Skip to main content
Privacy & Security

Online Banking FAQs

  • Hide Does the Consumer Privacy Notice apply to all transactions and other activities I perform while I'm banking online at Bank of America?

    Yes. The Consumer Privacy Notice protects you when you are online at any Bank of America website. Your online activities are also covered by the Online Privacy Notice, which explains how we may collect information from you online when you visit a Bank of America site. The Online Privacy Notice also explains how we manage the privacy and security of your personal and account information online. To learn more, we encourage you to read our Online Privacy Notice.

  • Show Do you ever make changes to your Online Privacy Notice?

    We may occasionally make changes or update our Online Privacy Notice. When we do make changes or updates, we will also update the effective date of the policy. The effective date is indicated at the top of the policy.

  • Show What measures does Bank of America take to keep Online Banking secure?

    Keeping financial and personal information about you secure and confidential is one of our most important responsibilities. Our computer systems are protected by computer anti-virus protection, which detects and prevents computer viruses from entering our computer network systems, and by firewalls, which block unauthorized access by individuals or networks.

    Bank of America also uses encryption to transmit information between you and the bank. This protects data in 3 key ways:

    • Authentication ensures that you are communicating with us and prevents another computer from impersonating Bank of America
    • Encryption scrambles transferred data so that it cannot be read by unauthorized parties
    • Data integrity verifies that the information you send to Bank of America is not altered during the transfer. The system detects if data was added or deleted after you sent the message. If any tampering has occurred, the connection is dropped.

  • Show How do I know I am at the Bank of America site and not a phishing site?

    Bank of America provides a service called SiteKey®, an online banking security feature used to help confirm the identity of the bank and the customer. Using SiteKey is like having a safe deposit box that requires 2 keys to open. Before the customer and the bank agree to open the box together, they confirm each other's identify. Customers pick one of thousands of images, write a brief phrase and select 3 challenge questions. The customer and the bank can pass that information securely back and forth to confirm their identities.

  • Show What does SSL mean?

    SSL stands for Secure Socket Layer. This technology allows users to establish sessions with internet sites that are secure, meaning they have minimal risk of external violation. Once inside the Online Banking site, you are secure through our use of SSL technology.

  • Show What is encryption?

    Encryption is the scrambling of information for transmission back and forth between 2 points. A key is required to decode the information. When you request information about your accounts, the request is sent encrypted to Bank of America. We then decode your request for information and send it back to you in an encrypted format. When you receive it, your information is decoded so you can read it. Because your account information is being transmitted between you and Bank of America, encryption helps protect your account information from being intercepted and read by a third party.

  • Show What is an extended validation SSL certificate?

    An extended validation SSL certificate is an added layer of security to help protect your private information when transmitted online. If you are using Microsoft Internet Explorer 7 or later to go to a secure website, an extended validation SSL certificate will cause the address bar of your browser to turn green. A display in the green bar will visually verify that the site is secure and encrypt the data you submit. If the site is unknown, a yellow address bar will be displayed indicating you should proceed with caution. If you are on a site that has been recognized as dangerous, a red address bar will display.

    Other browsers and older versions of Internet Explorer will display extended validation SSL certificates with the same security symbols as existing SSL certificates: a lock icon.

  • Show I received a message saying the security certificate for this site has expired. How do I correct this?

    Security certificates are valid for specific date ranges. If the month or year on your computer isn't accurate, it may cause your browser to display a message that the certificate has expired or is not yet valid. Check the date settings on your computer and make sure to adjust them to reflect the correct month and year.

Report suspicious activity

  • In your email:
    To report a suspicious email that uses Bank of America's name, forward it to us immediately at mailto:
  • On your statement:
    To report fraudulent activity on your Bank of America account, call 800.432.1000.
  • In texts:
    Smishing” or SMS phishing uses text messages to access information. Report attempts at mailto:
  • By phone:
    Vishing” uses the features of Voice over IP (VoIP) phones to steal personal and financial information. Report it at mailto: