Bank of America's premier Online Banking service incorporates industry-leading safety features that give you greater security and peace of mind as you manage your money. Taking some common-sense steps to help protect yourself adds an extra layer of protection to your online experience.
Make sure you’re on the right site
In approved browsers, the address bar will turn green or display a lock icon to verify that the site is secured and encrypted. This is an easy way to make sure that you’re using the Bank of America site and not a fraudulent version.
Online Banking security guarantee
We're committed to making Online Banking secure and protected. Our Online Banking Security Guarantee helps provide protection against fraudulent Online Banking transactions, secures your financial information and covers the timely processing of your payments.Footnote 1
Verify account activity
Online Banking provides you with a convenient way to review your account activity and detect fraud earlier. If you receive an alert for unusual activity on your account, you can use Online Banking to confirm transactions as valid or fraudulent.
Industry-leading safety features
Our award-winning security features like SafePass® provide peace of mind as they help protect you every step of the way.
Our fraud prevention and security systems help protect you with the latest encryption technology and secure email communications. Computer anti-virus protection detects and prevents computer viruses from entering our computer network systems while firewalls block unauthorized access by individuals or networks.
Bank of America uses encryption technology, such as Transport Layer Security (TLS), on its website to transmit information between you and the bank. This helps protect data in 3 key ways:
- Authentication ensures that you are communicating with us and prevents another computer from impersonating Bank of America
- Encryption scrambles transferred data so that it cannot be read by unauthorized parties
- Data integrity verifies that the information you send to Bank of America is not altered during the transfer. The system detects if data was added or deleted after you sent the message. If any tampering has occurred, the connection is dropped.
Secure your computer
- Make sure your computer is equipped with comprehensive spyware and virus-protection software (We offer McAfee® Internet Security free to our customers for 12 months)
- Consider installing anti-keylogging software, which can detect hidden keystroke logging malware and encrypt the keystrokes made on your computer keyboard
- Make sure your computer is equipped with a firewall, which prevents unauthorized users from gaining access to your computer or monitoring transfers of information to and from the computer
- Download and install any operating system and software updates (sometimes called patches or service packs) in a timely manner
- Make sure your browser software is up to date
- Consider using IBM® Security Trusteer Rapport™ security software, which provides online fraud protection for Online Banking transactions (we provide it at no charge for our customers)
- Consider these additional security tips
Monitor your account activity
Checking your account activity frequently can help to detect fraud earlier. You can receive information quickly about activity in your accounts when you set up Alertsfootnote2. In addition to Alerts that are automatically already turned on for your protection, you can set up additional Alerts to stay on top of your balances, payments and transactions. Set up Alerts now (you'll be asked to sign in to Online Banking and then we'll take you to the Alerts set-up page).
Create strong passwords
- Avoid the use of personal information like birthday or a pet's name
- Don't choose passwords using dictionary words, names or parts of names, phone numbers, dates, etc.
- Choose passwords that aren't easy to guess
- Never share them or write them down
- Choose a different password for each account. For example, using the same password on bank accounts and social media may increase risk of identity theft or fraud.
- Create passwords according to the website requirements
- Look for the green bar or lock icon validation in the address bar of your browser to ensure your visiting a website securely
- Ensure proper security settings are in place like up-to-date antivirus software as well as updated applications and operating systems
- Be cautious about downloading applications. Only install applications that come from trusted, well-known sites
- Understand the risks of using public or free Wi-Fi and sending information over unprotected connections
- Turn on the browser's pop-up blocker
- Avoid accessing financial accounts from multiple computers or devices
- Never proceed with processing an online shopping transaction if a certificate error is received. If multiple errors occur and the transaction can't be completed, consider calling the company or finding another company that offers the same product.
- Don't select “remember passwords”. If this is chosen, anyone with access to your computer can sign-in as you.
- Don't allow websites to keep credit or debit card information
Be smart about social networks
- Think before you share personal information. Don't share what you don't want to be forwarded or seen by the public.
- Resist the temptation to post out-of-town plans, “check in” at physical locations or post vacation photos while you are away from home
- Avoid posting photos that reveal an address or a specific location
- Set privacy settings to allow only friends to see content
- Only accept requests from actual friends
Follow internet security issues in the news and discuss them with friends, family and colleagues. Explore online resources like the National Cyber Security Alliance and Microsoft® Security At Home websites that provide comprehensive information about topics such as securing your computer and safe online behavior. Here are some other resources you might explore.
Phishing and spoofing
Phishing and spoofing emails ask you to go to a fake website that looks like Bank of America and provide your personal account information. These emails may even ask you to call a phone number and provide account information. See an example of a fraudulent email
Ways to identify phishing and spoofing emails include:
- Requests for personal information. Bank of America emails will never ask you to reply in an email with any personal information such as your Social Security number, ATM or PIN.
- Urgent appeals. We will never claim your account may be closed if you fail to confirm, verify or authenticate your personal information via email.
- Messages about system and security updates. We will never claim the need to confirm important information due to upgrades and state that you must update your information online.
- Offers that sound too good to be true. For example, you may be asked to fill out a short customer service survey in exchange for money, then be asked to provide your account number to receive the credit.
- Obvious typos and other errors. These are often the mark of fraudulent emails and websites. Be on the lookout for typos or grammatical errors, awkward writing and poor visual design.
Ways to protect against phishing and spoofing:
- Always look for your SiteKey® image when you sign in to Online Banking
- Make sure you are at Bank of America’s website when you sign in to Online Banking. The SiteKey image helps with this, but you can also type www.bankofamerica.com in your browser. If you’re using a secure browser, your address bar will turn green.
- Delete any suspicious email you receive before clicking any links or replying to it
Money mules are unsuspecting victims who become middlemen for criminals trying to launder stolen funds. Common indicators of a money mule scam include overseas companies requesting money transfer agents in the U.S., opening new bank accounts to receive money from someone you don't know, accepting large sums of money into your personal bank account for a new job and transferring or wiring funds out of your personal bank account to people you do not know. Victims of these scams may not only have their bank accounts closed and financial reputations ruined, but often are left financially responsible for returning any stolen funds.
Malware, short for malicious software, includes viruses, spyware and trojans that are designed to infiltrate or damage a computer system, steal personal information and commit fraud. There are several easy ways you can minimize malware risk:
- Never download any file or attachment unless you are absolutely certain what it is and who provided it
- Never click on an advertisement that asks for personal or financial information
- Update your security and system software to protect your computer from malware threats
Vishing uses Voice over Internet Protocol (VoIP) to leave an automated recording on your phone that says your account has experienced unusual activity. The message instructs you to call what appears to be a Bank of America phone number (in fact, the caller ID has been fooled into displaying “Bank of America”). Sometimes criminals also send emails and text messages containing fraudulent phone numbers. Rather than provide any information, you should contact us immediately to verify the validity of the message.