The Customer Information Security Policy, as one of ING Banks most valuable plusses, is to ensure best protection of data created, processed and stored on the Banks technological infrastructure and of the systems where such data are created, processed and stored, against certain risks.
The general guidelines as to how to use and protect the applications and systems where customers data are created, processed and stored are provided below.
ING Bank provides its customers with fast, error-free and quality services.
ING Bank checks and monitors information/data within a flow designed in accordance with the technological infrastructure, and ensures confidentiality degrees and access authorizations to be set for information/data.
At ING Bank, all information/data stored on various media of the technological infrastructure are retained.
Owners of information are ultimately responsible for such information.
Access by unauthorized persons to the media where customer information is processed and stored and to such information is prevented.
Transactions made by users with their user codes and PINs are their own responsibility. PINs consist of at least 6 alphanumeric characters with no space so long as hardware and software in used permit and are required to be changed automatically at certain periods, depending on places of use.
Upon incorrect user code and PIN entries in excess of a certain number, the user code is blocked temporarily or permanently.
Protection of our Internet Branch against external factors is provided by such tools as Firewall, IDS, Virus protection, and security facilities of Operating Systems.
ING Bank ensures that all system PINs related to Information Security, all credit cards, and valuable assets e.g. HSM (Hardware Security Module) equipment, etc. are safeguarded according to specific security rules.
It conducts periodic evaluations on Information Security and identifies existing risks, reviews and follows up action plans based on such evaluations.
It ensures that the inventory of information- and information systems- related valuable assets (computers, Network Equipment, Hardware, Software and Licenses, etc.) at the Bank is proper and true.
ING Bank prevents any potential disputes and conflicts of interest between personnel, customers and the bank.
ING Bank personnel may not disclose in any way non-public information to third parties, except those who need to know the same.
Any information of ING Bank is confidential and it is prohibited to release to third parties or trade such information.
Subject to Article 17/2 of the BRSA Communiqué on the Guidelines to be used as a Reference in Information Systems Management at Banks, please be informed that, starting with 2010, you will have the option to decide whether your information may be shared with third parties, and you can apply to your branch (in this respect) if you wish so.