Discovering a Security Breach at Wells Fargo

Dealing with Wells Fargo is frustrating enough. FOUR phone calls, one hour, just to change my email address. Why? Because the Wells Fargo system said it could not verify my identity, even though I logged into my account with correct username and password. That is verification. The system required me to call an 800 number to further verify. Two of the four calls were dropped by Wells Fargo.

On top of that frustration, the Wells Fargo system morphed the correct email address put into the field into a different email address that is not mine. All this was done and verified (including screen shots) while on a call with a Wells Fargo online banking supervisor. The fact that the Wells Fargo system will change what you type into the email address field into a different email address is a security breach. No system — financial or otherwise — should be changing the values provided by the user. Such allowances — deliberate or not — indicate lax programming that weakens security. This means the email with the verification link went to someone else. Altering the email address and sending emails to that incorrect, altered email address is a security breach.

I have screen shots, but for my own security, they are not included here.