August 28, 2009

Warning! Wells Fargo Bank Will No Longer Password Protect Business Accounts

Greetings. This is just a quick heads-up. I've been informed, and have verified through multiple sources, that Wells Fargo Bank will now refuse to password protect business banking accounts. Callers punching directly through to an agent without entering identifying information may be able to obtain full account access using only an account (e.g. checking account) number, and last four digits of taxpayer ID or SSN -- all data elements that tend to be widely available in the course of doing business for many entities. Note that Wells Fargo phone agents do not routinely ask for PINs, either.

In theory, Wells claims that if a business already has a password assigned it will still be honored for now -- but in practice it appears that many phone agents are simply ignoring the passwords, and will refuse to set a new one. Nor can businesses even go into a branch to assign a password (as, supposedly, consumer account holders still are permitted to do).

Wells' explanation for this change is that supposedly too many people forgot their passwords, and that the passwords could be bypassed anyway with other easily obtainable information.

In fairness, all Wells Fargo representatives I've spoken to about this agree that's it's a dangerous and stupid (their words!) policy. After all, just because some people lock themselves out of their cars, and it's possible to break in through windows, we still expect auto manufacturers to provide locks.

Businesses with their accounts at Wells Fargo may wish to reevaluate their situation in light of this information. I'll update if and when I learn more about this significantly outrageous policy change.

--Lauren--

Posted by Lauren at August 28, 2009 03:25 PM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein