My Bank of America story

Years as a customer. Relentless fees. Password resets multiple times per week. And rewards that, in my experience, did not credit to my account. Here is what happened, in my words, and where I am moving.

By Pablo Diaz · Founder, Blossend Inc · Updated 2026-05-05

Why I am publishing this

I am a small business owner. Like a lot of founders, I picked Bank of America years ago for the simple reason that it is the bank everyone has heard of. For a while it worked well enough that I did not think about it. Over time the friction added up. After enough back-and- forth, I decided to put my account of the experience in writing publicly. I am doing this for two reasons. First, because I believe public discussion of what consumers actually experience with the largest U.S. banks is in everyone’s interest — that is the same reason the CFPB Consumer Complaint Database exists. Second, because if you are reading this and your own experience has been similar, you should know you are not the only one and there are real alternatives.

I am keeping personal identifiers — account numbers, support- ticket IDs, screenshots, internal correspondence — off this page on purpose. I want this piece to be about pattern, not about evidence exchange. The pattern I describe lines up, in my view, with what a lot of the public regulatory record already says about Bank of America’s consumer practices. I include those sources further down so you can read the regulators’ words directly.

The fees

The first thing that wore me down was the fees. In my experience, they were relentless. From my perspective, the bank found every possible excuse to chip away at the balance — the kind of fees that, on any individual line, do not feel worth a phone call, but cumulatively are how a small business loses real money. Maintenance fees waived only on conditions I had to actively manage. Wire fees on the higher end of the market. Card fees on combinations I did not expect. ATM-network fees in places where the partner network had thinned out.

The customer-service interactions I had around fees offered, in my view, zero real solutions. I was told the fees were standard. I was offered a one-time waiver here and there. I was not offered a structural change that would have fixed the underlying pattern. After enough of those calls, I came to feel that the fee schedule was the product, and that customer service was there mostly to absorb the friction without changing anything.

I want to flag that this is not a unique observation. The CFPB and the Office of the Comptroller of the Currency (OCC) have, in 2023, ordered Bank of America to pay roughly $250 million in penalties and restitution, with double-charged overdraft fees cited as one of the practices behind the order. I am not asserting that my own fee experience is the same as the CFPB’s findings; I am saying that what I observed, in my opinion, fits a public pattern that regulators have already documented in writing.

The security theater

The second thing was the password resets. I have been forced — in my own account experience — to change my password multiple times per week. On some weeks the prompt returned several times in the same week. I was not given a clear explanation, and I could not identify any real security incident on my end that would account for that frequency. Devices were not new. My location was not changing wildly. My credentials were not, to the best of my knowledge, exposed.

What it meant for me, day to day: access disruption, hours wasted, and the sense that the bank was passing the cost of its own risk-tolerance calibration onto me. Real security looks like device-binding, hardware-key 2FA, anomaly detection that does its work in the background, and password rotation only when there is cause. What I experienced felt, to me, like the opposite — the friction surfaced to the customer, the underlying signal not explained, and no audit trail I could point to that justified the cadence.

The fintech alternatives I am moving toward — Mercury, RHO, and others — handle this differently. Device-binding, hardware-key 2FA, and session management without forced manual rotation are the default. I cannot speak to every customer’s experience at every bank, but I can describe what is no longer working for me and what the alternatives I tested do instead.

The rewards program — where I went from frustrated to suspicious

This is the part that moved my experience from frustration to something more serious. In my experience, rewards I earned simply did not appear in my account in the way I expected.

What I tried, in order:

1. I set up auto-redeem. The program’s settings told me redemptions would be applied automatically once I crossed the threshold.
2. On top of that, I manually requested redemptions on multiple occasions. I did this because the auto-redeem path was not, from my perspective, depositing into my account.
3. I contacted support. I followed every step the representatives walked me through. I confirmed my account, my redemption history, and the destination.
4. I followed up when nothing landed. I escalated where I could. I waited the windows I was told to wait.

What I observed: nothing deposited in the way I expected. No explanation I could verify. No corrective deposit that closed the gap. From my perspective, the rewards path felt one-way: earnings accumulated, redemption requests went in, and the corresponding deposit on my side was not there.

Here is how I personally describe it as honestly as I can frame it: when a bank, in a customer’s experience, charges fees AND fails to deliver rewards that customer believes they earned AND, when asked, cannot provide an explanation that customer can verify of where that money went, that customer at some point — in my opinion — stops calling it a glitch. I will call it what it looks like to me, and I will frame it as my own opinion-based interpretation of what I observed: money that left my account and did not come back. Bank of America may have a different account of these events; I have not been given one I could verify.

I want to flag, again, the public-record context here. In its 2023 order, the CFPB cited Bank of America for withholding credit-card rewards that customers had been promised, among other practices. I am not asserting that my own redemption experience and the CFPB’s findings are the same set of events. I am saying that the existence of a federal regulator’s 2023 finding on rewards- withholding at this specific institution is, in my view, relevant context for a customer reporting a similar-shaped experience.

My conclusion (framed as my opinion)

I am stating this as my opinion, framed as such. Any bank that, in a customer’s experience, cannot account for where that customer’s earned rewards have gone has — for me, personally — lost the right to hold that customer’s money. That is the principle I am applying to my own decision. You can apply your own.

I am actively moving my finances elsewhere. Below is the short list of alternatives I personally evaluated and where I am routing operating, treasury, and rewards-adjacent activity going forward.

What the public record shows

I started reading what regulators and consumer-affairs data actually say about Bank of America after my own experience. I am including the sources here so you can read them directly. I have kept the descriptions tight and let the documents speak.

• CFPB Consumer Complaint Database — Bank of America — Public, searchable database. Tens of thousands of consumer complaints filed against Bank of America covering account management, deposits, fees, and credit cards.
• CFPB enforcement (2023): $250M total — junk fees, withheld credit-card rewards, fake accounts — CFPB and the OCC ordered Bank of America to pay $250M total ($150M CFPB civil penalty + $60M OCC + ~$80M+ restitution) for double-charging overdraft fees, withholding credit card rewards customers had been promised, and opening accounts customers did not authorize. This is publicly documented and dated.
• CFPB enforcement (2022): $225M — botched unemployment-benefit handling — CFPB and OCC penalized Bank of America $225M over handling of state unemployment benefits during the pandemic, including frozen accounts and a faulty fraud-detection system that left people without access to funds they were owed.
• DOJ RMBS settlement (2014): $16.65 billion — At the time, the largest civil settlement with a single entity in U.S. history, addressing residential mortgage-backed securities sold leading up to the 2008 financial crisis.
• Better Business Bureau — Bank of America profile — Public BBB profile listing customer reviews, complaint volume, and the bank’s responses.
• CFPB action (2014): $727M restitution — deceptive credit-card add-on practices — CFPB ordered Bank of America to pay roughly $727M in relief to consumers for illegal credit-card add-on practices, plus civil penalties.

I do not present any of these settlements or complaint counts as proof of anything specific to my own situation. I think they explain why my impression was not unique, and they are part of why I am comfortable sharing my opinion-framed account in public.

Side-by-side: BoA vs Mercury vs RHO vs Novo vs Relay

All numbers below come from each provider’s own public pricing page. Pricing changes — verify the latest at each provider’s site before you commit. The right-hand columns are framed as public-marketing facts, not endorsements.

A fuller, regularly-updated comparison of 50+ business banks lives at Noizz.io. Use that for current numbers, not the snapshot above.

Where I am moving (regulated fintech alternatives)

These are the software-driven, regulated business-banking alternatives I personally compared. None of these links are paid placements. The links go to each provider’s own public marketing page. Pricing changes; verify before committing.

• Mercury — best for tech and SaaS startups, agencies, e-commerce.
  No monthly fee on the standard plan. Free domestic wires and ACH on most plans. Strong API. FDIC coverage extended via partner-bank network. Treasury yield on idle balances.
• RHO — best for scaling startups and mid-market businesses.
  Treasury yield on operating balances, corporate cards with built-in spend controls, AP automation, and integrations with QuickBooks and NetSuite. No monthly platform fee.
• Novo — best for solo operators, freelancers, small LLCs.
  No monthly fee, simple onboarding, integrations with Stripe, Shopify, QuickBooks, Wise.
• Relay — best for owners running Profit First or multi-account cash workflows.
  Up to 20 checking accounts under one entity, two debit cards per account, accountant-friendly export.
• Bluevine — best for established small businesses needing yield and a line of credit.
  Interest on business checking, working-capital line of credit, no monthly fee on the standard plan.
• Brex — best for funded startups and venture-backed companies.
  Corporate card, business cash account, and expense management on one stack.
• Found — best for self-employed, contractors, gig workers.
  Built-in bookkeeping, automatic tax estimates, invoicing.

Crypto, web3, and decentralized rails (the more transparent alternatives)

Crypto and web3 are not a one-for-one replacement for an operating business checking account. They cover use cases where speed, transparency, programmability, or non-custodial ownership matter more than legacy bank wraparound. I include them deliberately: someone who is frustrated with a large bank should know what is on the menu, even if for most operating accounts the answer is still a regulated fintech.

A note on transparency: public blockchains are auditable in a way traditional bank ledgers are not. If a transaction settles on Ethereum, Bitcoin, or another public chain, anyone can verify it happened. That is the technical baseline behind why crypto is often described as “more transparent” than legacy banking. It is not a substitute for FDIC insurance, and the trade-offs are real, but the transparency claim is well-grounded.

• Coinbase Business / Coinbase Prime — On-ramp from USD to USDC and other digital assets, custodial accounts under U.S. regulatory oversight.
• Gemini (Business / Institutional) — NYDFS-regulated trust company, treasury services, USD/GUSD on-ramps.
• Kraken — Long-running U.S. crypto exchange with business onboarding and OTC desk.
• Strike — Bitcoin-native USD and Lightning Network rails for low-fee payments.
• Unchained — Bitcoin-native business accounts, collaborative custody, IRA and lending products.
• Self-custody (Casa, Ledger, hardware wallets) — Direct ownership of digital assets without intermediary risk — trade-off is responsibility for keys and security.
• USDC by Circle (regulated stablecoin) — Dollar-denominated digital cash that settles on public blockchains. Programmable. Public reserve attestations.
• Gnosis Safe (multisig treasury) — Open-source multisig — multiple signers required for transactions. Used by major DeFi treasuries and crypto-native companies.

If you are switching: my playbook

1. Document everything before you announce intent. Pull statements, screenshot rewards-balance history, save support-ticket emails. You may not need any of it. You will not regret having it.
2. Open the new account before closing the old one. Mercury and RHO can typically onboard a U.S. LLC or C-corp in a few business days. Get the new account funded with at least one month of operating cash before you start migrating.
3. Migrate inflows first. Stripe payouts, Shopify payouts, payroll deposits, customer ACH receivables. These are the riskiest to break — get them landing in the new account before you touch outflows.
4. Migrate outflows second. Vendor ACH, recurring credit-card autopay, software subscriptions, payroll outflow, tax payments. Take a screenshot of every recurring transaction on the BoA side and check them off as you switch each one over.
5. Keep the BoA account open for 60–90 days. Funded with a buffer. Watch for stragglers. Some recurring payments fail silently the first time the source has the wrong account on file.
6. File a CFPB complaint if you have unresolved issues. Free, public, and well-documented at consumerfinance.gov/complaint. CFPB complaints tend to get a documented response from the bank.
7. File a parallel complaint with your state regulator or attorney general. NY DFS, Texas Department of Banking, California DFPI, Arizona AG. Each accepts consumer banking complaints online.
8. Compare alternatives side-by-side first. Use Noizz business-banking comparison to put 50+ providers next to each other on fees, features, and use case. Plans change quickly; do not rely on what you read last quarter.
9. Close the BoA account in writing. Email or written letter — not a phone call alone. Keep the closure confirmation. Some customers report follow-on fees on accounts they thought were closed.
10. Tell your story if you are willing. The CFPB complaint database is public. So is the BBB. Public discussion is, in my view, how customer-side accountability scales.

Questions I keep getting (FAQ)

Are you saying Bank of America stole from you?

I am not stating that as a fact. I am stating that, in my experience, rewards I expected did not credit to my account, support could not give me an explanation I could verify, and I personally stopped calling it a glitch. I framed my interpretation as my opinion. Other customers may have a different experience. Bank of America has not given me a different account I could verify.

Why publish this instead of just leaving quietly?

Public discussion of what consumers experience with the largest U.S. banks is in everyone’s interest, in my view. The CFPB Consumer Complaint Database is public for the same reason. I would rather contribute one more documented account to that public record than say nothing.

Did you file a CFPB complaint?

I want to keep my own filings private at this stage. I encourage anyone with a similar experience to file directly at consumerfinance.gov/complaint. CFPB complaints are public record and tend to get a documented response.

Why not just call BoA support again?

I did, more than once. I followed every step the representatives walked me through. From my perspective, those interactions did not produce the outcome I was looking for, which is why I am at the point of moving the account.

What about the security theater? Isn’t that just protecting you?

I am all for real security. What I am describing is, in my experience, password-reset prompts that came back multiple times per week — sometimes several times in a single week — without any incident I could identify. To me that is friction, not security. Modern fintech banks have stricter device-binding and 2FA defaults and do not require constant manual password churn from a compliant user.

Is it safe to switch to a fintech bank?

Mercury, RHO, Novo, Relay, Bluevine, Brex, and Found all front regulated U.S. partner banks. Customer deposits sit at FDIC-insured institutions. Several of them extend FDIC coverage well above the standard $250k via sweep networks. As always, verify the current arrangement on the provider’s public pricing or trust page.

What about crypto and web3 alternatives?

Crypto is not a one-for-one replacement for an operating checking account, but it covers use cases where speed, transparency, programmability, or non-custodial ownership matter. USDC on regulated rails, Coinbase Prime, Gemini, and self-custody via hardware wallets are the most common starting points. None of these are FDIC-insured for the crypto portion.

How long should I keep my old account open while I switch?

60 to 90 days, in my view. Move recurring inflows first (Stripe, Shopify, payroll), then recurring outflows (vendor ACH, credit-card autopay). Keep enough of a buffer in the old account to absorb anything you missed.

Are you affiliated with Mercury, RHO, or any of the alternatives listed?

No. There are no paid placements on this page. The links are to each provider’s own public marketing or pricing page. Pricing changes — verify before you commit.

What if my experience with BoA has been fine?

Then this page is not for you. I am one customer, sharing one customer’s opinion-framed account. Other people have different experiences. The point of publishing is not to convince every BoA customer of anything; it is to put one more documented account into the record so people whose experience does line up with mine can recognize the pattern.