Worst Practices: Bank of America Online Banking

[NOTE: Since posting this and emailing the customer support unit, some of these concerns have actually been addressed. Kudos to Bank of America for listening to their customers and actively developing their online banking system.]

As part of my move from Brooklyn to the remote State of Jefferson region of Northern California -- see the video below -- I've had to change banks. I've been a nonplussed Citibank customer since they got me when I moved to New York City for college, but there are no branches in my area. Since Chapter Three banks with Bank of America -- after Washington Mutual let us down, I might add -- it seemed it would probably be advantageous to do the same myself.

Over the past month, I've been incredibly frustrated with their online banking system, especially as an individual who designs and builds web applications for a living. It exhibits numerous worst practices, and although I'm sure they're dealing with a lot of complexity, legacy issues, and other concerns, I find it hard to believe that a Fortune 500 company with over $200B in market capitalization which is heavily marketing their online banking service would provide such a lackluster tool.

Here are some specific examples that have been driving me batty:

The Messaging System
There's a sort of in-site messaging system which allows you to communicate with customer service. It's a good thing to let your customers communicate with you, but Bank of America's system is very poorly implemented.

Essentially, when I receive a communication from the customer service staff, I get an email that tells me there's a message waiting. It doesn't contain the message which is annoying, but could be a security measure. However, it also doesn't contain a link to a login form which redirects to the message. Essentially, the message is just a note that something has happened, and encourages me to log in to the system.

Then, if I do that, there's no notification when I log in that there's a new message. There's a small "mail" link in the header, easily missed in B of A's cluttered interface, and not in anyway highlighted when there are unread messages. The same link is also buried "read messages from customer support" link in the customer service section, where I was going to find it before I realized it was in the header as well.

This is not how you communicate with your customers. Indeed the cynic in me thinks this may not be accidental -- less communication means less customer support costs -- but in any event it's something to learn from if communication is something you're after:

  • If you're sending email alerts, put the message in the email if possible.
  • If users need to log-in to read the message or reply, supply a direct link in the email alert.
  • Notify when they log-in if there are unread messages. They may not have even seen your email alert.

Input Munging
Any online banking system is going to require you to input a lot of account info, and a well-designed system will help the user out when dealing, for instances, with spaces and dashes in account numbers. Their system utterly fails to do this.

When trying to set up an automatic payment from my Bank of America checking account to a Bank of America-owned credit card, entering my 16-digit account number (which I shouldn't have had to do in the first place, more on that later) as XXXXXXXXXXXXXXXX doesn't work, and the error message doesn't alert me to a possible formatting problem, just to check my paper statement. I'm wondering if maybe there's a second number (other than the one on my card) that I'm not aware of.

But no, a little trial and error shows that the system requires the account number to be entered as XXXX XXXX XXXX XXXX, the reverse of what most online merchants ask for when you're paying for something.

The point here is that it's a fantastically simple operation to analyze the input string and normalize the data before trying to match it against whatever system they use to set up the payment. Whether a user enters the system as 16 straight digits or with spaces or dashes, the app should be able to figure out what's going on.

Account Integration
Bank of America's online banking system is full of crossed wires, likely a result of poorly managed systems integration efforts as they've acquired new accounts. Integrating legacy systems is one of the most difficult things to do, but it's still no excuse for doing it poorly. Here are a few examples:

  • Clicking on one of my accounts on the overview page sometimes brings me to the details screen for a different account.
  • An auto-payment created under a previous system is still functioning, but not listed anywhere in the new system.
  • Creating a new payment from one account within the system to another requires re-entry of all account information when it should be a 1-click exercise.

The first point is just sloppy. Clicking on one account and landing on another is probably some kind of keying error at the interface level. It doesn't happen every time, but more often than not. This is the sort of thing that should have been fixed right away in a QA or beta-testing cycle.

The lack of successful integration on the payment system is both a major flaw and an example of how not to manage a systems migration. One of the worst things you can do in these situations is have critical activity going on that is hidden from the user. In my case, I have an autopayment that seems to be out of my control, which could lead to an overdraft on my old checking account.

This also illustrates one of the cardinal rules of integration: if it's not broke don't fix it, and if you're not improving things don't kill the old system. The previous system I used to create my autopayments was easy to understand and well designed. The new system is clumsy, requires re-entry of account information (another sloppy oversight), and glaringly doesn't show previous autopayments which are still firing.

Since the old system is offline, I'm stuck communicating with customer service through a sub-par messaging interface (my first point) to try and work things out and prevent a future overdraft.


To be fair, there are a few nice features in Bank of America's system. They have an innovative anti-phishing system which displays a custom photo and tagline when you log-in. This doesn't mean much to me as I'm savvy enough to spot phishing attacks, but for the average user it's a nice touch.

The breadth of the billpay system is also ambitious. There are many many options here, and if the interface were better I might use it for all my bills. However, until the system improves, I'll stick with using my debit card or checking account+routing number directly with the folks to whom I own money.

Unwittingly, I've given B of A a monopoly over my financials: they recently bought out MBNA -- celebrated with a rocking executive jam session -- issuer of my Linux Fund credit card, so I'm stuck with it and have to learn to use their tool. Hopefully my pain can be your gain!