Skip to main content
Privacy & Security

Online Banking FAQs

  • Hide Does the Consumer Privacy Notice apply to all transactions and other activities I perform while I'm banking online at Bank of America?

    Yes. The Consumer Privacy Notice protects you when you are online at any Bank of America website. Your online activities are also covered by the Online Privacy Notice, which explains how we may collect information from you online when you visit a Bank of America site. The Online Privacy Notice also explains how we manage the privacy and security of your personal and account information online. To learn more, we encourage you to read our Online Privacy Notice.

  • Show Do you ever make changes to your Online Privacy Notice?

    We may occasionally make changes or update our Online Privacy Notice. When we do make changes or updates, we will also update the effective date of the policy. The effective date is indicated at the top of the policy.

  • Show What measures does Bank of America take to keep Online Banking secure?

    Online Banking uses industry-standard protocols that leverage encryption for transferring data. Encryption creates a secure environment for the information being transferred between your browser and Bank of America.

    These security protocols protect data in 3 key ways:

    Authentication ensures that you are communicating with the correct server. This prevents another computer from impersonating Bank of America.

    Encryption scrambles transferred data to prevent eavesdropping of sensitive information and to ensure that only the server you're sending the information to can read it.

    Data integrity verifies that the information sent by you to Bank of America wasn't altered during the transfer. The system detects if data was added or deleted after you sent the message. If any tampering has occurred, the connection is dropped.

  • Show How do I know I'm on the real Bank of America site?

    To help ensure you're on the real Bank of America website before you sign in, check your browser address bar for:

    • Green text/shading
    • Lock icon

    browser address bar

  • Show What does SSL mean?

    SSL stands for Secure Socket Layer. This technology allows users to establish sessions with internet sites that are secure, meaning they have minimal risk of external violation. Once inside the Online Banking site, you are secure through our use of SSL technology.

  • Show What is encryption?

    Encryption is the scrambling of information for transmission back and forth between 2 points. A key is required to decode the information. When you request information about your accounts, the request is sent encrypted to Bank of America. We then decode your request for information and send it back to you in an encrypted format. When you receive it, your information is decoded so you can read it. Because your account information is being transmitted between you and Bank of America, encryption helps protect your account information from being intercepted and read by a third party.

  • Show What is an extended validation SSL certificate?

    An extended validation SSL certificate is an added layer of security to help protect your private information when transmitted online. If you are using Microsoft Internet Explorer 7 or later to go to a secure website, an extended validation SSL certificate will cause the address bar of your browser to turn green. A display in the green bar will visually verify that the site is secure and encrypt the data you submit. If the site is unknown, a yellow address bar will be displayed indicating you should proceed with caution. If you are on a site that has been recognized as dangerous, a red address bar will display.

    Other browsers and older versions of Internet Explorer will display extended validation SSL certificates with the same security symbols as existing SSL certificates: a lock icon.

  • Show I received a message saying the security certificate for this site has expired. How do I correct this?

    Security certificates are valid for specific date ranges. If the month or year on your computer isn't accurate, it may cause your browser to display a message that the certificate has expired or is not yet valid. Check the date settings on your computer and make sure to adjust them to reflect the correct month and year.

  • Show Can I use an email address that is forwarded to another address? For example, if forwards to, can I use

    We don't recommend using an email address that is forwarded to another address because this could result in the delay or non-delivery of urgent communications such as fraud alerts or other communications required by law.

Report suspicious activity

  • In your email:
    To report a suspicious email that uses Bank of America's name, forward it to us immediately at mailto:
  • On your statement:
    To report fraudulent activity on your Bank of America account, call 800.432.1000.
  • In texts:
    SMShing” and Smishing are like phishing but sent via SMS text messages to access information. Report attempts at mailto:
  • By phone:
    Vishing” uses the features of Voice over IP (VoIP) phones to steal personal and financial information. Report it at mailto: