Online Banking Upgrade Contributed to Bank of America Outage

Print
Email
Reprints
Comment (1)
Twitter
LinkedIn
Facebook
Google+
Partner Insights

Bank of America Corp., whose website has been down sporadically since last Friday, says the problem stems from technical hiccups, not a hack attack.

David Owen, senior vice president and head of online and mobile banking for Bank of America, said the shut down arose from a convergence of three events.

The events include a spike in end of the month traffic related to payday transactions, government disbursements, and end of the quarter activity. That was coupled with the release of new code for its online banking site and the migration of a set of consumers from the older platform to a newer online banking system.

"It is nothing we haven't managed before, but these are peak times of business," Owen says.

Owen says that Bank of America's track record for systems availability and customer fulfillment is over 99.99 percent.

Industry experts disagreed sharply.

"Bank of America is becoming too big to fail and too big to manage," says Avivah Litan, vice president and distinguished analyst for Gartner Inc.

The nearly weeklong failure points to far larger problems for the bank, which include managing a large and disparate IT team that was likely having difficulty communicating with each other about the upgrades, which had to happen first internally in a duplicate technical environment, Litan says.

Litan says Bank of America likely has thousands of IT workers involved in the upgrade.

"It would be easy for them to trip on each other, and the release of the new code can act as a trip wire, which has a cascading effect," Litan says.

Earlier in the week it had been postulated that Bank of America was shut down by a distributed denial of service attack in retaliation for a $5 fee the bank announced it would impose on many of its debit card accounts.

DDOS attacks occur when a website is bombarded with millions of bogus requests usually from a botnet army of zombie computers hijacked by hackers.

DDOS attacks shut down the websites of Mastercard Inc., Visa Inc., and Paypal Inc. as retribution from hackers who blamed those companies for cutting off the flow of funds to the whistleblower site WikiLeaks earlier this year.

But no one has stepped forward to claim responsibility for the Bank of America attacks, says Julie Conroy McNelley, a senior analyst with Aite Group.

"If this was a really bad IT migration [BofA is] going to be dissecting this and learning from it to make sure this never happens again," McNelley says.

McNelley says technical problems similarly caused multi-day shutdown and service issues for JPMorgan Chase & Co.'s site for credit card customers in late 2010. 

Owen says the shutdown was not a DDOS attack. He says that within minutes, Bank of America began working with a team of internal and external experts, as well as law enforcement officials to try to determine the cause of attack.

"We did not have an outage, and we were never down during this time but we had a performance issue from degraded service and slowed service," Owen says.

Owen says that by end of day Wednesday the site was almost 100% operational. He says Bank of America is not yet ready to proclaim "victory," and that the bank is assessing the situation day by day.

"We take this very seriously, this not the experience that our customers expect, and we have not met our customers' expectations," Owen says. "We are 110% focused on making it right to our customers."

Litan says that online banking systems need to be treated as mission-critical, much the same way air traffic systems and others are.

"This would not be happening in a trading system," Litan says.

JOIN THE DISCUSSION

(1) Comment

SEE MORE IN

RELATED TAGS

'I Want a Tom O'Brien Action Figure Doll': Comments of the Week

American Banker readers share their views on the most pressing banking topics of the week. Comments are excerpted from reader response sections of AmericanBanker.com articles and from our social media platforms.

(Image: Bloomberg News)

Comments (1)
I don't understand why if BofA knows there is predictable important activity on the site, why they choose to perform an upgrade at the same time? Wouldn't you want to plan upgrades when there is the least potential for disruption to customers?
Posted by sunk818 | Monday, October 10 2011 at 12:26PM ET
Add Your Comments:
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.
asdasdasdasd
Already a subscriber? Log in here
Please note you must now log in with your email address and password.