You are responsible for keeping your online banking login credentials confidential and for all transactions made using your credentials. If someone else accesses your account using your username and password, you may be liable for those transactions.
This analysis describes what Bank of America's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
If your login credentials are compromised and someone makes unauthorized transactions, your ability to recover those funds depends on how quickly you report the problem and whether you can demonstrate you did not share your credentials.
Interpretive note: The precise credential security and liability language from the agreement could not be verified from the encrypted PDF; the analysis is based on standard Bank of America Online Banking Agreement terms and EFTA's applicable statutory framework.
Consumers bear responsibility for safeguarding their own credentials, and delays in reporting unauthorized access can increase their financial liability for fraudulent transactions under the agreement and EFTA's statutory framework.
How other platforms handle this
This policy applies to you and anyone using the Services on your behalf, including your end users. You are responsible for ensuring that your use of the Services, and the use of the Services by others on your behalf, complies with this Policy.
You are solely responsible for your use of the Service and for all Inputs you make available to Pika, whether by uploading them through the Service or otherwise making them accessible to others. You are also solely responsible for any Outputs generated via the Service. You assume all risk associated...
We have implemented appropriate technical and organizational security measures designed to protect the security of any Personal Information we process. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technolo...
Monitoring
Bank of America has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
REGULATORY LANDSCAPE: Consumer liability for unauthorized electronic fund transfers is primarily governed by the Electronic Fund Transfer Act and Regulation E, which establish a statutory liability framework that limits consumer exposure to $50 for losses reported within two business days and up to $500 if reported within 60 days. Losses reported after 60 days may not be recoverable under EFTA. Contractual provisions that purport to impose greater liability than EFTA permits are not enforceable for EFTA-covered accounts. The CFPB enforces Regulation E and accepts consumer complaints about improper denial of unauthorized transaction claims. GOVERNANCE EXPOSURE: Medium. The agreement's assignment of credential security responsibility to consumers is standard practice, but the CFPB has scrutinized bank practices around denial of unauthorized transaction claims, particularly where banks characterize transactions as authorized because the consumer's credentials were used. Overly broad denial of unauthorized transaction claims based solely on credential use has been a subject of CFPB supervisory focus. JURISDICTION FLAGS: California and other states with strong consumer protection frameworks may impose additional obligations on financial institutions when investigating unauthorized transaction claims. The interaction between contractual credential security provisions and EFTA's mandatory protections should be evaluated carefully for California, New York, and Illinois customers. CONTRACT AND VENDOR IMPLICATIONS: Business customers using online banking for commercial transactions should be aware that Regulation E's consumer protections may not fully apply to commercial accounts, and the contractual liability framework for unauthorized business account access may be more demanding. Commercial account holders should review UCC Article 4A and their specific account agreements for the applicable liability framework. COMPLIANCE CONSIDERATIONS: The bank's investigation and resolution procedures for unauthorized transaction claims should be audited to ensure compliance with Regulation E timelines and to confirm that claims are not systematically denied solely on the basis that a correct credential was used. Consumer-facing communications about the reporting deadline and the importance of prompt reporting should be reviewed for clarity and accuracy.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
If your login credentials are compromised and someone makes unauthorized transactions, your ability to recover those funds depends on how quickly you report the problem and whether you can demonstrate you did not share your credentials.
Consumers bear responsibility for safeguarding their own credentials, and delays in reporting unauthorized access can increase their financial liability for fraudulent transactions under the agreement and EFTA's statutory framework.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Bank of America.