You are responsible for keeping your online banking login credentials confidential and for all transactions made using your credentials. If someone else accesses your account using your username and password, you may be liable for those transactions.
This analysis describes what Bank of America's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
If your login credentials are compromised and someone makes unauthorized transactions, your ability to recover those funds depends on how quickly you report the problem and whether you can demonstrate you did not share your credentials.
Interpretive note: The precise credential security and liability language from the agreement could not be verified from the encrypted PDF; the analysis is based on standard Bank of America Online Banking Agreement terms and EFTA's applicable statutory framework.
Consumers bear responsibility for safeguarding their own credentials, and delays in reporting unauthorized access can increase their financial liability for fraudulent transactions under the agreement and EFTA's statutory framework.
How other platforms handle this
You are responsible for maintaining the confidentiality of your account and password and for restricting access to your computer, and you agree to accept responsibility for all activities that occur under your account or password. Amazon does sell products for children, but it sells them to adults, ...
Replit does not knowingly collect personal information from children under 13. Users between the ages of 13 and 18 may use the platform with parental or guardian consent. If we learn we have collected personal information from a child under 13 without verification of parental consent, we will delete...
The Services are not directed to children under the age of 13. If you are under 13 years of age, then please do not use or access the Services at any time or in any manner. If we learn that personally identifiable information has been collected on the Services from persons under 13 years of age and ...
Monitoring
Bank of America has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 10 platforms.
REGULATORY LANDSCAPE: Consumer liability for unauthorized electronic fund transfers is primarily governed by the Electronic Fund Transfer Act and Regulation E, which establish a statutory liability framework that limits consumer exposure to $50 for losses reported within two business days and up to $500 if reported within 60 days. Losses reported after 60 days may not be recoverable under EFTA. Contractual provisions that purport to impose greater liability than EFTA permits are not enforceable for EFTA-covered accounts. The CFPB enforces Regulation E and accepts consumer complaints about improper denial of unauthorized transaction claims. GOVERNANCE EXPOSURE: Medium. The agreement's assignment of credential security responsibility to consumers is standard practice, but the CFPB has scrutinized bank practices around denial of unauthorized transaction claims, particularly where banks characterize transactions as authorized because the consumer's credentials were used. Overly broad denial of unauthorized transaction claims based solely on credential use has been a subject of CFPB supervisory focus. JURISDICTION FLAGS: California and other states with strong consumer protection frameworks may impose additional obligations on financial institutions when investigating unauthorized transaction claims. The interaction between contractual credential security provisions and EFTA's mandatory protections should be evaluated carefully for California, New York, and Illinois customers. CONTRACT AND VENDOR IMPLICATIONS: Business customers using online banking for commercial transactions should be aware that Regulation E's consumer protections may not fully apply to commercial accounts, and the contractual liability framework for unauthorized business account access may be more demanding. Commercial account holders should review UCC Article 4A and their specific account agreements for the applicable liability framework. COMPLIANCE CONSIDERATIONS: The bank's investigation and resolution procedures for unauthorized transaction claims should be audited to ensure compliance with Regulation E timelines and to confirm that claims are not systematically denied solely on the basis that a correct credential was used. Consumer-facing communications about the reporting deadline and the importance of prompt reporting should be reviewed for clarity and accuracy.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Watcher: 10 platforms + same-day alerts. No credit card required.
Professional Governance Intelligence
Need to monitor specific governance provisions?
Professional includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
If your login credentials are compromised and someone makes unauthorized transactions, your ability to recover those funds depends on how quickly you report the problem and whether you can demonstrate you did not share your credentials.
Consumers bear responsibility for safeguarding their own credentials, and delays in reporting unauthorized access can increase their financial liability for fraudulent transactions under the agreement and EFTA's statutory framework.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Bank of America.