Skip to main content
Privacy & Security

Online Banking FAQs

  • Hide What measures does Bank of America take to keep Online Banking secure?

    Online Banking uses industry-standard protocols that leverage encryption for transferring data. Encryption creates a secure environment for the information being transferred between your browser and Bank of America.

    These security protocols protect data in 3 key ways:

    Authentication ensures that you are communicating with the correct server. This prevents another computer from impersonating Bank of America.

    Encryption scrambles transferred data to prevent eavesdropping of sensitive information and to ensure that only the server you're sending the information to can read it.

    Data integrity verifies that the information sent by you to Bank of America wasn't altered during the transfer. The system detects if data was added or deleted after you sent the message. If any tampering has occurred, the connection is dropped.

  • Show How do I know I'm on the real Bank of America site?

    To help ensure you're on the real Bank of America website before you sign in, check your browser address bar for:

    • Green text/shading
    • Lock icon

    browser address bar

  • Show What security tools are available to me?

    You have the option to add extra security to help verify your identify with a one-time authorization code, which is sent by textFootnote1 or email each time you sign in.Footnote2 And, with more security settings, new optional security alertsFootnote3 and sign-in history, you can more closely monitor Online and Mobile Banking activity. All of these tools are conveniently located in one place in your Security Center, which you can access from Profile & Settings in Online and Mobile Banking.

  • Show How does the one-time authorization code option work?

    From your Security Center in Online Banking, you may opt for extra security at sign-in. You'll receive a one-time authorization code through a textFootnote1 or email each time you sign into Online Banking.Footnote2 The code can only be used once and will expire within 10 minutes after it is sent. Your ability to receive and enter the code helps verify your identity.

  • Show What are challenge questions and how are they used?

    They are used to help verify your identity when you sign in from an unrecognized computer or mobile device. You selected challenge questions and answers when you enrolled in Online Banking. You can change them at any time by going to Profile & Settings in Online Banking.

  • Show How do I know I'm using the real Bank of America Mobile Banking app?

    If an app is available for your mobile device, make sure you download the official Bank of America Mobile Banking appFootnote4 from a reputable app store such as Google Play or the iTunes App Store or from our Mobile Banking page.

  • Show Does the Consumer Privacy Notice apply to all transactions and other activities I perform while I'm banking online at Bank of America?

    Yes. The Consumer Privacy Notice describes how the company collects, shares and protects personal information about customers in order to conduct business. This Notice applies to all Bank of America customers and their account transactions and other activities performed online as well as offline. Additionally, our Online Privacy Notice explains how we manage the privacy and security of personal and other information collected online. We encourage you to learn more by reading our Online Privacy Notice.

  • Show Do you ever make changes to your Online Privacy Notice?

    We may occasionally make changes or update our Online Privacy Notice. When we do make changes or updates, we will also update the effective date of the policy. The effective date is indicated at the top of the policy.

Report suspicious activity

  • In your email:
    To report a suspicious email that uses Bank of America's name, forward it to us immediately at mailto:
  • On your statement:
    To report fraudulent activity on your Bank of America account, call 800.432.1000.
  • In texts:
    SMShing” and Smishing are like phishing but sent via SMS text messages to access information. Report attempts at mailto:
  • By phone:
    Vishing” uses the features of Voice over IP (VoIP) phones to steal personal and financial information. Report it at mailto: