Whenever online banking users make changes to their account preferences, you should confirm with an email. It not only shows you are paying attention, but also provides customers the peace of mind that they accomplished the intended task.

Today we changed one of our account alerts at Bank of America <bankamerica.com>. Within a few minutes, we received this attractive email (see inset). However, you can tell that this particular message was crafted in the pre-phishing days, as evidenced by the old 2004 copyright date (lower left corner), the old 2000-2004 Olympic sponsor logo in the lower right, and hyperlinks back to the log-in page.

Action Items

1. For better authenticity, include a personalized greeting, shared secret, or truncated account info in your message.
2. Do not include hyperlinks back to the bank on routine, non-personalized messages.
3. Update all messages at least annually so they don’t carry outdated corporate branding and/or copyright dates.

—JB