Fraud & Security

• Layered security approach. We require tokens for high-risk functions such as money movement and user administration.
• Data encryption. To help prevent unauthorized access, your information is coded. All Wells Fargo online banking operations use advanced encryption methods.
• Credential protection. To protect the privacy of your confidential log-on information, Wells Fargo will never ask for your password, PIN or the PIN + token code combination (passcode) over the phone or through e-mail or text messages.
• Session management. To help securely manage your online sessions, Wells Fargo Vantage® uses separate windows, never pop-up windows. Pop-up windows launch automatically and carry higher security risk.
• Product security. To strengthen your control of crucial information and help safeguard your data, Wells Fargo builds advanced security features into all products and services. For example, you can establish wire transaction dollar limits at the company level, account level, and user level. If a transaction amount exceeds any of these limits, the payment cannot be sent.
• Products, services, and controls. Wells Fargo offers several fraud protection services to help protect you against fraud, including the Perfect Receivables^® service for ACH and wire transfers, Dual Custody for services with transactions that require strong authentication, Alerts for receiving critical alerts about your accounts, and the Fraud Manager solution, available through Vantage. Fraud Manager organizes the ACH Fraud Filter, Positive Pay, and Add Check Issues fraud prevention solutions into a consolidated location to help fight fraud. Individually, these services allow you to make pay or return decisions on your ACH and positive pay transactions.

Your security is our priority. At Wells Fargo, protecting your financial information and assets is at the heart of everything we do.

• Advanced fraud monitoring and risk evaluation. We use cutting-edge technology to monitor unusual activities, such as unexpected login attempts or out-of-pattern transactions. These systems work silently in the background to detect and block threats in real time, often before you even notice them.
• Trusted industry partnerships. We collaborate with top cybersecurity experts and share fraud intelligence across the financial industry. This helps us stay ahead of new scams and strengthen protections for all our customers.
• Coordinated law enforcement efforts. Wells Fargo works closely with law enforcement agencies to investigate fraud and share critical information. These partnerships help us respond quickly to threats and support efforts to stop fraudsters.

Six tips for building a strong fraud protection program

1. Protect access credentials
   Never give out passwords, PINs, or token codes, or other authorization credentials. If you receive an email, phone call, or text message claiming to be from your financial institution, asking for your credentials, it is likely a “phishing” attempt. DO NOT respond to it. Report it to your financial institution immediately.
2. Strengthen your internal controls
   Implement dual custody on all online payment services (ACH, wire transfer, foreign exchange) and administration services; reconcile accounts daily to detect suspicious activity; lock check stock and signature stamps in a secured location; update antivirus and antispyware software and firewalls regularly.
3. Educate your employees
   Instruct your employees never to give out the credentials they use to access your online banking systems or accounts. Repeat this message often so it remains top of mind.

4. Remind your employees of the following:

   • Do not click on links purporting to be antivirus or anti-malware software.
   • Do not download files from peer-to-peer sources or other unknown sources.
5. Know your employees
   Perform a credit check and a background check on all new employees who have access to your accounts, account records, or cash. Make certain your checks are done in compliance with applicable laws.
6. Keep authorizations up to date
   When an authorized signatory or approver on your accounts leaves your company, notify your bank immediately to have that employee’s name removed from all authorizations. Conduct an annual audit of all your bank signature cards, funds transfer agreements, access codes, and other authorizations to ensure they are current.
7. Verify your vendors
   Verify requests from vendors for payments or payment-instruction changes with a call to the vendor's telephone number in your files. You should always "Verify before you initiate” and “Verify before you approve.”