How did WE ensure system security?
ING Business uses advanced security methods to guarantee full security of orders. The security devices, which are based on state-of-the-art technologies, have been applied not only in the system itself but also on the part of the system users.
Find out what should YOU keep in mind
System security
Any communication between your computer
and bank’s server is encrypted using the TLS encryption technology (Transport Layer Security), which ensures integrity and confidentiality of data transmitted over the Internet.
User verification
during a login and executing transactions done through management of the private and public keys (digital signature) or authorization using one-time SMS codes.
An extensive system of user profiles
allows managing system access rights. If users only use the system in their workplace, it is possible to specify one or multiple IP addresses from which logging in will be made possible.
User security
ING Business offers two login and authorization methods:
- using a digital certificate on a cryptographic carrier,
- using login, password and one-time authorization codes delivered via text message (SMS).
Certificate based method
Requires entering of the user password and presenting the digital certificate on the data carrier - the microchip card placed in a card reader or the eToken connected with the USB port.
While working with the system, the Client will use one of the below packages delivered by the Bank:
- a microchip card and the card reader with connection to the USB port,
- a microchip card and the card reader with connection to the PCMCIA port,
- eToken connected to the USB port.
The eToken and the microchip card, which is the size of a regular payment card, are made according to modern technologies that guarantee maximum security. Further use of the system is disabled once the card is removed from the card reader or the eToken is removed from the USB port. The information sent via the system are encrypted by means of the RSA algorithm.
Find out about the security rules for the e-Token and microchip card users
The text message (SMS) codes based method
Is based on three security elements: login, password and text message (SMS) codes. When logging in the user enters personal login and the masked password, in correct fields on the screen.
Based on sophisticated algorithms, the system assesses whether the operation (including login) requires text message (SMS) authorization code. If necessary, you will receive a one-time authorization code at the time of the operation. Please verify the contents of text message (SMS) and pay special attention to the date and amount of the transfer and the account numbers shown in the message. If the data in the text message (SMS) is consistent with the operation performed, you should enter the authorization code in appropriate field in a browser window.
Text message (SMS) codes are sent to the mobile phone number, which has been defined for the User. Information transmitted within the system is encrypted using the RSA algorithm.
Encryption of data transmitted over the internet
Any communication between your computer (identified as the user) and bank’s server is encrypted using the SSL encryption protocol (Secure Socket Layer).
ING Business uses the Extender Validation SSL certificate with the key length of 2048. The EV SSL certificate is compatible with modern browsers, such as Internet Explorer 9 or Mozilla Firefox 32.0 (or higher version). Thanks to it, the logo, name and firm location are clearly visible. Additionally the certificate guarantees data encryption security along with complete protection from any unauthorized modifications and authenticates computers involved in the data exchange process. Receiving the EV SSL certificate is preceded with very thorough authentication of the applying party. This certificate is granted only to trusted and verified institutions.
The correct certification path for a product server of ING Business is as follows:
In the bottom right corner of the window or at the top address strip of every browser, there is a visible padlock icon. The padlock needs to be locked. By clicking on it, you can check the ING Business verification path. After the window titled Certificate opens, click on the Certification Path – applicable only to IE users. When using other browsers follow the certificate verification instructions issued by their producers.
Last element of the certification path in the text message (SMS) codes based method is start.ingbusinessonline.pl. For certificate based method the last element of the certification path is ligin.ingbusinessonline.pl
You can confirm the credibility of the ING Bank Śląski certificate for ING Business by checking the public Thumprint. The correct value of the Thumbrint is as follows:
Thanks to the certificates issued by VeriSign, you can be sure that you have made a secure connection with the bank’s servers.