Lucky Day,
You live in the US. Everything you noted isn't up to the banks, it's governed by federal regulations, such as E, C, D, and CC. Even information sharing between inter company (say between bank of america's deposit services and boa's credit card, heloc, morgage, investment, or business or personal loan/loc departments) or 3rd party. You can opt out. When it comes to online banking and site redirecting it has to fall under those, so if there was a breach, boa is liable.
For instance, some company had an info breach, and has no web capacity (I keep thinking cenega or citrix, buts it's neither of course, but starts with a C for sure). The last big breach was due to someone leaving a lap top somewhere. In order to open a bank account you need a social (or TIN for a business) or the heb, visa crap, so your bank has to have a social, other than that, just don't provide it and make sure to call your bank and they disenroll you from all forms of info sharing.
How your debit card and credit card work has nothing to do with your bank, and is 100% governed by visa or amex. For instance, lets say you have 5k in the bank. You write a check for 5k to pay whatever, buy something online right after for 5k. The merchant authorization hold only lasts one business day, so when it fals off your account shows at 5k avialable balance. The check presents and clears. The next day the bank is presented with the reciept for the online purchase, since it was accepted at the time of purchase it has to be paid, regardless of how much it overdrafts the account. The bank cannot return it or refuse payment to the merchant and the merchant is guaranteed their funds (even if it was a blatantly fraudulent trasnaction after the fact, as long as they didn't breach their duty to verify customer accourding to transaction amount). Thats why accounts can be so overdrawn now, and why Credit Cards can be overextended on the credit lines and the customer complains why it was allowed to go through. We'll, at the time of purchase the bank saw available credit or funds and then recieved a different reciept after the fact.
When I worked for bank of america there was a huge problem with old people and their inability to understand the new check clearing regulation. They would scream and yell that they weren't getting their checks returned with their statements. We'll, whatever the reg name is, merchants can make a electronic copy of your check and then electronically draft your account, but legally has to destroy the original copy of the check. The bank never gets the check back to send back to you, or an image, the merchant has it on file, and has to for 7 years. They don't get it because they are old and slow and taught that if they yell load and become annoying enough things will happen to shut them up, which is true to things that can be changed, but in that case in can't.
Purchasing online does not put your account in any more risk than not. The safest way to not worry about anything is to use a po box so you don't have to worry about mail theft, and don't use a wallet or purse, and always use cash. But if you have mail sent to your house and you carry a wallet or purse around, online transactions are a small worry. When i worked for bank of america the biggest online problem was people getting an email from bank of america asking them to submit all this info (like social, etc) for account verification or some other reason, which of course never was bank of america, but was just a fraudulent e-mail phishing for stupid people to actually submit that.
I'm 100% safe because I have all my crap under fake names. Its easy to beat the system if you know how it works. SOme advise to keep your accounts safe no matter what:
Open online accounts with slightly false info, or even blatantly false info. If you earn less than $10 interest you don't and won't need a 1099 or 98, so the bank or goverment doesn't care about you or your business. Make sure you have a different address listed for the debit card than your stament mailing address (if possible). Under the patroit act banks have to have a physical address for you on profile, even if you have mail sent to a po box. That way when someone tries to buy something online, it will be denied because the shipping or billing address is diffferent than the one on file with visa and the bank, even if your actual address/mailing address has been compromised along with your other fake info on the false name account.
No need to watch your accounts like a hawk. You have sixty days to file a claim through your bank. If you see $50 spent at peteluma and it seems fishy, call up, once its posted, and put in a claim. You should have $50 temp credit that day, and you'll need to fax in some info before it turns perminent, but you'll get it with minimal fuse and/or hasle.
Sometimes, it will be authorized. For instance, if you go to old navy it shows up as gap in like Wisconsin, because gap owns old navy and their financing department is with their HQ in like Wisconsin. If you make a payment to MBNA it might show up as bank of america or priority card services in a state you've never been in before. Just call up and find out.
The lion's majority of fraudulent activity on a debit card is through theft. Its stolen and you see a bunch of gas and mcdonald's purchases that equal about $20-100 before the card is blocked by the bank due to fraud protection. The lion's share of claims put in aren't even unauthorized or fruadulent activity, its authorized. For instance, I had an account with blockbuster. One day there was a debit for like $100 on my account from blockbuster. I put in a claim through my bank, and got a fax back with the agreement I signed with blockbuster that indeed did state that if my account with them had an outstanding balance for over 1 year, they could debit my account with a debit card number they had on file. Wily bastards. But they got me fair and square.
The other problem is loan or check cashing places. They have you sing all this crap that basically authorizes them to draft your account whenever they want for whatever they want. And they are geniuses when it comes to getting around stop payments. They drop the amount down a penny, switch the words in their name around, and submit drafts electronically through a banks ACH department, etc.
Well, I could go on and on, but the moral is, online isn't unsafe, and is actually safe if you aren't stupid and just send anyone who asks for info info. Lie, lie, lie. Having a wallet, purse, or having mail sent to a physical address is a lot riskier in reality. And older people tend to have a 1995 mindset still and fail to understand that a lot of goverment heavy handedness has come down when it comes to online transactions. Read reg E.
I'm sure no one sane read this whole thing, but if you did you must be even more bored than I am. Well, anyway, I'll stop now.