Fraud Defenses

At Wells Fargo, the security of your company’s financial information and your assets is a top priority. As online fraud becomes more sophisticated, so does our approach to security. Our ongoing investment in fraud protection protocols helps us protect your accounts and helps detect when they may be at risk, even as threats evolve.

  • Layered security approach. We require tokens for high-risk functions such as money movement and user administration.
  • Data encryption. We use advanced encryption to help protect against unauthorized access.
  • Credential protection. To protect the privacy of your confidential login information, we never ask for your IDs, passwords, or token codes over the phone or through email or text messages.
  • Session management. To help keep your online sessions secure, our Commercial Electronic Office® (CEO®) portal uses separate windows and never uses pop-up windows, which launch automatically and carry higher security risk.
  • Product security. To strengthen your control of crucial information and help safeguard your data, we build advanced security features into our products and services. As an example, we will not release payments if they include previously confirmed fraudulent beneficiary information.
  • Product offerings. We offer several fraud protection services, including ACH fraud filters for electronic debits and credits.
  • Advanced technology. We use multiple methods of detecting suspicious online activity and fraud. Many of these methods are undetectable by both the users of our Internet portals and by the fraudsters themselves. 
  • Monitoring unusual activity. Our fraud teams actively monitor portal activity. We look for “out-of-pattern” behavior and other suspicious activities occurring at the time of login or at transaction submission, including transactions that exceed established payment limits. 
  • Risk evaluation. We systematically evaluate the risk associated with transactions and investigate any transaction that exceeds an established risk threshold. 
  • Industry partnership. We work closely with anti-phishing and anti-trojan vendors and actively share fraud forensic data within the industry. 
  • Law enforcement coordination. We work with law enforcement agencies to share intelligence and investigate fraud incidents that could affect our customers.

The bad news is that you can’t stop fraud attempts. Today’s embezzlers, organized crime rings, and fraudsters are opportunists just looking for an opening. If you leave a door ajar, they will find a way in and steal from you.

The good news is that you can stop thieves and help foil most fraud attempts by putting the right fraud protection program in place.

Six rules for a strong fraud protection program

Protect access credentials

Never give out passwords, IDs, or token codes, or other authorization credentials. If you receive an e-mail, phone call, or text message claiming to be from your financial institution, asking for your credentials, it is likely a “phishing” attempt. DO NOT respond to it. Report it to your financial institution immediately.

Strengthen your internal controls

Implement dual custody on all online payment services (ACH, wire transfer, foreign exchange) and self-administration services; reconcile accounts daily to detect suspicious activity; lock check stock and signature stamps in a secured location; update antivirus and antispyware software and firewalls regularly.

Educate your employees

Instruct your employees never to give out the credentials they use to access your online banking systems or accounts. Repeat this message often so it remains top of mind.

Our customers’ employees who were victims of phishing fraud tell us this happened for one of two reasons:

  • They didn’t know about phishing fraud; they lacked education.
  • They knew, but let down their guard; they needed to be reminded.

Remind your employees of the following:

  • Do not click on links purporting to be antivirus or anti-malware software.
  • Do not download files from peer-to-peer sources or other unknown sources.

Know your employees

Perform a credit check and a background check on all new employees who have access to your accounts, account records, or cash. Call at least three references to verify information.

Keep authorizations up to date

When an authorized signatory or approver on your accounts leaves your company, notify your bank immediately to have that employee’s name removed from all authorizations. Conduct an annual audit of all your bank signature cards, funds transfer agreements, access codes, and other authorizations to ensure they are current.

Verify your vendors

Require all changes to vendor payment account numbers to be made in writing on the vendor’s letterhead and verified with a call to the vendor’s telephone number in your files. You should always "Verify before you initiate” and “Verify before you approve.”


Are you doing everything you can to fight fraud? Use this fraud protection strategies checklist (PDF)* to make sure you cover all your bases.