Banks and Fraud: Bank of America Better Than Expected?

How’s this for conflicting data? Just yesterday I wrote about Bank of America being among the worst “big” banks when it comes to fraudulent incidents per billion dollars on deposit, and yet…

According to a recent blurb in Bottom Line/Personal, Bank of America was (for the second year in a row) rated better than all other ‘major’ banks when it comes to protecting customers against fraud. While the scoring criteria weren’t entirely clear, Bank of America’s security measures scored 78 out of a possible 100 points.

Other well-known banks near the top of the list included JPMorgan Chase, Washington Mutual, and Wells Fargo, all of whom scored 70/100. Citibank scored 69/100, BB&T scored 68/100, and Wachovia scored 61/100. Looking at the other end of the spectrum, Bank of the West scored 35/100, Banco Popular scored 31/100, and Comerica came in last with just 24/100 points.

Interestingly, the top-rated banks in these rankings all come out near the bottom in terms of real-life performance. Hmmmm…

20 Responses to “Banks and Fraud: Bank of America Better Than Expected?”

  1. Anonymous

    I don’t understand how they could ding your score, because they should be doing an “soft” pull of your report. This means that it doesn’t lower your score because it is not pulled for a new loan. All of your creditors should be pulling your report this way, which doesn’t lower your score. If BOA is doing it differently, that would probably mean that it’s time for another Class Action Suit against them.

  2. Anonymous

    As many people have reiterated, I’m not worried so much for fraud as I am of BofA’s shooty service. They’ll freeze your account because of what they determine as fraud, then when you call in to unfreeze it… to access your hard earned money… they’re closed. Banker’s hours!

    I understand proactively working against fraud, but they really need to offer a 24 hour service to UNFREEZE ACCOUNTS!

    You can’t just shut someone down because of what you suspect is fraud, then not give them an option to access their money… again, your hard earned money.

    When I called in and finally did talk to someone, I gave them so many forms of identification, including logging into my online banking and paging through to give them the last deposit, to the penny!

    “Can I please have my account unfrozen please!”

    Nope, then they want my drivers license number. Bloody hell! Is a drivers license ID the sacred proof they want, when we all know if you loose your wallet and someone is doing fraudulent damage to your account, they damn well have you ID! It really got to the point where I felt I was being scammed. All I got was a txt message to my phone with a phone number! Can’t trust caller ID, that’s easily spoof’d.

    BofA is lame… they’ve only denied me service on loans for years, then when I finally begin making money, they want my business. Screw them… I’m going elsewhere!

    And OMG… the stories about them pinging your credit, then upping their rates makes my skin crawl!

    This beast has gotten too big and doesn’t care for the little people anymore. I’m taking my business elsewhere.

  3. Anonymous

    I have 3 credit cards with BoA. About a year ago I got a notice that my credit score was dropping due to many inquiries with the credit reporting agencies. I checked into this and found BoA was doing the inquiring. Not much later I recieved a letter telling me they were going to raise my interest rate on all 3 to 29%. If I wanted to opt out I had 45 days to comply. The next bill reflected 29% on 2 and 30% on the 3rd. I called to opt out and they told me all 3 accounts had been late which was a lie. I have found no incidence where thay were even close to late. I closed all 3 accounts before the 45 day limit but 29% to 30% remains plus the crooks get a bailout from the Government instead of protection from them. Do Not do business with this Bank, They will sting you.

  4. Anonymous

    BoA is an unconscionable perpetrator of opportunism in the name of “business practices”. They deserve to be sanctioned. If the mail gets your payment there a day late (according to them), fees are off the charts and there is no working with them. I have several accounts with this bank – which is about to change – and a history of being an exemplary customer. Little good it did me.

    Although I mailed my payment 5 days prior to the due date, it arrived on day six – a day late and a heafty finance charge later- they make no concessions. This is not a case of the public trying to compensate for negligence and late payment, but an opportunistic way for the company to claim late payment and collect fees. They posted a day late (did it really arrive a day late?)- my, my, my, how convenient.

    I am almost completely free of credit charges and when I am I plan to go cash and vote against any credit company bail outs. It’s the public that needs a bail out from this shady practice of squeezing the public on inflated finance charges and bogus posting dates. They should be trying to help those of us that still have the means to pay the cards off rather than go into bankruptcy.

    My apologies to the schlubs in BoA customer service – they deserve combat pay!

    Angry, very angry.

  5. Anonymous

    abc, I am not afraid of fraud because I understand how it happens, and I defend myself against it. Perhaps I should have said “I am not afraid of fraud happening to ME.” For example:

    1. I never click a link in an email that is apparently from one of my financial institutions, unless I check the actual URL (in the browser status bar) very carefully, there are zero warning signs of fraud elsewhere, and I was expecting the email to begin with. (IMO no financial company should ever send links in their own emails, and should advertise that fact to their users. THAT would be a useful security policy.)

    2. I understand how alternative character sets can be used to imitate English URL’s very closely, so I treat all URL’s with appropriate suspicion.

    3. I understand what SSL certs and encryption mean, and what they do not mean.

    4. I am aware of what can be accomplished by cross-site scripting attacks and cross-site request forgeries and I actively avoid situations that could lead to a compromise by those methods.

    5. I do not save my passwords in my browser, instead I save them in a third-party password storage application that is only open when I am accessing a site. I generate a unique, 12+ character, alphanumeric, mixed-case password of high entropy for each website.

    6. I stay very up-to-date on my transactions, so I would quickly spot any fraudulent activity.

    Why do I object to the “security” measures of many financial institutions?

    1. CAPTCHA’s. They are a pain, and they have had to get so difficult to remain secure that they are now difficult for humans as well, and they accomplish little that cannot be accomplish by an appropriate delay/lockout policy (and if you mention the DOS attack opportunity this creates, remember you could always add the CAPTCHA after the first or second attempt).

    2. Username requirements. These are a demonstrably bad security practice. Usernames cannot be expected to be kept as secure as passwords by their users, so trying to up the entropy of the username is much worse than simply demanding higher entropy in the password. Yet username requirements (like “must contain a number”) are an annoyance to the user, who cannot use the same one at each site. Now there are essentially two passwords, except that one is ridiculously weak and adds nothing concrete to our security.

    3. Secret questions. Subject to all the same detractors as username requirements, except these are often harder to generate and remember accurately. Often they are ridiculously easy to learn as well. They are also one of the most time-consuming parts of the sign-in process.

    4. IP-based additional security. I use a laptop, and my IP changes all the time as I use it at home, work, from my cell network and everywhere in between. IP is a bad way to do almost anything on the Internet, other than transmit packets.

    5. Secret pictures/phrases. These are actually a dandy idea, as they help the user identify that they are in the proper location. Note the lack of effort required on the part of the user once they have selected them! A great addition would be having the user click on an object in the image to submit the form, thereby ensuring that they pay attention to it. No issues with this one, except that it’s slapped on indiscriminately like the rest of the security “candy” we are expected to swallow.

    What is the solution to this mess? Very simple, actually:

    1. Client-side certificate generation and checking (instead of things like IP or cookies) with greatly (not marginally) heightened security when no certificate is present.

    2. No links in emails. You can’t initiate a secure operation over an insecure protocol, period.

    3. Strong password requirements. In order for this to have meaning, banks must become involved in password storage and handling application development: sponsor it, recommend it, advertise it. Banks are not pro-active about this, but they must become so. Trying to stay one step ahead of idiot users with ad-hoc security features is incredibly expensive in the IT environment of a financial institution.

    4. Banks must get involved with browser security and start throwing their weight around. Messy, perhaps, but also effective.

    5. Instead of absolving users of all liability for fraud as an account “feature”, they should offer accounts with lower fees or higher returns that retain some amount of liability. That creates an opportunity to educate users that choose them, and makes everyone think more realistically about the costs of security and fraud.

    As for choosing MasterCard over Visa to avoid the “Verified by Visa” program, I am hardly the only one. See http://www.cerias.purdue.edu/site/blog/post/verified-by-visa-issues/

    My complaints are similar to my complaints about banks above. The “features” provide no meaningful additional security to ME, yet I cannot successfully opt out of the program no matter how long I spend on hold with Visa or my bank. Their interactions look for all the world like cross-site attacks, they use mystifying domain names, they are slow and frequently break, and they slow down every single web transaction they are involved in. As for MasterCard being the “worst”, they are no different in any capacity that I rely on them for, and much better on this aspect.

  6. Anonymous

    i hate bankofamerica…
    there full of it they charge you for everything
    overdraft fees they dont work with you…
    just awful……
    i wish simeone would sue them and all the overdraft they cohn people for they can get there money back,,,, cause bank of america rips off people….
    and dont let them bs you that how they work is on all the overdrft fees they cohn from us…..
    disgusted by bankofamerica

  7. Anonymous

    Ethan, you’re an idiot. You pick the worst credit card out of self defense, and are not afraid of fraud. Its people like you that makes people from Ghana think that American’s are an easy target for fraud.

  8. Anonymous

    Just two weeks ago my checking account was hacked and all money was taken away from it…
    My account is At Bank Of America. All Transactions against my accout occured out of state.
    My account now in negative ballance and will not be closed untill I will cover the negative balance or untill the investigation is over. Bank Of America promises to reimburce? get my money back after an investigation but they have no Idea how long it’s going to take

    Bank Employee Can’t even distiguish a real ID from one state from fake one

    Therefore I do Know that BOFA is not the Fraud Proof

  9. Anonymous

    I don’t have credit cards. I use CASH and I don’t rely on banks. I provide my own security. My life got much more enjoyable when I weaned myself off credit/banks, etc.

    I have an excellent credit score, but frankly, I couldn’t care any less because I don’t borrow money.

  10. Anonymous

    Not long ago I read a story that shocked me because it went “stealth” by the media very quickly… the story you are asking?

    Well it is TDAmeritrade security breach. They get hacked and the database of their clients get stolen, TDA clamed it was only the e-mails, yet the same database (server, hard drive, hardware) hold all the data they had including e-mails. But that is not the shocking news. The shocking news is that TDA did not disclose that until some customers took legal action a year later.

    Now…, you probably ask what the link between TDA case and the banks is. Link is, that banks have your data to, and lately they try to get rid of the paper trail, “go paperless”, let suggest you do go paperless, where is your prove you did have money in that bank? Their server has never been hacked if you ask them. You have no ways or means or legal documents in that matter of proving otherwise, and they to embarrass themselves by admitting so, why would they do that? so think twice.

    Recently Feds lowered rates, not ones but twice, mortgage rate went up. So let me see, when banks wish they transfer loss to their customers, taxes, fees… any that you can think of, they feel free to do and do so. Yet when they get a break they keep it for themselves. Don’t you think that is unfair?

    Let get back to the TDA, I’m not scared from crooks who try to rob me, that is what crooks do, isn’t it. I’m scared that those crooks start hiding behind the law, wearing suits, talk fancy, and legally rob me. No sir I’ll pass. I’m curious how long the government and the people of USA will carry these self absorbed punks, instead to let them bankrupt, and by that clear the path for better banking and finance practices? And that is not the only field of business where the case is present. Boeing is complaining that they didn’t win a government bid yesterday… well, you suck, and that is why. If you were that good your offer would win, wouldn’t it. I happened to watch C-span hearing on the tankers case, just by accident, and followed the story in the printed press. My opinion is that they get what they deserved.

    I’m feed up by the political and economical mishmash in the last several decades. It will bring us nowhere. Bribing and lobbing doesn’t nurture innovations, it nurtures more bribes instead. And that is why the news today are the way they are.

  11. Anonymous

    I would think that BoA would be tops in securities. They can be annoyingly so. They’ve called me about very mundane transactions if I’ve made a transaction one state and then traveled abruptly so to another. This is good, and I appreciate that kind of attention. At the same time, i’ve seen friends get frustrated because their account gets shut down. Trying to take too much money out in Vegas for example. It’d be fine if things could then get easily straightened out, but often times it takes time. That’s why I’m a big fan of multiple bank accounts, and credit card options.

  12. Anonymous

    I’ve actually been impressed with BOA’s online security features. It’s the only authentication scheme I’ve seen that shows the user confidential information so the user can verify that they’re not on a phishing site. And the “Safe Pass” feature always gets the pin to my mobile in under 5 seconds.

    Now, if they would just stop raising the minimum on my biz checking account…

  13. Anonymous

    What an interesting point about the discrepancy between the rankings and the real-life performance. For my two cents, I’ve never had problems with any bank EXCEPT Bank of America. Two separate credit card accounts through them created numerous problems throughout the years. In one case, they said that my payment was late every single month (when it was well within the payment due date) and I would have to call every single month to speak to customer service to get it taken care of. I wasn’t in a position to transfer the balance so this went on for several months until I’d paid it off in full. Annoying!

  14. Anonymous

    I actually closed my BofA account because their online “security” measures became a hindrance to banking. Multiple, mandatory security questions, choosing photographs, heightened security when connecting from a new IP… I’m not worried about fraud, I’m worried about being able to bank in peace and simplicity. WaMu doesn’t have any of those measure in place yet. If they add them, I’m probably off to find another new bank.

    And don’t even get me started on “Verified by Visa”. The credit cards I actually use online are now all MasterCards out of self defense, whenever I can control it.

    I’m a geek and can handle my own online security. Instead of coming up with true solutions to the security problems, these companies are just setting up additional hurdles between consumers and services.

  15. Anonymous

    Hmm…that is interesting. So a customer is protected against someone else being fraudulent but not from BofA trying to take your money. I say this after hearing about how BofA have raised their credit card rates ridiculously for some of their good customers.

  16. Anonymous

    All these ratings are easy to manipulate so that you get the results you’re looking for. It’s especially fishy when they don’t detail the criteria they used. You just have to change the weighting of the criteria and you can have any set of results you want.

Leave a Reply