We value your trust and we understand that handling your financial information with care is one of our most important responsibilities. Only those who need to know a customer's financial information—because they provide the accounts and services the customer might need—are authorized to have access to it.
Bank of America operates under a detailed, rigorous information security policy and program designed to protect the security and confidentiality of our customers’ information. The Bank of America Board of Directors has approved this policy and program, and the Board is kept informed on the overall status of our information security program. The information security program is also subject to ongoing regulatory oversight and examination.
In addition, we have a strict code of ethics for all associates. This code requires confidential treatment of customer information. All associates with access to customer information must complete information protection training annually. Bank of America also maintains physical, electronic and procedural safeguards to protect against unauthorized access to customer information.
Bank of America is committed to providing customers with the best financial products and services available. In order to do that, we sometimes use other companies to assist in providing high-quality, efficient and cost-effective service. We also use affinity partners to offer a greater range of financial products that may be tied to organizations of interest to you. We take great care in choosing our suppliers and Affinity Partners.
Bank of America operates under detailed, rigorous information security policies and programs that go well beyond the requirements of regulatory guidance. A vital element of our information security program requires oversight of third-party suppliers, which applies to international as well as domestic companies. Contracts with our suppliers who have access to our customers’ information require them to substantiate that they meet the strict requirements of our information security program and only use the information for restricted purposes.
There are many types of email fraud. A recent and increasingly common type of email fraud involves the use of phony emails that ask you to provide sensitive personal, financial or account information. You may be asked to supply the information in a return email, in a separate form attached to the email or by visiting a phony website using a link contained in the email message. The people attempting to get this information may use it to access your accounts directly in order to withdraw money or to open new accounts in your name using your information. Learn more about email fraud
Recognizing email fraud is not always easy. The criminals who use email and online fraud to try and get your personal, financial or account information are adopting increasingly sophisticated techniques. You should approach unsolicited email containing urgent appeals for security or personal information with great caution. You should always confirm the validity of email messages that appear to come from trusted sources. Bank of America will never ask you provide your Social Security number, ATM or debit card PIN or any other sensitive information in response to an email. If you receive an email from Bank of America and you're not sure if it's real, don't click on any links in the email. See an example of a fraudulent email
Please forward any email that you suspect may be fraudulent to email@example.com
Here are some tips for protecting your personal information:
- Be cautious when providing personal data such as your Social Security number and bank account or credit card account information over the telephone, in person or online. Do not give out this information unless you are absolutely sure of the person with whom you are dealing.
- Carry only necessary identification with you. Do not carry your (or other family members') Social Security card(s). Do not carry passports or birth certificates unless needed that day.
- Monitor bills and bank statements frequently. Immediately report any suspected fraudulent transactions to the holder of your account.
- Receive and store as many of your account statements electronically as you can
- Store cancelled checks, new checks and account statements in a safe place
- Question suspicious emails. We will never send you an email asking for your Online ID or passcode.
- Use a digital wallet
A digital wallet stores information about your physical debit and credit cards so you can make purchases at participating merchants. Certain digital wallets use virtual cardsFootnote1. A virtual card is the digital form of your physical debit or credit card and it has a unique card number stored within a digital wallet that's different from the physical card number. So, it cannot be accessed from your digital wallet if your mobile device is lost or stolen. You can use your virtual card with your digital wallet to conveniently make purchases, just like your physical debit and credit cards. You still get all the rewards, benefits and protections your physical card provides.
Learn more about Apple Pay® »
Learn more about Android Pay™ »
Learn more about Samsung Pay »
Learn more about Microsoft™ Wallet »
Learn more about Visa Checkout »
- Install anti-virus and anti-spyware programs on your home computer. Keep these programs updated.
- Don't write your personal identification number (PIN), Social Security number, driver's license number or credit card account number on checks or on your ATM, credit card or debit card. Stand directly in front of the ATM when entering your PIN.
- Keep mail secure. Do not mail bills or sensitive information from your home or from unsecured mailboxes. Retrieve and review your mail promptly.
- Tear up or shred pre-approved credit offers, receipts (including ATM receipts) and other information that could link your name to your account numbers.
- Check your credit report periodically and be sure all information is up to date and accurate. Have any fraudulent transaction deleted. For a free annual copy of your credit bureau report contact www.annualcreditreport.com or call 877.322.8228.
Various security pages on our site, for example Online Banking Security and Credit & Debit Card Security, contain specific information under the What you can do tab on the page. Be sure to review this information.
Just as criminals try to steal from people through email fraud, they also try to steal through text message fraud. This is typically known as SMiShing—phishing that happens through SMS text messages. A criminal sends a text message intended to trick you into replying with financial or personal information or clicking on a link that will sneak a virus onto your mobile device. Follow these tips to be on guard against SMiShing:
- Don’t respond to a text message that requests personal or financial information. Bank of America often sends messages from SMS short numbers for alerts, but we will never ask you for personal or financial information in a text message.
- Verify any phone number that appears in a text message. If you’re in doubt, call the customer service number on our Contact Us page, on your statement or on the back of your credit, debit or ATM card.
- Forward any Bank of America-related messages to firstname.lastname@example.org Include the number the message came from and a copy of the message itself.
- Many carriers allow you to report spam by forwarding unsolicited text messages to 7726 (which spells SPAM).1 As with many other spam-reporting systems, this will help eliminate spam messages for everyone.
If you receive what appears to be a fraudulent text message, we urge you to report it immediately:
Criminals trying to steal from people through phone fraud is typically known vishing—phishing that happens through a phone call. A criminal calls and poses as a legitimate bank or trusted financial service and tries to trick you into providing your financial or personal information. Often the caller notifies you of a non-existent alert or some sort of urgent matter as a way to trick you.
Unfortunately, caller ID is not always a reliable way to confirm the identity of the caller: Caller ID can be manipulated to make a call from one number appear to be from another number. Do not share any personal or financial information with anyone unless you are absolutely certain who you’re speaking with.
If you have any doubt about the legitimacy of the call, hang up immediately and call the customer service number on our Contact Us page, on your statement or on the back of your credit, debit or ATM card.
If you receive what appears to be a fraudulent phone call, we urge you to report it immediately by sending the phone number and any pertinent information to email@example.com. Be sure to include any relevant details, such as whether the suspicious caller attempted to impersonate Bank of America and whether any personal or financial information was provided to the suspicious caller.
1Wireless carrier fees may apply.