common for a phone number to be provided in the email which may also be linked to the scam. If you want to verify the legitimacy of the email, it is best to locate the phone number for the company through a trusted source (such as verifying it on a website).

Have you received a request to update or confirm your date of birth, tax file number, bank account details or login passwords? Have you requested these changes yourself? If you haven’t, do not respond or confirm through email – locate the phone number for the company through a trusted source (such as verifying it on a website) and call the company up to check on your account, and think about changing your password yourself. It may have been compromised.

Are you buying something online and asked to pay a deposit or pay in full before you receive your product or service? Do your research and make sure that you’re buying from a reputable company. Always verify the BSB and Account Number with the issuer before you proceed. ING may not be able to recover funds sent in error, to an unintended bank account, or where there is a disagreement with the person who owns the receiving account.

Did you receive a call where the caller asks for you to download software or allow remote access to your computer or mobile, for any reason? Hang up immediately. Never give an unsolicited caller remote access to your computer or mobile device

First time purchase or investment with a new merchant? Check the company is registered with ASIC or the local government under which they operate. Moneysmart.gov.au provides information on known scams too. Protect yourself by reading the terms and conditions of the website, including their cancellation, withdrawal or dispute process. Fake online shopping, fake crypto traders and fake investments will disguise themselves and appear genuine.
Are you being pressured or threatened by the caller? Scammers will often inform you to act fast or miss out. This includes falsely claiming they are assisting you with getting rid of computer hackers or a high return investment opportunity. By using pressure tactics, they are attempting to get you to make a decision you wouldn’t otherwise make.

What should you do?

If the call is suspicious or doesn’t sound right, hang up. Search the company’s website and find their number directly. Speak with a representative and check if they have called.

Don’t provide details over the phone, even if you’re comfortable with the caller. Tell them you’ll ring the company back. Hang up, get the number from the company’s website (to make sure it’s legitimate) and call back.

Review your account statements – does anything look suspicious? If so speak with us immediately.

Never share your PIN, mobile security code or passwords. These are designed to protect you and your data security. If you’re using a public computer, never save passwords and always ensure you’re logged out of any active sessions.

Use tap and pay or insert your card. Avoid swiping your card when shopping. Tapping or inserting your card is more secure.

Examples of common scams

Phishing - scammers send an email or text to try and obtain your personal information by pretending to be from a trustworthy source like a bank, a charity, or government. The message looks real and will ask you to enter personal information on fake websites or ask you to click a link – this will allow the crook access to your computer and your personal information.

Online shopping scams - scammers pretend to be real online shops, either with a fake website or a fake ad on a genuine retail site. Fake online shopping sites will often request unusual payment methods such as upfront payment via money order, wire transfer, international funds transfer or gift cards.

Investment scams - scammers claim to be stockbrokers or portfolio managers offering financial or investment advice. They will ask you to hand over money for an investment opportunity that seems too good to be true, then they keep your money.

Remote access scams - scammers will claim there’s something wrong with your computer or internet connection or that it has become infected with malware. They will try to convince you to install an application or give them access to your computer. They will use this to access your personal information or demand a “fee” for fixing the problem.

Relationship and dating scams - scammers form a relationship with you, usually through social media, in order to get money or gifts. They develop the relationship over time and may ask you to transfer assets into their name or ask to become a beneficiary of your will. Often, they will ask for money to fix a health, travel or family problem. In many instances the person is not who they claim to be and these scams are often used to fund organised crime.

Invoice Scam - a legitimate invoice or payment direction you were expecting is intercepted by a hacker and the payee bank account details are changed.

Puppy Scams - this is where online sellers advertise puppies for sale and require a holding deposit. When the time comes to collect the puppy the seller is no longer contactable.

Overpayment Scam - these work by getting you to 'refund' a scammer who has sent you too much money and are seeking a return of their overpayment; however, they have not sent you funds.

Prize Scams - These scams trick you into giving money up front or your personal information in order to receive a prize, lottery winnings or competition that you have never entered.

Card security

If you have an ING Visa card, you should take steps to ensure that your card and the associated PIN are protected from unauthorised access or disclosure.

Sign your Visa card as soon as you receive it.

Choose a unique PIN that is difficult to guess and is different to numbers used for other purposes.

Never write down your PIN.

Don't tell anyone your PIN. ING will never ask for your PIN during a phone call.

Treat your Visa card like cash - don't leave your card unattended and don't give your Visa card to anyone else or allow anyone else to use it.

Know where your card is at all times and keep it in your sight when paying for goods and services. Ensure your card is returned after paying for goods. If possible when dining, walk to the counter or use a handheld terminal to pay your bills, instead of giving your card to the waiter.

When shopping online, ensure the website is reputable and secure.

Always check your statements for unauthorised transactions.

Keep all receipts until you have reconciled your statement, then store your receipts securely or destroy them.

Keep a record of your card information in a safe place, in the event your card is lost or stolen.

Ensure that you can be contacted by us at all times (even when overseas), if we need to contact you about unusual activity on your account. Update your email address, or ensure that your mobile telephone has "global roaming" activated if you are travelling overseas. You can also use the ING app to let us know your travel plans. This helps us monitor your card and can avoid your card being unnecessarily blocked while you’re away.

If you have misplaced your card, you can place it on hold using the ING app. This will give you time to find it (without the worry of someone else potentially using it). And once found, you can remove the hold in the app as well. This can be done from either the transaction detail history page or in the settings menu.

If your Visa card is lost, stolen, used without your permission or you suspect your PIN is known to someone else, contact us immediately on 133 464 (+61 2 9028 4077 from overseas) 24 hours, 7 days.

General banking security

Phone security

Be aware of phone scams where criminals pretend to be calling from your bank. When receiving phone calls, be naturally suspicious and call back your bank if you are not comfortable.

On occasion, ING may need to call you to discuss your account or to answer a question from you. As part of the call, we may need to verify that we are speaking to the correct customer by asking you some random security questions.

If you do not feel comfortable or have any concerns about the legitimacy of the call, please call us back on 133 464 (+61 2 9028 4077 from overseas) 24 hours, 7 days.

Remember that we will never phone you to ask you for your Access Code, Client Number, card PIN or Security Code. (However if you call the Contact Centre we may send you a Security Code to help verify your identity.)

ATM security

Ensure no-one else can view your PIN when using an ATM.

Try to use ATMs in locations where you feel safe such as busy and well lit areas.

Be alert for suspicious activity around ATMs or EFTPOS. In particular, suspicious individuals nearby or unusual attachments which may indicate the ATM has been tampered with. Do not use the ATM in these circumstances.

More Security information

If you wish to find out more about security, visit the following websites:

Stay Smart Online has been provided by the Australian Government to help home computer users and small businesses to be safe when online.

ScamWatch - provided by the Australian Government, provides useful information on methods used by scammers and strategies you can use to protect yourself.

How we protect you

ING takes the security of your information and money very seriously. We use technology and physical security measures to ensure a high level of protection for your information and money.

Knowing online banking is safe isn't just a nice-to-have. It's a must-have. Thankfully, as an ING customer, your information and money is protected with industry standard security technology and practices.

Protection of your information

ING takes the security of your information and money very seriously. We use technology and physical security measures to ensure a high level of protection for your information and money.

We continually monitor trends and work with industry experts and authorities to ensure that we provide a high level of protection.

Industry-leading encryption with Extended Validation Certificates

Our website uses SSL (Secure Sockets Layer) encryption to ensure that others cannot read information travelling over the internet between your computer and our website. This can be verified by checking that there is a padlock icon in the address bar, which will appear when you log into ING online banking.

We've also made it even easier for you to make sure you're accessing the genuine ING website, by using "extended validation" certificates. Simply look for the green address bar when you access ING online banking (when you use compatible web browsers).

In order to use this feature, upgrade your web browser to the latest version available.

Login Security

Virtual keypad - We use a virtual keypad on our website when you are required to enter your Access Code. The order of the numbers on the keypad changes on each login. This keypad is designed specifically to help prevent hackers from capturing your Access Code and therefore gain access to your account.

Security tips - On login, you will see regularly changing security tips, to help you to protect your information and money. Please take a few moments to read these tips and follow the instructions.

Last login time displayed - When you successfully sign in to online banking, the Welcome screen will display your last sign-in date and time. This will help you to determine whether unauthorised parties have accessed your account.

Login timeout - If you do not perform any activity on online banking for 8 minutes or more, your online banking session will automatically timeout and you'll be logged out.

Account lockout - For your account protection, after three failed login attempts, your access to online banking will be suspended. To unlock your account you'll need to call us on 133 464 (+61 2 9028 4077 from overseas) 24 hours, 7 days.

Security codes

Security Codes provide you with an additional level of protection. When banking online your existing Client Number and Access Code already provide you with security. But because you can't be too safe when it comes to your information and money, to enable you to perform certain transactions online with even greater confidence we've introduced an additional level of security called Security Codes.

These are once-only codes sent to your mobile phone. Once received, you need to enter the Security Code in the secure online area within 5 minutes of receiving it every time you perform certain online transactions such as paying bills via BPAY for the first time or changing any of your contact details (address, phone number, etc). Expiring after 5 minutes, they help to ensure it is you (rather than a potential fraudster) who is performing the transaction.

Security Codes are a form of "two-factor authentication" designed to protect you against many types of online fraud such as phishing, Trojans and identity theft. Two-factor authentication is a process designed to verify two things - something you know and something you have. In the case of ING, we verify your Access Code (something you know) and your receipt of a Security Code sent to your registered mobile phone (something you have).

A quick one-off registration process is required to set up Security Codes.

For more information including when Security Codes are required, see our Security FAQs.

Please contact us immediately on 133 464 (+61 2 9028 4077 from overseas) 24 hours, 7 days if:

you receive an SMS Security Code sent from ING and don't know why;

the details of the SMS we send you are different from what appears on your computer screen;

you receive a request for your Client Number and/or Access Code via SMS. ING will never request that you provide your Client Number and/or Access Code via SMS. We will also never ask you to reply to an SMS Security Code text message; or

your online and phone banking access has been suspended.

Do not disclose your Security Code to anyone (the only exception to this is when you call our Contact Centre, they may send you a Security Code to help verify your identity).

Email alerts

For customers registered for Security Codes, an email alert may be sent to your email address that we have on file after certain transactions have been performed.

To ensure you receive these important email alerts, please make sure that your email address registered with ING is accurate at all times. You can update your email address online or via our Contact Centre on 133 464 (+61 2 9028 4077 from overseas) 24 hours, 7 days.

Please contact us immediately on 133 464 (+61 2 9028 4077 from overseas) 24 hours, 7 days if you:

receive an email alert from ING and don't know why;

do not recognise the transaction described in the email alert;

receive a request for your Client Number, Access Code, card PIN, Security Code or any personal information via email.

My Messages

My Messages contain a copy of all email alerts sent to you by ING for customers who have registered for Security Codes. If you wish to confirm an ING email alert is genuine, simply login to ING online banking and click "My Messages". You should see a My Message identical to the email alert you received.

As with email alerts, if you receive a My Message and you do not know why, please contact us immediately on 133 464 (+61 2 9028 4077 from overseas) 24 hours, 7 days.

Please note that not all emails sent to you by ING will appear in My Messages. For example, promotional mailings and online statement notifications will not appear in My Messages.

Daily limits

ING apply daily transaction limits on some transactions, in order to protect your account. Refer to the Terms & Conditions for your account for full details. Our Customer Care Specialists will ask the reason for your limit change when you phone us, but rest assured as this is normal practice.

Transaction monitoring

ING operate a number of specialised industry standard systems designed to help us to detect fraudulent transactions performed on your account. In analysing and investigating alerts, we may need to phone you to verify activity on your account.

To help us contact you quickly, please ensure that your contact phone numbers registered with ING are current at all times. Remember to activate global roaming on your mobile phone if you are travelling overseas. You can update your contact phone numbers online or by calling us on 133 464 (+61 2 9028 4077 from overseas) 24 hours, 7 days.

Communication to customers

We will communicate to you when we become aware of new threats to online banking by updating the Security Alerts and News section of our website, as well as the Security Tips page on login. If you have any concerns about the security of online banking, please contact us on 133 464 (+61 2 9028 4077 from overseas) 24 hours, 7 days.

Paperless statements

For Orange Everyday, Savings Maximiser, Savings Accelerator and Living Super customers, you can receive your statements electronically in online banking. This allows you to securely access your statements without the risk of your mail going missing, as well as instant online access and up to 7 years of statements

Security chip cards

ING is committed to providing you with the highest level of security, so we have introduced security chip technology on our cards. The security chip makes the information stored on your card more secure and far more difficult to fraudulently copy card details. For more information on the new Security Chip Cards visit our Security FAQs.

Verified by Visa

Verified by Visa is a free service that provides added protection when you shop online at participating Verified by Visa merchants using your Visa Debit or Credit Card. Please ensure you check the transaction details in the message match your purchase. If they do not, do not proceed and contact ING.
For more information on this service, visit our Verified by Visa FAQs under Security FAQs.