Back to Blog

Self-Service: Bank of America’s MyFraudProtection Allows Online Review of Suspicious Card Transactions

By Jim Bruene Posted on
Categories: Bank of America, Credit/Debit Cards, Security & Privacy

imageThe reason bank call centers still field millions of calls from online banking customers is that most account problems cannot be solved online. It’s not that banks don’t have the technology or the business case, it’s just a priorities challenge. Effective self-service modules are time consuming to build, test and integrate, while employee and customer education pose an even bigger hurdle.

But slowly, as more and more consumers look to resolve issues with a mouse click or finger flick, financial institutions will add self-service troubleshooting wizards to online/mobile banking.

The latest example comes from Bank of America.

I’ve been a BofA cardholder for the better part of two decades, and every year spend an hour or so verifying flagged transactions via phone with bank-fraud reps. It’s an annoying, but necessary, part of making 50 to 100 charges every month for home and business. 

But my most recent experience was very different. When I went online to pay the bill, not realizing (but suspicious) that my card had been cut off, I was greeted with the following message underneath the card balance on the main Account Overview page (see screenshot 1):

Online access is not available for this account. Please go to
www.myfraudprotection.com and verify recent transactions. Or you may call
1-800-427-2449 for additional information.

_____________________________________________________________

How it works
______________________________________________________________________

Step 1: Following the link, I ended up at an entirely new site, running outside online banking where I was required to re-enter my account number (screen 2), last 4 of SSN, Zip, and phone number (see screen 3).

Step 2: I was then required to answer random questions pulled from the credit bureau to authenticate myself (screen 4).

Step 3: Finally, I was able to review and approve the transactions in question (screen 5). I was then thanked and told I could use my card again (screen 6).

However, after all this, I was still not able to pay my account online and had to call after all. The rep told me that it takes between two and 24 hours for online banking access to become available (note 1).

______________________________________________________________

Analysis
_______________________________________________________________________

All-in-all, I liked the system. However, it needs to be more integrated into online banking (see note 2). Given all the extra work required to authenticate myself, it would have been faster just to call the 800-number. If I were a normal customer, that’s what I’d do next time. I hate the stress of going through the authentication process: With everything on autopay, who can remember their exact payment amounts anymore?  

And worse, there is a security disconnect here. I log in to my credit card account only to be told it’s unavailable and that I should log in to some site I’ve never heard of (that doesn’t even have a Bank of America URL, note 3) and turn over personal info. It looks more like a crude phishing ploy than something from a major bank. And as far as I can recall, there was no customer education on this process.  

So, I applaud Bank of America for making transaction verification self-service. But there’s still much work to be done before it replaces the phone process. 

1. Main Bank of America Account Overview screen (14 Jan. 2011)

Main Bank of America Account Overview screen (14 Jan 2011)

 2. First screen at MyFraudProtection.com (link, note 2)Bank of America MyFraudProtection.com

3. Step 2 of 3 of authentication process

Step 2 at MyFraudProtection.com

4. Step 3 of 3 of authentication processimage

5. Transaction reviewimage

6. Confirmation message (and survey invitation)image

———————————-

Notes:
1. This was the weekend that BofA was having website trouble, so it may not always be delayed.
2. I realize the bank is using the fraud-protection site as a standalone system so it can direct any cardholder to it without first needing to log in to online banking, hence the authentication requirement. But for logged-in bofa.com users, it seems unnecessary. Although it does provide an extra measure of security, in case the cardholders’ online access had been breeched by the person attempting to use the card, that extra security comes at too high of a usability cost, in my opinion. 
3. The www.fraudprotection.com URL does redirect to myfraudprotection.bankofamerica.com, which helps.

Views: 778

Share this:

Send Post Twitter LinkedIn Facebook