I visited the Bank of America website to sign up their online banking service. I am curious about what kind of services they provide and also concerned about the security to access my account online. Is it possible that some unknown third party to intercept sensitive financial information while data transmitted through the network? What does the bank do to protect its system from hacking? How does the bank handle information collected from me? It’s worthwhile doing some homework before rushing to enroll in the new service.

Overview of BOA Privacy & Security Policy

Bank of America currently is promoting online banking with bill pay, so I could find information about online banking fairly easily on their website. I followed the “Learn more” link on the online banking banner ad and entered the “Online Banking” page. This page contains several parts, and the link to “Online Banking Guarantee” section draws my immediate attention. Bank of America gives four guarantees for its consumers, including $0 liabius types of information they collect and use, such as application information and transaction information. At the beginning of its privacy policy, Bank of America clearly states that they don’t sell or share any customer information with marketers. In later parts, you can find their policy regarding information sharing within Bank of America, with their partner companies, and in other situations like legal process. Customers are allowed restrict access to information about them.

Bank of America actually designates a whole section to define how its online practices operate. For instance, you can find out how cookies are used by the bank to track your usage of their web site. If you want to consolidate account information from several sources to be view on one site, you can learn what you should pay attention to while using aggregation services. The site also clear states that how they deal with online advertising, online survey and sweepstakes and online planning tools and what options their customers have.

This site also clearly defines customer’s responsibility to enhance information security and the ways to prevent from identity theft, card fraud, scams and swindles.

Criteria:

Security: For online banking services, nothing is more important than security. The security procedures currently run by Bank of America are pretty standard, but I still doubt if they are strong enough to protect information security. For instance, is there any intrusion detection system running to monitor the network? How do they handle intrusion attempts? I cannot find any satisfying answer for my question in their security policy. I believe there are more that need to be covered in their security policy.

Privacy Protection: From my point of view, the privacy policy provided by BOA covers almost all aspects of issues that concern me. I'm happy to know that my personal information is well protected and I have options to control my interactions with the bank. I can choose not to receive direct marketing offers from Bank of America.

Policy Clarity: Bank of America's privacy and security policy is clear and specific. I like the concept that properly protecting sensitive financial information is a shared responsibility. Bank of America not only describes in detail about how they keep information confidential, they also educate their consumers to be better aware their responsibility to enhance information security.

Recommendations:

I was impressed with Bank of America's privacy and security policy. It is clear and specific about how the bank protects its customers and how customers can do to protect themselves. One thing that I think they do need to improve is the security of online banking services. Except for firewalls and encryption, other technologies, such as intrusion detection, private addressing and sanitized systems, can be applied to better protect sensitive financial information.

References:
Privacy & Security, Bank of America
Online Banking, Bank of America