Wells Fargo gets poor marks on ATM blackout

The cause of one of the largest ATM outages in U.S. history became the topic of widespread speculation Tuesday, as cyber experts scrambled to figure out why most of Wells Fargo & Co.'s 12,000 ATMs went dark for several hours.

The San Francisco-based bank stayed largely mum on the nationwide outage, which was unusually long in both its duration and scope. Thousands of Wells Fargo customers were unable to get their cash until the automated teller machines were fixed late Monday evening.

It's unclear exactly what happened. The bank would say only that the outage was caused by "an internal systems issue" and was not related to an external cyber attack or a security breach.

However, Wells Fargo's silence did not keep many in the bank technology world from speculating on the possible causes. One popular theory is that the ATM network crashed as Wells Fargo was trying to upgrade its system to protect against a cyber attack. The bank regularly updates the encryption codes in its ATMs to prevent hackers from stealing the personal identification numbers that people enter into the machines, say people who work closely with the bank.

An internal e-mail from Wells Fargo, obtained by the Star Tribune, said the outage affected 9,500 ATMs nationwide and occurred at 2:54 p.m. Central time Monday.

"The irony here is that, in their zeal to protect consumers and their network, Wells Fargo may actually have taken its system down," said Richard Crone, a bank technology consultant from San Carlos, Calif.

Wells Fargo came under some criticism Tuesday for its handling of the incident. In Minnesota, many customers who tried to withdraw their cash on Monday afternoon were greeted with "Out of Service" messages, and branch tellers with no information. Angry customers made their opinions known via Twitter, barraging Wells Fargo's Twitter account (@Ask_WellsFargo) with questions and complaints.

Some technology consultants said they were surprised that Wells Fargo did not have a clear plan in place for communicating to its customers when the ATMs collapsed.

Early Tuesday, Wells Fargo issued a statement saying it would automatically reimburse customers for any fees incurred for using a non-Wells Fargo ATM. However, this statement was issued to the media nearly 18 hours after the outage. The message could not be found on the company's website and was not posted in branches.

"It's precisely when there are failures and mistakes that you really need a bank," said Bob Landry, vice president of the banking group at Mercator Advisory Group in Maynard, Mass. "The consumer doesn't need to know exactly what happened, but they do need to know what their alternatives are. Otherwise, people feel abandoned."

Julie McNelley, senior risk and fraud analyst at Aite Group in Boston, said she was surprised that Wells Fargo didn't do more to reach out to customers through more than just its branches. When the system crashed, the bank could have sent alerts to its customers through mobile phones, or posted information on where to go on Facebook.

The bank's ATMs also could be configured to provide more information than a simple error message, said McNelley, adding that such instant messages and social media postings might have prevented customers from wasting time before finding a working ATM.

There has been a rash of bank outages recently. In September, millions of people who bank online with J.P. Morgan Chase lost online access to their accounts for more than a day after the bank's website crashed due to a technical glitch. A similar outage occurred last month at Bank of America.

However, the nationwide ATM outage at Wells Fargo is more serious, Landry said, because so many people rely on them to dispense cash at all hours of the day.

"It's a brand promise," Landry said. "If it's 4 a.m. in the morning, and you're on your way to the airport, you expect that cash will be there. ... I'm sure some heads will roll."