ING provides the following general informationto answer any concerns that you may have around the security ofonline transactions. More specific information should be availablefrom your bank.

ING makes every effort to provide optimalsecurity of your data and of all transactions; for us protectingour clients is just good business. However hard we work there arerisks online, and you can take some action to protect yourself.Here we provide some information to help you.

1 Latest key security issues

2 ING’s standard practices

3 Verifying websites

4 Protecting Yourself

5 Contact Information

From time to time we will provide informationon security related news items that we feel you should be aware of.These security updates will be presented on this page.

A phishing attack is an online fraud techniquewhich involves sending official-looking email messages with returnaddresses, links and branding that all appear to come fromlegitimate banks, retailers, credit card companies, etc. Suchemails typically contain a hyperlink to a spoof website and misleadaccount holders to enter customer names and security details on thepretence that security details must be updated or changed. Once yougive them your information it can be used on legitimate sites totake your money.

It is important that you are suspicious of emails asking for yourinformation; see more on ING’s standard email practicesbelow.

ING monitors the internet to find imitationwebsites which are often the first step made by phishers. We thenwork with the appropriate international authority to get thewebsites closed down as quickly as possible – sometimes onthe same day we find the website.

To report phishing attacks please email our securityteam

You may already have heard of ‘advancedfee fraud’, where emails offering large sums of money aresent to thousands of email addresses, but a modest‘fee’ was required in order to cover legal fees, openan account or pay customs charges. Sometimes the money offered isas a result of a lottery for which you have never bought a ticket.Sometimes the money is held in an account overseas but the accountowner cannot access it, they promise a percentage of the money inreturn for your help. In both cases various fees have to bepaid.

Do not respond to these emails. They are partof a fraud and you will not receive any of the promised money.

We place this warning here because we are awarethat the criminals carrying out these frauds do on occasion use thename of ING or an ING subsidiary as part of this scam.

ING may communicate with clients by mail onoccasion, so how can you tell which mails are from us, and whichare fraudulent?

• ING will address you by name in any emails.
• ING will not embed hyperlinks in emails thattake you to sites where you must enter your securityinformation.
• ING will never ask for you to confirm yourdetails by email
• ING will use state of the art encryption andauthentication mechanisms to secure the transactions; these willvary by bank so check with your bank about the processes used.
  
  

If clients have any doubt about any email theyhave received purporting to be from ING they should contact theirbank.

Clients must be sure that the site they areentering really belongs to ING, and is a secure site;

SSLEay Library

IE5 and above

Netscape 4.7 and above

Check that your website is secure, The URL will begin with https:// OR The application window will specify that SSL(Secure Sockets Layer) Library.
If https, the secure lock icon, a small padlockwill appear on the lower bar of the browser.
Click on the padlock icon to see the details ofthe security certificate. The certificate shows who owns the site;it should be your bank. Check that the details and validity arecorrect. We work with well known certification authoritiessuch as Verisign, Global Sign and Thawte. ING also providescertificates from its own ING Corporate PKI.

If customers have any doubts about a websitethey should contact their bank.

Your account numbers, customer Number, PIN(password), memorable date and customer identification number arethe keys to your account. Never write them down, give them toanyone else or include them in an e-mail. Destroy documentscontaining personal information securely, and be very cautious inposting personal details to social networking sites on theinternet, as criminals can use this information to commit fraud.Remember that protecting your Customer Number, PIN, passwords andsecurity details is your responsibility.

• Update your computer by installing the latestsoftware and patches, to prevent hackers or viruses exploiting anyknown weaknesses in your computer
• Install and update virus protection, to protectagainst viruses corrupting your computer and to prevent hackersinstalling Trojan viruses on your computer
• Install and update anti-spyware tools.
• Install and update personal firewalls
• Use only programmes from a known, trustedsupplier.
  
  

• Use a spam filter to avoid even seeing thesemessages
• Never respond to a spam message, your emailaddress is then recorded as live and the spam will increase.
• Should you read a spam message remember: if itsounds too good to be true, it probably is too good to be true.
  
  

• The US Federal Trade Commission providesinformation here on how to avoid phishing scams
• The Anti-Phishing Working Group providesstatistics on phishing attacks and advice for individuals andcompanies.