While it's nice to hear that mynewcard.com is not a scam after all, I'd like to point out that the only way I could have known was via the tests I used, which failed. In general, nobody should be putting their personal information into a form served by an unfamiliar domain, especially via a link they receive by email. Bank of America is doing both their customers and themselves a disservice by collecting credit card applications through a third-party. At the very least, the URLs in that email-- including the "unsubscribe" form-- should all have been served from bankofamerica.com, and even then I would caution anyone who would listen to not trust links they receive in email. At best, no respectable bank should be soliciting credit card applications by email.



Furthermore, I saw no privacy policy stating that Douglas-Danielle wasn't retaining a copy of data collected via their web site.

BoA must be using them in some capacity. I received a postal mail solicitation for a new credit card this week from Bank of America, along with an invitation to request a new platinum Visa card at www.mynewcard.com.

Thanks for the info. I had applied online with mynewcard.com and was approved, however I became suspicious as well. However, from the bank of america site if you do a search for mynewcard, there will be a link that directs you to mynewcard.com. Well, I guess I'll wait and see what happens next. Thanks for the heads up.

Bank of America responded to my inquiry on this matter, confirming that mynewcard.com is an official B of A site, hosted by Douglas-Danielle. People who visited mynewcard.com after seeing the address on a mailing are probably fine, I'm mostly concerned with demonstrating that sending out this kind of thing by email is bad practice, and not just because spam is bad.



I'm curious about the feasability of someone faking a paper mailing for similar identity thieving purposes. I've never heard of it, and certainly it's somewhat more difficult and easier to trace. But are there criminals sending out fake pre-approved credit card applications? Or directing people to fake websites? It's probably easier to run a legit-but-evil credit mill, the kind that charge fees to give credit to desperate people who can't afford them.



As to why you can't trust links in email: Origins are completely forgable. HTML-formatted email obscures the actual addresses of links, so you don't know what will happen when you click. Even if you can see the address, there are ways to make an address cryptic that seem legit: xxxx://www.bankofamerica.com@1375937510935/ will actually go to an IP address represented by that long number at the end. xxxx://www.bankofamerca.com/ (typo) or xxxx://www.bank-of-america.ws/ (unowned domain) could be registered by someone other than B of A. (Points for B of A for registering pretty much every "bankofamerica" domain, it seems.) If the email and the website the links send you to have B of A logos on them, recipients are likely to believe they are legit, when they are not. It's possible to figure out exactly what would happen when you click on those links, but it's enough effort that most people won't know how.

nice work

Today I received the wonderful bankofamerica pre-qualified status letter in the mail for a platinum card. I decided to try the web site given, and type in the ps code given to me by them. Everytime I entered it, all I got was the psc (personal secure code) was invalid. How could that be if THEY gave it to me? First red flag!! Next after I got the message "invalid psc" it went to another page, there asking for my name, mother's maiden name and my social security number, I filled in the blanks minus the social security number and of course it could/would not be processed - another red flag. If in fact this had come from bankofamerica and I had been pre-approved, wouldn't they already know all my information? Always read fine print!! When I typed in my name, it was only my first time. Readers beware!!

My last sentence should have read, "when I typed in my name, it was my first name only." Thank you. NEVER give your SSN to anyone, anytime, anyplace, anywhere - that's my believe.

Thanks Bonnie! As I mentioned, www.mynewcard.com is a legitimate Bank of America website, but it wouldn't surprise me if it's broken.



It sounds like this "PSC" is mostly a way to associate your application with how you found out about the website (such as a mailing). Anything printed on a credit card offer mailing would be too easily stolen (from your garbage) to really be considered a security measure.



I can only guess that mynewcard.com asks for an SSN to make it more difficult to automatically sign up other people for credit card offers. Note that the bank still needs a piece of paper with your signature on it before they can actually create an account, so all this website does is request that an application be sent to your house. (Someone correct me if I'm wrong.) That application is an appropriate place to ask for your SSN and other personal information, it seems less necessary on the website.

Ooh, I haven't been to www.mynewcard.com in a while. This Personal Security Code thing is actually a neat idea. My original point about verifying the origins of email and a website are still valid, but it appears this PSC thing is a good way to prevent scammers from abusing the application process. You can only use www.mynewcard.com if you have a code from one of Bank of America's mailings. Nice.



Too bad that it sounds like it's broken.

I RECEIVED AN OFFER FOR A PLATINUM CARD. I WAS IN THE PROCESS OF APPLYING WHEN yourn comments came up. WHAT HAPPENS IF THE APPLICATION IS DONE by PHONE.? THEY HAVE A TOLL FREE NUMBER-WHICH IS 1-800-654-2588. HAS ANYONE TRIED IT THIS WAY? I really need a credit card but i am very leary when it comes to giving out my social on the internet. I must admit the offer is very tempting BUT I AM NOT THAT DESPERATE. I WANT TO APPLY WITH A LEGITIMATE CO.

While I appreciate the attention brought to this blog entry by search engines, I'm not sure how I can better communicate this to people searching for information on applying for a Bank of America credit card: www.mynewcard.com is a legitimate Bank of America web site, and is not in any way a scam.



I should also make it clear that I am not a Bank of America representative, and this web site is not a Bank of America web site. I have no information on applying for a credit card, and posting your Personal Security Code doesn't help anybody.



The purpose of this post was to discuss the technological problems with trust, commerce, e-mail and the web. We as banking customers have limited capacity to verify the authenticity of e-mail and web sites, and it's important to be cautious and informed when using these channels for banking transactions.



If you want a Bank of America credit card, call them or visit your local branch.

Gentlemen!



With all my respects, i'm taking this occasion to apply for this pre-qualiffied card, you send to me a few weeks ago.

MY PERSONNAL SECURE CODE IS:

cp0304-034-416-686



You already have all the information about me. I was working at the VA, University of miami as a psychiatrist for about one (1) year. the contract is over since august 2003.



A year before the CONTRACT IS OVER, i'm open my own wealth care concil to assess and diagnose the manic depressive patients, who lead to become catonic.

I'm making approximately for this year $100.000 and up...



at any problem and information you fell free to call me any time at:



954-793-0595



954-546-4341



With all my respects



ERNST JOACHIM MD, PH.D

I have banked with BOA for some years now and they have not disapointed me not once I'm now learnig to bank on line and it's been easy and convenit. Gonzalo Zavaleta