I'm willing to bet that they don't actually identify the computer, they just send you a persistent cookie once you've successfully logged in, and as long as your browser returns that cookie, they know it's a previously used machine.
You should be able to test this quite easily using something like Firefox's Web Developer toolbar which will let you both examine all of the cookies that you're sending to a specific domain, and will let you delete the cookies for a specific domain. If you delete the cookies for the Bank of America website and then try to login again, you should get the "You're using a new computer" workflow again if indeed they are using a cookie to determine which workflow should be presented to you.
Besides cookies, there are a number of methods they could be using to recognize your machine.
Additionally, the storage mechanisms can be combined (as it appears Bank of America does, or at least did at one point.) The ultimate example of this, so far, is a project known as evercookie which aims to make persistent browser tracking as difficult to defeat as possible.