Bank of America Online and Mobile Security Solutions Settlement Agreement

Bank of America Logo

Bank of America has long been a leader in recognizing the importance of digital accessibility for its customers who are blind and visually impaired. Posted here is the Bank’s most recent settlement agreement with the blind community, addressing the accessibility of security features on the bank website and mobile iOS applications. Bank of America worked on this initiative in Structured Negotiations with the Bay State Council of the Blind and bank customers Carl Richardson of Massachusetts and Shen Kuan of California. They were represented by the Law Office of Lainey Feingold and Linda Dardarian, of the Oakland, California civil rights firm Goldstein, Borgen, Dardarian & Ho.


SETTLEMENT AGREEMENT

This Settlement Agreement (”Agreement”) is entered into by and between the following parties: Bay State Council of the Blind (”BSCB”), Shen Kuan, and Carl Richardson (collectively “Claimants”) and Bank of America, N.A. (”Bank of America”) for the purposes and on the terms specified herein and operates in conjunction with the Confidential Addendum to this Agreement.

RECITALS

This Agreement is based on the following facts:

A.
BSCB is a non-profit corporation that provides advocacy services in Massachusetts on behalf of individuals who are blind or visually impaired, is dedicated to promoting the full integration of persons who are blind or have visual impairments into all aspects of society, and provides information to the general public about the accomplishments, needs and contributions of persons who are blind or visually impaired. Among BSCB’s board, staff and members, and those on whose behalf they advocate and provide services, are many individuals with visual disabilities who are customers of Bank of America and use www.bankofamerica.com to conduct their banking online. BSCB is incorporated and has its place of business in the Commonwealth of Massachusetts.
B.
Shen Kuan and Carl Richardson are individuals who are visually impaired, who currently have one or more bank and/or credit card accounts with Bank of America, and who use www.bankofamerica.com to conduct online banking and other financial transactions. Kuan and Richardson are individuals with a disability within the meaning of Section 3(2) of the Americans with Disabilities Act of 1990, 42 U.S.C. §§ 12101, 12102(2) (”ADA”), the Title III regulations implementing the ADA contained in 28 C.F.R. §§ 36.101, et seq. (”ADA Regulations”), and the laws of California and Massachusetts.
C.
Bank of America is a national bank engaged in various financial services activities, including, but not limited to consumer deposit and lending operations.
D.
Bank of America has been, and continues to be, an industry leader in providing accessible services to Persons with Visual Impairments. Bank of America was an early provider of Talking ATMs and the first financial institution in the United States (in 2000) to sign an agreement to make its website accessible to Persons with Visual Impairments.
E.
Although most aspects of www.bankofamerica.com are accessible to and usable by Persons with Visual Impairments, a dispute has arisen between Claimants and Bank of America concerning the accessibility to Persons with Visual Impairments of Bank of America Security Solutions available to Bank of America customers on the Bank of America Website and through Bank of America Applications for Mobile Devices (”Security Solution Dispute” or “the Dispute”).
F.
On or about June 7, 2011, Claimants notified Bank of America about the Dispute and offered to engage in Structured Negotiations, in lieu of litigation, to resolve the Dispute. Bank of America agreed to participate in Structured Negotiations and the Parties have engaged in good faith negotiations and shared relevant information regarding the Dispute. The Parties now enter into this Agreement in order to resolve the Dispute and to avoid the burden, expense, and risk of potential litigation. By entering into this Agreement, Bank of America does not admit, and specifically denies, that it is subject to or has violated or failed to comply with any provisions of the ADA, any applicable laws of any state relating to accessibility for persons with disabilities, any regulations or guidelines promulgated pursuant to those statutes, or any other applicable laws, regulations, or legal requirements. Neither this Agreement, nor any of its terms or provisions, nor any of the negotiations connected with it, shall be construed as an admission or concession by Bank of America of any such violation or failure to comply with any applicable law, or that the ADA or any other state law relating to accessibility applies to Bank of America. This Agreement and its terms and provisions, including all Exhibits, shall not be offered or received as evidence for any purpose whatsoever against Bank of America in any action or proceeding, other than a proceeding to enforce the terms of this Agreement and the Confidential Addendum executed herewith.

NOW, THEREFORE, the parties hereby agree to the following provisions:

1. Definitions.

As used in this Agreement, the following terms shall be as defined below:

1.1
Accessible Banking Pages means the pages on Bank of America’s Website that describe the accessible services Bank of America makes available to Persons with Visual Impairments.
1.2
Bank of America Online Security Solutions means a suite of software applications and services that Bank of America offers its online banking customers to increase online security and protect against fraud and identify theft. As of the Effective Date, Bank of America Security Solutions are available through https://www.bankofamerica.com/privacy/overview.go
1.3
Bank of America Mobile Security Solutions means services that Bank of America offers its mobile banking customers through its downloadable application for mobile devices to increase online security and protect against fraud and identify theft. As of the Effective Date, information about security solutions available on Bank of America’s Mobile Applications for Mobile Devices may be found athttps://www.bankofamerica.com/privacy/online-mobile-banking-privacy/mobile-banking-security.go.
1.4
Bank of America Applications for Mobile Devices means downloadable software owned and operated by Bank of America that allows Bank of America customers and others to perform certain banking functions and obtain certain banking information from mobile devices. As of the Effective Date, information about Bank of America Applications for Mobile Devices is available at http://bit.ly/xhnjh7. Except as set forth in Section 8 below, for the purposes of this Agreement, Bank of America Applications for Mobile devices shall be limited to include only the downloadable mobile banking applications developed by the Bank specifically for iPhone and iPad devices. As of the effective date information about the Bank of America Applications for iPhone and iPad devices can be found at https://www.bankofamerica.com/online-banking/iphone-banking-app.go and https://www.bankofamerica.com/online-banking/ipad-banking-app.go
1.5
Bank of America Web Site or www.bankofamerica.com means the website owned and operated by Bank of America and all the pages of that website available to the public or to Bank of America customers.
1.6
Claimants’ Counsel means Goldstein, Demchak, Baller, Borgen & Dardarian and Law Office of Lainey Feingold, and the attorneys practicing law therein.
1.7
Effective Date means August 1, 2012.
1.8
McAfee Internet Security Product means an online security product developed and owned by McAfee and offered on www.bankofamerica.com to Bank of America’s online customers at a discount. More information about McAfee Internet Security is available at http://bit.ly/xkbOF8 or its successor link.
1.9
New Bank of America Security Solution(s) means any material addition to or new functionality added to, Bank of America Online and Mobile Security Solutions offered on the Bank of America Website or for use on Bank of America Applications for Mobile Devices for the first time after the Effective Date.
1.10
Person or Persons with Visual Impairments means any person who has a physical or mental impairment that substantially limits him or her in the major life activity of seeing.
1.11
Rapport from Trusteer, or Rapport means the security application developed and owned by Trusteer that provides online protection against malware attacks and is offered on www.bankofamerica.com to Bank of America Website customers. More information about Rapport is available at: https://www.bankofamerica.com/privacy/online-mobile-banking-privacy/trusteer-rapport.go or its successor link.
1.12
Reasonable Efforts means, with respect to a given obligation, the efforts that a reasonable entity in Bank of America’s position would use to perform that obligation. In no event shall an obligation to use Reasonable Efforts under this Agreement require Bank of America to: (a) take any actions that would cause Bank of America to incur an Undue Burden as defined in 28 C.F.R. 36.104, or (b) fundamentally alter the nature of the good, service, facility, privilege, advantage, or accommodation being offered by Bank of America.
1.13
SafePass® is a service that Bank of America offers its online banking customers and mobile banking customers to enhance online banking security and protect against fraud and identify theft. The service provides customers with a 6-digit, one-time passcode sent as a text message to a mobile phone or generated from a wallet-sized card. Information about SafePass® is available at: http://bit.ly/Jep4 or its successor link.
1.14
ShopSafe® is a free credit card fraud protection service that Bank of America offers its online banking customers that provides an added layer of security for online shopping. The service allows online shoppers to create a temporary card number each time they make an online purchase. Information about ShopSafe® is available at https://www.bankofamerica.com/privacy/accounts-cards/shopsafe.go or its successor link.
1.15
SiteKey® is an additional layer of identity verification for signing into Online Banking that Bank of America offers its online banking customers and mobile banking customers free of charge. More information about SiteKey® is available at http://bit.ly/3Uzd6r or its successor link.
1.16
WCAG 2.0 means the Web Content Accessibility Guidelines 2.0 promulgated by the Web Accessibility Initiative (”WAI”) of the World Wide Web Consortium (”W3C”).

2. Duration of Agreement.

The terms of this Agreement shall remain in effect for two (2) years from the Effective Date.

3. Accessibility of Bank of America Security Solutions Available As of the Effective Date.

3.1 Rapport by Trusteer:
3.1.1 During the Structured Negotiations leading up to execution of this Agreement, Bank of America worked with Claimants and Trusteer, owner of the Rapport security application, to ensure that the Rapport security application substantially satisfied Level AA Success Criteria set forth in WCAG 2.0.
3.1.2 For the term of this Agreement, if Bank of America continues to offer the Rapport security application to its customers through the Bank of America Website, Bank of America will: (i) obtain a written commitment from Trusteer that Rapport substantially satisfies the Access Standard (Web Content Accessibility Guidelines 2.0, Level AA); (ii) test the Rapport security application once a year to determine if it meets the Access Standards; (iii) notify Trusteer in writing of any failure to substantially satisfy the Access Standard revealed by its testing and request that non-compliance be remediated within 120 days; (iv) notify Claimants of Trusteer’s response to the notice; and (v) obtain a written commitment from Trusteer that any releases of the Rapport security application after the Effective Date that Trusteer provides to Bank of America will not cause the following screenreader or magnification software to be disabled from reading web pages by the user’s download of the Rapport security application: JAWS (by Freedom Scientific); ZoomText (by AISquared); VoiceOver (by Apple, Inc.); Window-Eyes (by GW Micro); MaGIC (by Freedom Scientific); NVDA (open source); System Access (by SeroTek); Supernova (by Dolphin Systems); and Zoom (by Apple Inc.). If Bank of America learns that any future release of Rapport by Trusteer offered to Bank of America customers interferes with a screenreader or magnification software not listed here, it will notify Trusteer in writing, request a response within thirty days, and share this communication with Claimants.
3.1.3 Bank of America shall have no obligations, other than those expressly set forth in Section 3.1.2, with respect to Trusteer and its Rapport application. As of, November 30, 2012, the Bank of America web page that describes and recommends that customers install the Rapport product will contain a statement that Rapport is a product offered by Trusteer and that Trusteer is responsible for the accessibility of its products. Contact information to notify both Bank of America and Trusteer about accessibility issues will be included in the Statement. As of Effective Date, this page is found at http://bit.ly/ek5uP3.
3.2 ShopSafe®.
Bank of America will make Reasonable Efforts to ensure that the ShopSafe service substantially complies with Level AA Success Criteria set forth in WCAG 2.0 no later than September 30, 2012.
3.3 SafePass®.
Bank of America will make Reasonable Efforts to ensure that the SafePass service substantially satisfies Level AA Success Criteria set forth in WCAG 2.0 no later than March 1, 2013 on the Bank of America Website. Bank of America will make Reasonable Efforts to ensure that the SafePass service substantially satisfies Level AA Success Criteria set forth in WCAG 2.0 as of March 31, 2013 in the Bank of America Application for Mobile Devices.
3.4 SiteKey.
As of the Effective Date, the SiteKey authentication service substantially satisfies Level AA Success Criteria set forth in WCAG 2.0 on the Bank of America Website. Throughout the Term of the Agreement, Bank of America will make Reasonable Efforts to continue to ensure that SiteKey substantially satisfies WCAG 2.0 Level AA Success Criteria. Bank of America will make Reasonable Efforts to ensure that the SiteKey authentication service satisfies Level AA Success Criteria set forth in WCAG 2.0 in the Bank of America Application for Mobile Devices as of March 31, 2013.
3.5 McAfee Internet Security.
Nothing in this Agreement requires Bank of America to ensure that McAfee Internet Security satisfies Level A and AA Success Criteria set forth in WCAG 2.0. As of November 30, 2012, the page on the Bank of America Web Site that describes and recommends that customers purchase or install McAfee Internet Security will contain a statement that McAfee Internet Security is a product offered by McAfee, Inc. and that McAfee, Inc. is responsible for the accessibility of its products. Contact information to notify both Bank of America and McAfee about accessibility issues will be included in the Statement. As of Effective Date, this page can be found at http://bit.ly/xkbOF8.
3.6 Pages Displaying Bank of America Security Solutions.
Bank of America will make Reasonable Efforts to ensure that all pages on the Bank of America Website that contain information or tutorials about use of any portion of the Bank of America Security Solutions will substantially satisfy Level AA Success Criteria set forth in WCAG 2.0 as of October 31, 2012. Bank of America will also make Reasonable Efforts to ensure that information in the Bank of America Application for Mobile Devices about use of the Bank of America Mobile Security Solutions will substantially satisfy Level AA Success Criteria set forth in WCAG 2.0 as of March 31, 2013.

4. New Bank of America Security Solutions Available for the First Time After Effective Date.

4.1
Bank of America will use Reasonable Efforts to ensure that any New Bank of America Security Solutions substantially satisfy Level A and AA Success Criteria set forth in WCAG 2.0.
4.2 Pages Displaying New Bank of America Security Solutions.
All pages on the Bank of America Website that provide instructions or tutorials about any New Bank of America Security Solution will substantially satisfy Level A and AA Success Criteria set forth in WCAG 2.0 as of the date the New Bank of America Security Solution is made available to the general public or to Bank of America customers on the Bank of America Website.

5. Mutually Agreed on Accessibility Consultant.

If Bank of America makes New Bank of America Security Solutions available during the term of this Agreement, Bank of America will contract with a mutually agreed upon consultant (hereafter “Consultant”) to assist Bank of America in meeting the obligations described in Section 5.1 of this Agreement.
5.1 Testing of New Bank of America Security Solutions and Consultant Report.
If Bank of America offers a New Bank of America Security Solution during the Term of this Agreement, Bank of America will arrange for the Consultant to conduct reasonable usability and accessibility testing with Persons with Visual Impairments of (i) any New Bank of America Security Solution; (ii) the page(s) on the Bank of America Website or Application for Mobile Device on which the New Bank of America Security Solution will be offered and displayed; and (iii) any tutorials for any New Bank of America Security Solution offered on the Bank of America Website or Application for Mobile Device. Bank of America’s contract with such Consultant will require the Consultant to prepare a report based on the testing that will include, if needed, recommendations for increasing the accessibility and usability for Persons with Visual Impairments of any page or service tested. Bank of America will share that report with Claimants.
5.2
At Claimants’ reasonable request the Parties will meet by telephone to discuss the report. Any disagreement over the Bank’s response will be handled as a dispute pursuant to the Dispute Resolution Section of this Agreement.

6. Accessibility Information on the Bank of America Website.

No later than July 31, 2012 Bank of America will update its Accessible Banking pages to reflect that accessibility efforts are based on the Web Accessibility Initiative (WAI) of the World Wide Web Consortium (W3C). As of the Effective Date, the url for the page to be updated under this Section is http://bit.ly/NoLASE.

7. Training.

No later than November 30, 2012, Bank of America will update its training materials for appropriate Bank of America customer service telephone staff to enable persons being trained to assist Persons with Visual Impairments who use the Bank of America Website or the Bank of America Applications for Mobile Devices regarding Bank of America Security Solutions. Such training will include information about the initiative to improve accessibility of Bank of America Security Solutions, appropriate channels within the Bank to provide feedback regarding the accessibility of Bank of America Security Solutions, and the types of assistive technology used by blind and visually impaired web and mobile app users. Bank of America will provide Claimants with a copy of the training materials prior to their being finalized. Claimants will provide their feedback on the training materials within ten (10) days of receipt, and Bank of America will give good faith consideration to the feedback provided by Claimants.

8. Meetings Regarding Accessibility of the Bank of America Web Site and Bank of America Mobile Applications.

8.1
At the Claimants’ request, the Parties shall meet by telephone at least twice per calendar year during the Term of this Agreement to discuss any issues regarding the accessibility of Bank of America Security Solutions or any other aspect of the Bank of America Website or Applications for Mobile Devices to Persons with Visual Impairments.
8.2
Upon reasonable request by Claimants, the Parties will discuss Bank of America’s plans for the accessibility of applications for mobile devices developed by the Bank for mobile devices other than the iPhone and iPad.

9. Procedures in the Event of Disputes.

9.1 Notice of Non-Compliance.
If at any time during the Term of this Agreement a party has a good faith, reasonable belief that the other party has not materially complied with any provision of this Agreement, that party shall provide the other party with notice of non-compliance containing the following information:
9.1.1 the alleged act of non-compliance;
9.1.2 a reference to the specific provision(s) of the Agreement that are involved;
9.1.3 a statement of the remedial action sought by the initiating party;
9.1.4 a brief statement of the specific facts, circumstances and legal argument supporting the position of the initiating party.
9.2 Meet and Confer.
Within thirty (30) days of receipt of such notice provided pursuant to section 9.1, Claimants and Bank of America shall informally meet and confer and attempt to resolve the issues raised in the Notice.
9.3 Submission to Binding Arbitration.
If the matters raised in a Notice provided pursuant to section 9.1 are not resolved within thirty (30) days of the initial meet and confer required by section 9.2, either party may submit the unresolved matters to binding arbitration as set forth herein.
9.3.1 Arbitration shall be conducted in accordance with the JAMS Comprehensive Arbitration Rules and Procedures and the Expedited Procedures referenced therein (collectively the “JAMS Rules”). The Parties shall, acting reasonably and in good faith, mutually agree upon an arbitrator. Any arbitration awards, rulings and opinions shall be deemed confidential and shall not be shared with any third parties unless otherwise agreed by the Parties hereto or unless otherwise required by law.
9.3.2 Law Governing Interpretation and Application of Agreement. The terms of this Agreement, and the provisions thereof, shall be interpreted and applied pursuant to the ADA, or where the ADA does not provide guidance, pursuant to the laws of the State of California.

10. Notice or Communication to Parties.

Any notice or communication required or permitted to be given to the parties hereunder shall be given in writing by email and United States mail, addressed as follows:

To Claimants:

Linda M. Dardarian
c/o Goldstein, Demchak, Baller, Borgen & Dardarian
300 Lakeside Drive, Suite 1000
Oakland, CA 94612
[email address omitted]

Lainey Feingold
Law Office of Lainey Feingold
1524 Scenic Avenue
Berkeley, CA 94708
[email address omitted]

To Bank of America:
Bank of America, N.A.
1 Bank of America
Center
150 N. College Street
Charlotte, NC 28202
Attn: Kirk Lindsey or eCommerce Executive

With a copy to (that shall not be deemed Notice):
Jim Rau
Associate General Counsel
Bank of America N.A.
1100 N. King Street
Wilmington, DE 19884

11. Publicity Regarding This Agreement and Its Terms.

The Parties will negotiate a joint press release to be issued as soon as practicable upon execution of the Agreement. If the Parties cannot agree on a joint press release, either party may send their own press release, provided that (i) the content is consistent with this Agreement; and (ii) a copy of the release is provided to all Parties and their counsel at least twenty-four (24) hours before it is sent to the press. All public statements made about this Agreement shall be consistent with the terms of this Agreement and shall reflect the collaborative method in which the Parties resolved the Dispute. Nothing in any such release shall indicate that Bank of America or its affiliates is in violation of, or admitted to a violation of, the ADA or any other law or regulation.

12. Modification in Writing.

No modification of this Agreement by the Parties shall be effective unless it is in writing and signed by authorized representatives of all the parties hereto.

13. Agreement Binding on Assigns and Successors; No Third Party Beneficiaries.

13.1 Assigns and Successors.
This Agreement shall bind any assigns and successors of Bank of America or Claimants. Bank of America shall use Reasonable Efforts to notify Claimants’ Counsel in writing within thirty (30) days of the existence, name, address and telephone number of any assigns or successors of Bank of America.
13.2 No Third Party Beneficiaries.
The Settlement Agreement is for the benefit of the Parties hereto only and no other person or entity shall be entitled to rely hereon, receive any benefit herefrom, or enforce against either party any provision hereof. The Parties specifically intend that there be no third party beneficiaries to this Agreement, including, without limitation, the members of the Bay State Council of the Blind.

14. Force Majeure.

The performance of Bank of America under this Agreement shall be excused during the period and to the extent that such performance is rendered impossible, impracticable or unduly burdensome due to acts of God, strikes or lockouts, unavailability of parts, equipment or materials through normal supply sources. If Bank of America seeks to invoke this Section, it shall notify Counsel in writing as soon as reasonably possible, specifying the particular action that could not be performed and the specific reason for the non-performance. Counsel and Bank of America will thereafter meet and confer regarding an alternative schedule for completion of the action that could not be performed, or an alternative action. Any dispute regarding the applicability of this Section, or any future action to be taken, that remains after the meet and confer session will be handled as a dispute pursuant to Section 9 of this Agreement.

15. Integrated Agreement.

This Agreement and the Confidential Addendum executed concurrently herewith constitute the entire Agreement relating to the subject matters addressed therein.

16. Rules of Construction.

Each party and their legal counsel have reviewed and participated in the drafting of this Agreement; and any rule of construction to the effect that ambiguities are construed against the drafting party shall not apply in the interpretation or construction of this Agreement. Section titles used herein are intended for reference purposes only and are not to be construed as part of the Agreement. The Recitals are integral to the construction and interpretation of this Agreement and are therefore incorporated into this Agreement in their entirety.

17. Multiple Originals/Execution in Counterparts.

All Parties and Claimants’ Counsel shall sign three (3) copies of this document and each such copy shall be considered an original. This document may be executed in counterparts and facsimile signatures shall be accepted as original.

SO AGREED:

PARTIES:

  • Bank of America
    By: Kirk Lindsey
  • BAY STATE COUNCIL OF THE BLIND
    By: Marcia Dresser, President
  • CARL RICHARDSON
    By: Carl Richardson
  • SHEN KUAN
    By: Shen Kuan

APPROVED AS TO FORM:

  • GOLDSTEIN, DEMCHAK, BALLER, BORGEN & DARDARIAN
    By: Linda M. Dardarian, Esq.
  • LAW OFFICE OF LAINEY FEINGOLD
    By: Lainey Feingold, Esq.