We are continually on the lookout for innovative but proven security features that enhance your banking experience. Why? So you can continue to bank with ING DIRECT in full confidence. Not only do we want you to save your money, we want your money to stay safe.
Is online banking safe?
Yes. You can bank online with ING DIRECT knowing that we use state of the art security technology. All information you share with us is held in the strictest confidence and is in compliance with privacy standards followed by all major Canadian financial institutions.
New and Improved Security Features
Introducing Online PIN Reset
If you've forgotten your PIN, you can reset it online. You will be asked several questions to identify whether you are really you (and not someone posing as you.) and when answered correctly, you will be able to reset your PIN.
Introducing DoubleSafe™: Your Picture, Your Phrase
DoubleSafe is just that - it keeps your identity safe in two ways when you sign into your ING DIRECT account. How? Upon setup you'll be asked to choose 'Your Picture' which comes from a selection of images. Next, you'll select 'Your Phrase' - a personalized phrase to accompany 'Your Picture'. Once DoubleSafe is set up, make sure you see your picture and your phrase. This will help you to avoid logging into a fake ING DIRECT site (also known as phishing). Finally, you will set up answers to secret questions so that we will know that it's really you.
Browser and Computer Security
Free software: an offer that's often too good to be true
Beware of offers on the Internet that promise to improve your PC's Internet speed, or that ask you to download software that will allow you to view photos or movies. This may enable thieves to monitor your activities and capture personal and/or sensitive information. In some cases, downloading the software can enable them to intercept all data you enter between your computer and any website, even if that site is protected. If you require a certain software, only download software from reputable sites.
128 Bits of Safety
Most browsers now come with 128-bit encryption, which provides strong protection when transmitting confidential data over the Internet. We recommend that you upgrade your browser so that your information is scrambled while being transmitted and cannot be read by anybody who intercepts it.
We currently support Internet Explorer 6+, FireFox 2+, and Safari browsers on both the Windows and Mac platforms.
How do I know if my banking session is encrypted (i.e. safe)?
You know that your data is encrypted on a given web page by looking for the padlock icons in the lower portion of your browser or beside the web address.
C is for Cookie
A "cookie" is a small piece of data placed on your computer by a web server when visiting certain websites. This data usually contains encoded information to measure visits. One type of cookie currently used by ING DIRECT is a session cookie. These cookies are stored in temporary memory and will disappear after you leave the ING DIRECT website. These cookies enable you to move back and forth within a secure banking session.
Another type of cookie used by ING DIRECT is a persistent cookie. This cookie is used as part of our user authentication procedure to help ensure that unauthorized individuals are prevented from accessing your account. This type of cookie is also used for site personalization, internal reporting, statistics, marketing (by allowing us to offer ING DIRECT products that may be of interest to you), and to measure user visits. This information is not shared with outside organizations and does not contain any sensitive details.
Hackers keep out!
Install security updates when they become available. Make sure to have a home firewall; it will help protect from many Internet threats. Install anti-virus/anti-spyware software and keep it updated.
Everyday Online Security
Personal security: your PIN gets you IN and makes sure you bank safely
Keep your passwords/PINs safe. Never share, write down or disclose your Internet banking passwords to another individual, or store them in a file on your computer.
When selecting a PIN, avoid choosing numbers that fall in a sequence or pattern. Also, avoid the obvious choices like your birth date. And when selecting a secret question, make sure it's something meaningful, so you'll remember it, and personal, so nobody else can figure it out. Because the more personally meaningful your passwords/PINs, the more obscure it will be to someone else.
You can be immunized from email fraud
How? By being careful and staying wary of unexpected emails. If you don't recognize the sender, think twice before opening or responding to unsolicited mail. And do not download attachments or click on links in an email unless you are sure they're coming from a reputable source.
Phishing: How to Protect Yourself
Phishing is what it’s called when a person (or a group of people) pretends to be someone they’re not so they can trick you into revealing your personal information. They attempt to get user names, passwords or PINs. Phishing emails are the most common way this is done, but it can also happen through a phone call or text message that asks you to confirm personal information. Some of these scams can be disturbingly convincing, but a few good practices will help keep you protected.
Be wary of any communication that asks you to provide confidential information.
For example, ING DIRECT will never send you an email asking for your Client Number, Account Number or PIN. If you ever receive an email that asks for any of these things, it’s smart to be suspicious of it, and we ask that you forward the suspicious email to us at firstname.lastname@example.org or call us at 1-888-SAFE-304 (1-888-723-3304).
Be alert to emails that look “phishy”.
Some phishing emails just don’t look or sound quite right. You might be tipped off by spelling mistakes or typos, or the whole appearance and tone of the email might seem wrong. Don’t reply to the email or use any contact information it provides. If the email is claiming to be from ING DIRECT, contact us using the above email address and phone number.
Maximize your email security settings.
Have a look at your email settings and make sure that you’re using all of the filtering tools you have available. By scanning incoming mail for recognizable threats, your email program can help you stay protected.
Vishing can be vicious
Vishing (Voice Phishing) is similar to Phishing but done over the phone. It can be used to get access to your personal financial information. Unfortunately it's very hard to trace, so in order to stay safe, it's best to protect yourself by staying on guard when you receive a phone call that asks you to provide any financial information like a PIN or a credit card number.
What should I do if I suspect there's a fraudster on the line?
If you ever receive a suspicious call, simply don't provide any personal or sensitive information and get in touch with that specific financial institution to follow up on the inquiry. You can call our online security line at
Spoofing is not funny.
Spoofing is when someone is able to masquerade as someone else online by using a program that can change data. It's done by way of relatively inexpensive automated systems that make it seem (to a computer) that the Spoofer is someone who they actually aren't.
It's okay to blow the whistle
If you or anyone you know has been a victim of Phishing, Vishing, or any other financial fraud, please report all incidents to the involved financial institution to prevent future issues from occurring. Online security is everyone's responsibility to share in so we can all stay safe.
Identity Theft – don't let it be yours
Identity and information theft is a serious problem facing consumers and businesses today. Hackers are no longer interested in breaking into computer systems and causing them to crash. Instead, they now want to keep a system up and running so they can steal information from it or use it as a launch pad for attacks against other computers. If your identity is 'stolen' you may find yourself with a poor credit rating as the fraudster has taken out loans, credit cards etc., in your name. If you notice any abnormal activity in your financial records, don't hesitate to contact your financial institution to follow up. See Top 10 Tips to Protect Your Identity.
Card skimming – be aware
Credit and debit card fraud can happen at bank machines, ABMs, and retailers virtually anywhere. Make sure whenever entering a PIN into a machine you keep it private and keep your eyes open for suspicious-looking devices attached to a machine. You may be unknowingly helping thieves gain access to your bank account.
As long as there are cheques, there will continue to be cheque fraud
Once in a while you need to a write a cheque. Everyone does at some point. After the cheque clears, make sure you look at your account balance to ensure that the appropriate amount has been deducted. Try to avoid carrying your cheque book around with you unless you really need it.
Friends don't ask friends to move their money
Friendships may run deep, but we don't advise that you make financial transactions for anyone but yourself. This way, you can be assured that you're the only one performing any actions through your account. The less people that have access to your account(s) the safer and more secure. Also, if anyone you don't know ever asks you to perform any sort of financial transaction on your/their behalf, just say no.
Advance fee fraud: one of the oldest tricks in the book
This is the type of fraud where you're persuaded by way of a false promise or guarantee to send small(ish) amounts of money in the hopes of reaching a large (imaginary) pot of gold at the end of the rainbow, such as lottery winnings or someone who needs help moving money out of the country. Scams like this come in the form of letters, emails and offers in advertisements, where they typically want you to invest in some sort of "opportunity" too good to be true. And guess what – it is.
10 Tips to Protect Your Identity
- Before you reveal any personal information, find out how it will be used and if it will be shared.
- Don't carry your SIN card; leave it in a secure place.
- Deposit your outgoing mail in post office collection boxes or at your local post office.
- Promptly remove mail from your mailbox after delivery.
- Ensure mail is forwarded or re-routed if you move, change your mailing address, or arrange for pick-up if you are away for an extended period.
- Do not give out personal information on the phone, through email or over the Internet unless you have initiated the contact or know with whom you're dealing.
- Keep items with personal information (e.g. bank statements, receipts, tax records) in a safe place.
- An identity thief can pick through your garbage or recycling bins. Be sure to shred receipts, copies of credit applications, insurance forms, physician statements, and credit offers you get in the mail.
- Check your financial statements on a regular basis and report any suspicious activity.
- When disposing of a computer or other electronic storage device, make sure to remove all personal data first.
Online Banking Checklist
- Don't allow your computer programs and browsers to save your password(s). For example, when you encounter a pop-up box that asks if you would like your password to be remembered, always click "NO". Saying "OK" can give anybody using your computer access to your personal information.
- Protect you PIN. Your PIN, along with your Client Number, are the access keys to your financial information. Make sure you memorize your PIN and do not reveal it to anyone.
- Do not send personal information (such as SIN, account numbers, passwords, etc.) through email.
- You should always access the ING DIRECT website by opening up a browser window and typing the address directly into the address bar of the browser. Don't ever access it through a link sent to you. It may take you to a site that looks like ING DIRECT, but isn't.
- While logged into any online account, do not leave your computer unattended. Although inactivity while logged into your ING DIRECT account will force your session to time out, it is advisable to log out when you're done.
- We recommend avoiding the use of public or shared computers for Internet banking. Many are OK for just surfing, but don't access sensitive information or use a log in and password. You never know if that PC is properly secured.