Fraud Defenses

In the fight against fraud, there’s no silver bullet. You’re best protected when you and your bank use a layered security approach.

At Wells Fargo, the security of your assets is a top priority, and we’re committed to protecting your organization's financial information and assets. We’re proactively advancing our security to identify new threats and help ensure the safety of your accounts and information. We use multiple layers of protection to keep your organization’s information and accounts secure. 

As fraud becomes more sophisticated, so does our approach to security — and our investment in advanced security tools using the latest technology helps us protect your accounts and information and detect when there may be a risk.

Here are some of the ways Wells Fargo helps you protect your accounts from online fraud.

Fraud protection

  • Layered security approach. We require tokens for high-risk functions such as money movement and user administration.
  • Data encryption. To help prevent unauthorized access, your information is coded. All Wells Fargo online banking operations use advanced encryption methods.
  • Credential protection. To protect the privacy of your confidential log-on information, Wells Fargo will never ask for your password, PIN or the PIN + token code combination (passcode) over the phone or through e-mail or text messages.
  • Session management. To help securely manage your online sessions, the Wells Fargo VantageSM uses separate windows, never pop-up windows. Pop-up windows launch automatically and carry higher security risk.
  • Product security. To strengthen your control of crucial information and help safeguard your data, Wells Fargo builds advanced security features into all products and services. For example, you can establish wire transaction dollar limits at the company level, account level, and user level. If a transaction amount exceeds any of these limits, the payment cannot be sent.
  • Products, services, and controls. Wells Fargo offers several fraud protection services to help protect you against online fraud, including the Perfect Receivables® service for ACH and wire transfers, Dual Custody for services with transactions that require strong authentication, Alerts for receiving critical alerts about your accounts, and the Fraud Manager solution, available through Vantage. Fraud Manager organizes the ACH Fraud Filter, Positive Pay, and Add Check Issues fraud prevention solutions into a consolidated location to help fight fraud. Individually, these services allow you to make pay or return decisions on your ACH and positive pay transactions.

Fraud detection

  • Advanced technology, monitoring, and risk evaluation. Wells Fargo employs multiple methods for detecting suspicious transactions and fraud. They look for out-of-pattern behavior and other suspicious activities occurring at the time of log-on or at transaction submission. Many of these methods are undetectable by the users of our internet and mobile portals and by the fraudsters themselves.
  • Industry partnership. We work closely with anti-phishing and anti-trojan vendors and actively share fraud forensic data within the industry.
  • Law enforcement coordination. Wells Fargo collaborates with law enforcement agencies to share intelligence and investigate fraud incidents that could affect our customers.

Best practices

Six tips for building a strong fraud protection program

  1. Protect access credentials
    Never give out passwords, IDs, or token codes, or other authorization credentials. If you receive an email, phone call, or text message claiming to be from your financial institution, asking for your credentials, it is likely a “phishing” attempt. DO NOT respond to it. Report it to your financial institution immediately.
  2. Strengthen your internal controls
    Implement dual custody on all online payment services (ACH, wire transfer, foreign exchange) and administration services; reconcile accounts daily to detect suspicious activity; lock check stock and signature stamps in a secured location; update antivirus and antispyware software and firewalls regularly.
  3. Educate your employees
    Instruct your employees never to give out the credentials they use to access your online banking systems or accounts. Repeat this message often so it remains top of mind.

    Our customers’ employees who were victims of phishing fraud tell us this happened for one of two reasons:
    • They didn't know about phishing fraud; they lacked education.
    • They knew, but let down their guard; they needed to be reminded.
    Remind your employees of the following:
    • Do not click on links purporting to be antivirus or anti-malware software.
    • Do not download files from peer-to-peer sources or other unknown sources.
  4. Know your employees
    Perform a credit check and a background check on all new employees who have access to your accounts, account records, or cash. Make certain your checks are done in compliance with applicable laws. Call at least three references to verify information.
  5. Keep authorizations up to date
    When an authorized signatory or approver on your accounts leaves your company, notify your bank immediately to have that employee’s name removed from all authorizations. Conduct an annual audit of all your bank signature cards, funds transfer agreements, access codes, and other authorizations to ensure they are current.
  6. Verify your vendors
    Verify requests from vendors for payments or payment-instruction changes with a call to the vendor's telephone number in your files. You should always "Verify before you initiate” and “Verify before you approve.”

Report Fraud

Act fast and follow these important steps immediately if you think you or your company might be the victim of a fraud or attempted fraud.

Treasury Insights

Visit Treasury Insights for tips and best practices on how to help protect your organization from the threat of fraud.