Skip to content


Wells Fargo has a huge security flaw

Date: 11/05/2008 | Category: Banking | Author: developers

Wells Fargo bank has a huge security flaw in their online banking system. Unfortunately the flaw is by design. There is nothing customer can do to prevent unauthorized payments to be posted to his account.

There is a service called Wells Fargo Customer to Customer transfer. I never heard about this payment option until some scammers started using it. Basically any customer can send money to any other Wells Fargo customer.

Remember the phising emails. Click here to login to your Wells Fargo account. I always thought what the scammers do with the login. Because there is not much you can do. See statements or maybe change address. But you cannot write checks or send wire transfer (which you have to do personally in the bank). Now I understand how the login can be useful to scammers. They can use this great function designed by Wells Fargo and send money to some other account.

All he needs to know is account number (printed on every check) and your name.

I believe the name doesn’t have to be 100% accurate. As long last name fits I think that transfer goes through. If you ask why I know that it is because someone sent money to our company account the same way. And I know for sure they didn’t know correctly my full name. I go by different name in my life and the legal name is not published anywhere.

So at the end someone sends money to you and your account gets disabled. Nothing will help you. You can call Wells Fargo and they will treat you as a scammer.

What really sucks:

  • I tried to disable accepting such payments to my account. Wells Fargo said it is not allowed. In seven years of being Wells Fargo customer I never used myself this customer to customer payment method. I never received payment like this. Only two payments in the last 7 days and both from some scammers (one from Nigeria). So we must receive payments by this method even if it used by scammers only (in our own experience)
  • Wells Fargo thinks that we are responsible because money came to our account. Yes, I understand this logic. But we are a mail forwarding business and we cannot be responsible for every one of our customers.  We have thousands of customers and there are always just few who are scammers. We cut them off. We cancel their service once we find out. But we cannot stop doing business because one in hundreds of customers is doing fraud. We can learn, improve our security measures, which is what we are doing constantly. It is hurting on personal level that after 7 years of banking relationship Wells Fargo thinks that I (owner of the company) is involved in some scam to get $500 to my account.
  • We have international clients so we need accept wire transfer. When you have customer paying by wire transfer you have to provide them with information about your account (account number, bank name). Wells Fargo things that is the security breach on our part. That we should never publish or give information about our account to anyone. But how can we do business with customers if they cannot pay us? I think that is just ridiculous and Wells Fargo is desperate to find a blame for their fault security system.
  • While Wells Fargo investigates (10 days). They cut off all our access, bill pay, online statements… To all accounts (personal, other businesses, anything I have with Wells Farg). So good luck trying to find what is happening with my credit cards, bills, payments…

I spent hours on the phone and in my branch. I tried to explain, but it seems no ones cares. Couple of times I heard that I will be lucky just to keep my account once the investigation is closed. Once again. I am seven years customer. I have accounts for four of my corporations and my personal account. I have credit cards, line of credit for hundreds of thousands… And the relationship goes to toilet because of some idiot from Nigeria misuses some other customer account.