List of Banks with EV certificate usage status

With the MD5 SSL vulnerability readily exploitable¹ in the wild, it's even more critical that every financial institution use an EV certificate than it used to be.²

US banks, sorted by assets*

JPMorgan Chase

https://www.chase.com: NO (tested 1/28/09)

Bank of America

https://www.bankofamerica.com: NO (tested 1/28/09)

Citibank 

https://online.citibank.com: NO (tested 1/28/09)

Wachovia

https://onlineservices.wachovia.com: NO (tested 1/28/09) AND it asks for password at http://www.wachovia.com, while misleadingly putting a padlock on that page! (now part of Wells Fargo)

Wells Fargo

https://www.wellsfargo.com: NO (tested 1/28/09)

State Street

https://my.statestreet.com: NO (tested 1/28/09)

US Bank

https://www4.usbank.com: NO (tested 1/28/09) AND it asks for ID at http://www.usbank.com, while misleadingly putting a padlock on that page!

BNY 

https://www.bnyconnect.com: NO (tested 1/28/09)

HSBC

https://www.hsbc.com: NO (tested 1/28/09) BUT https://www.hsbc.co.hk: YES! (also tested 1/28/09)

Suntrust 

https://www.suntrust.com: NO (tested 1/28/09)

FIA

https://www.ibsnetaccess.com: YES! (tested 1/28/09) (now part of B of A)

National City

https://www.nationalcity.com: NO (tested 1/28/09)

Regions 

https://securebank.regions.com: NO (tested 1/28/09) AND it asks for password at http://www.regions.com, while misleadingly putting a padlock on that page!

PNC

https://www.pnc.com: NO (tested 1/28/09)

BB&T

https://online.bbandt.com: NO (tested 1/28/09) AND it asks for password at http://www.bbt.com, while misleadingly putting a padlock on that page!

RBS Citizens

https://www.citizensbankonline.com/: NO (tested 1/28/09) https://www.citizensbankonline.com/

Countrywide

https://bank.countrywide.com/: NO (tested 1/28/09) AND https://bank.countrywide.com/ causes security warning messages to pop up! AND it asks for ID at http://my.countrywide.com/, while misleadingly putting a padlock on that page!

Captial One

https://servicing.capitalone.com: NO (tested 1/28/09)

TD

https://online.tdbank.com/: NO (tested 1/28/09); https://wwws.ameritrade.com: NO, AND it asks for password at http://www.tdameritrade.com, while misleadingly putting a padlock on that page!

Quasi-bank PayPal: https://www.paypal.com/: YES! (tested 1/28/09)

• Asset-ordered list from http://www2.fdic.gov/idasp/main.asp. Testing by Matthew Elvey.