The banking scandal that led to the firing of over 5,300 Wells Fargo employees and cost CEO John Stumpf his job will continue to impact customers for some time, especially those hit with wrongful overdraft fees, interest charges or drops in their credit ratings.
In addition to the $185 million dollar fine by the Consumer Financial Protection Bureau, which ordered the bank to pay for illegally creating two million unauthorized customer accounts along with $5 million in full restitutions to victims of this illicit behavior, the longer term business repercussions for Wells Fargo will likely come in the form of consumer trust and loyalty.
The simple fact is that Wells Fargo’s employees were given the means to commit this fraud. They had enough access to consumer personal information to open the accounts – full name, date of birth, Social Security number, address, etc. – to pass a single, knowledge-based factor of authentication. Had Wells Fargo simply complied with Federal Financial Institutions Examination Council guidelines on multi-factor authentication across all customer channels and internal activities, there would have been no fraud.
What I can’t help but wonder is why all banking institutions operating today don’t have multi-factor authentication measures in place to secure every transaction, especially in person and on the telephone.
Whether your customers are banking online or interacting with agents over the phone, it’s imperative that banks properly authenticate all customers to better protect their customers and banking institutions.
As we’re learning from this case, not having proper authentication processes in place across all customer channels can cause irreversible damage to your brand, not to mention your CEO’s career.
Industry analysts have long warned us about the weaknesses people present to the authentication process. While the human element innately brings a level of risk to customer identification, Wells Fargo also illustrates the risk human beings bring to all banking activities.
To strengthen internal controls and build trust and confidence with your customers, banking institutions must remove the human factor from the authentication process. This helps banks reduce their vulnerability to social engineers and other dubious behavior perpetrated by employees.
Authentication tools such as TRUSTID, that remove the human factor and automatically identify individuals, provide banks with the security of only conducting business with their actual customers, not criminals or rogue employees. By creating a proactive and more transparent enterprise, your customer channels are better protected against social engineering scams and other unwanted activities that can have a lasting impact on your customers and your brand.