For Companies and Institutions

  • Commercial Banking
    We provide tailored credit, financing, treasury and payment solutions for businesses of all sizes and commercial real estate. Backed by the strength and stability of J.P. Morgan, our dedicated experts deliver industry-specific guidance and services, empowering you to manage cash flow, seize growth opportunities and achieve your strategic goals.
  • Global Corporate Banking
    We help clients achieve their long-term strategic goals through financing, liquidity, payments, risk management and investment banking solutions.
  • Investment Banking
    Providing investment banking solutions, including M&A, capital raising and risk management, for a broad range of corporations, institutions and governments.
  • Payments
    Your partner for commerce, receivables, cross-currency, working capital, blockchain, liquidity and more.

Key Links

For Institutional Investors

  • Asset Management

    Putting our long-tenured investment teams on the line to earn the trust of institutional investors.

  • Markets

    Direct access to market leading liquidity harnessed through world-class research, tools, data, and analytics.

  • Securities Services

    Helping institutional investors, traditional and alternative asset and fund managers, broker dealers and equity issuers meet the demands of a rapidly evolving market.

  • Global Research

    Leveraging cutting-edge technology and innovative tools to bring clients industry-leading analysis and investment advice.

  • Prime Services

    Helping hedge funds, asset managers and institutional investors meet the demands of a rapidly evolving market.

  • Global Liquidity Solutions

    Global short-term fixed income strategies designed to help clients manage liquidity through the cycle.

Key Links

For Individuals

  • Wealth Management
    With J.P. Morgan Wealth Management, you can invest on your own or work with an advisor to design a personalized investment strategy. We have opportunities for every investor.
  • Private Bank
    A uniquely elevated private banking experience shaped around you.

Key Links

For Employers

  • Workplace Solutions

    Enhance your equity compensation offering with solutions designed to empower your employees and bring your reward strategy to life.

Key Links

Who We Serve

Key Links

All Insights

Explore a variety of insights.

Key Links

Insights by Topic

Explore a variety of insights organized by different topics.

Key Links

Insights by Type

Explore a variety of insights organized by different types of content and media.  

Key Links

About Us

We aim to be the most respected financial services firm in the world, serving corporations and individuals in more than 100 countries.

Key Links

[SOFT MUSIC]

When AI takes over the account, access still looks legitimate. But subtle signals emerge-- unusual amounts, new recipients, transactions that break expected patterns. In 2024, more than 1 million identity theft cases were reported. AI allows attackers to test credentials at volume and refine tactics in real time. The JPMorgan Payments Trust & Safety Suite helps assess behavioral risk indicators in near real time before funds are released. 

The credentials are valid. The vendor and timing look familiar. But something is off.

Account takeover (ATO) doesn’t look like a breach in progress. It looks like business as usual. Until it doesn’t. Fraudsters use legitimate credentials, often acquired through phishing, social engineering or compromised devices, to access your payment systems and initiate transactions that appear routine to internal controls.

And AI is making it easier. What once required manual effort now operates at greater speed and scale, automating credential theft and enabling fraudsters to strike more targets, more quickly. Authentication proves someone has the key. It doesn’t prove who’s using it, or why.

Why ATO is hard to spot

  • With valid logins, fraudulent payments blend into normal activity. Controls that treat authenticated as trusted provide cover for bad actors.
  • Multifactor authentication helps, but attackers can bypass it through SIM swapping, session hijacking or credential-harvesting schemes.
  • Static payment controls often assume known patterns equal known identity. They don’t distinguish a trusted user from a compromised credential behaving like one.
  • Detection lags behind execution. In the 2025 AFP Payments Fraud and Control Survey, 79% of organizations experienced actual or attempted payments fraud, and 20% of those who lost funds were unable to recover anything.1
79% of organizations experienced actual or attempted payments fraud, and 20% of those who lost funds were unable to recover anything1

79% of organizations experienced actual or attempted payments fraud, and 20% of those who lost funds were unable to recover anything1

79% of organizations experienced actual or attempted payments fraud, and 20% of those who lost funds were unable to recover anything1

The scenario: When traditional controls aren’t enough

It’s Friday at 4:45 p.m. A junior accountant’s credentials—compromised days earlier via phishing—are used to initiate five wire transfers just below the dual-approval threshold. The timing is precise. It’s late enough that no one is watching the queue, and early enough to process before cutoff.

By Monday morning, reconciliation flags a mismatch. $750,000 has cleared. The receiving accounts are empty.

Traditional controls worked as designed: The credentials were valid, the user was authenticated and the payments matched surface-level patterns. But something was off in the behavior.

Payment Control Center: The behavior layer in approvals

Payment Control Center, part of J.P. Morgan Trust & Safety Solutions, adds a behavioral monitoring layer to your payment approvals. It applies client-defined rules that reflect your payment patterns—beneficiaries, amounts, timing, velocity and context—and flags anomalies in near real time, pausing outliers before funds move.

What Payment Control Center does

  • computer icon

    Applies client‑defined controls at initiation, so payments that breach your rules are paused before approval, not discovered after reconciliation.

  • hand with money icon

    Enforces your policies in near real time across ACH, wire and real‑time payments, reducing reliance on manual review and end‑of‑day catch‑up.

  • puzzle piece icon

    Routes outliers to the right owner quickly, so exceptions get resolved with accountability and auditability.

Configurable rules that fit your operation

A configurable rules engine lets you tailor controls to your payment behaviors and risk tolerance—reducing the false positives that generic industrywide thresholds create. Automated alerts route to your treasury team when anomalies occur.

For ACH-specific controls, ACH Transaction Blocking lets you limit transactions to those submitted by approved vendors and under set payments amounts. Together with Payment Control Center monitoring, you get layered defense: rule-based blocking for known risks, behavior-based detection for emerging threats.

Shift the question: From credentials to behavior

If authentication answers “who has the credentials,” behavioral monitoring asks “does this look like you?”

Behavioral monitoring establishes defined norms based on rules you configure—how you initiate payments, at what times, to which beneficiaries, in what amounts and at what frequency—and flags deviations in near real time. Used effectively, it surfaces suspicious payments before approval, giving your team the opportunity to investigate and act.

Payment Control Center screens ACH, wires and real-time payments against client-defined rules for your users and business units, pausing outliers before approval.

The difference is timing. Traditional controls surface ATO after reconciliation while behavioral monitoring is designed to surface it at initiation, when you can still intervene.

The scenario revisited: Loss avoided

Now, consider the same scenario with behavioral monitoring in place.

Before each payment was approved, Payment Control Center evaluated the transaction against client-defined rules and parameters for that user and business unit. It didn’t just ask “who is this?” It asked, “does this match your defined norms?”

What the system saw:

  • Velocity: five payments in 15 minutes; this user’s baseline is one to two per hour
  • Timing: initiation at 4:45 p.m.; this user typically pays between 9 a.m.–3 p.m.
  • Beneficiary: vendor names match, but account numbers don’t match the vendor master
  • Amount: each payment sits just under the approval threshold, atypical for this vendor
  • Context: first time this user has initiated wires to these accounts

Any single indicator might be explainable. Together, they form a pattern rules-based screening can quickly surface. The system paused the payments for review before funds moved. An automated alert routed to the treasury manager and to the team’s queue. A quick verification call confirmed the compromise. Credentials were reset, vendor records corrected and all five payments canceled.

Loss avoided.

Why it worked

  • monitor icon

    Behavior over credentials: the system recognized a valid login behaving in an unusual way

  • graph icon

    Near-real-time screening: anomalies were detected at initiation, not after reconciliation

  • target icon

    Targeted friction: legitimate payments flowed, outliers were paused for review

  • true

    Human in the loop: alerts routed to the right owner enabled fast intervention

Beyond authentication: The broader context

Behavioral monitoring complements authentication by evaluating how a credential behaves. not just whether it authenticates. It runs at machine speed, 24/7, without fatigue and with fewer oversight gaps than human review alone. It doesn’t replace your team’s judgment. It delivers better information sooner, so you can act before losses become unrecoverable.

What this means for your organization

Account takeover mimics business as usual until one detail breaks the pattern. By adding a behavioral monitoring layer with Payment Control Center—and tuning rules to your environment—you move detection from days to moments. The payoff is operational confidence: Routine payments flow at speed while outliers are elevated and examined.

Talk with J.P. Morgan Payments

Ready to add behavioral monitoring to your controls and strengthen your defenses against account takeover?

Connect with your J.P. Morgan representative or visit J.P. Morgan Trust & Safety Solutions to explore deployment options for your business.

References

1.

2025 AFP Payments Fraud and Control Survey Report

Disclaimer
© 2026 JPMorgan Chase & Co. All rights reserved. JPMorgan Chase Bank, N.A. Member FDIC. Deposits held in non-U.S. branches are not FDIC insured. Non-deposit products are not FDIC insured. The statements herein are confidential and proprietary and not intended to be legally binding. Not all products and services are available in all geographical areas.

Visit jpmorgan.com/paymentsdisclosure for further disclosures and disclaimers related to this content.

Fraud in the age of AI

0:42 - Payments

Your fraud-prevention posture is a business decision—and it should evolve like one

Jun 22, 2026

Every checkout flow, authentication step and refund policy is a door you’ve chosen to size. The question is whether you’re still sizing those doors right.

Watch video
Fraud in the age of AI Business Email Compromise

0:35 - Payments

Fighting AI with AI: How near real-time validation stops business email compromise before money moves

Jun 22, 2026

Business email compromise exploits the most vulnerable point in any payment system: human trust. Validation Services from J.P. Morgan Payments helps close the gap and helps you catch changes before funds move with near real-time, AI-powered account verification.

Watch video
Fraud in the Age of AI - AI and deepfake Fraud

0:37 - Payments

Deepfake fraud is evolving fast—here’s how to protect your payments

Jun 22, 2026

Deepfake fraud is targeting payment processes with growing sophistication, and defending against it requires layered technology and a culture of verification.

Watch video
Fraud in the age of AI : Ransomeware

0:41 - Payments

When ransomware takes your defenses offline, what's left?

Jun 17, 2026

Ransomware doesn’t just encrypt your data—it creates a window where fraud defenses go dark. When your controls live on infrastructure separate from your own, they can keep working.

Watch video
reflection of buildings

Payments

Payments Modernization for Global Impact: Opportunities for Multilateral Development Banks

Jun 10, 2026

Ongoing technological and macroeconomic shifts have led Multilateral Development Banks (MDBs) to reevaluate their operational strategies to emphasize resilience, crisis-readiness, and systems preparedness.

Read more

Payments

Beyond the stadium: Where fans go, spend follows

Jun 04, 2026

How payment data from major sporting and entertainment events reveals where, when, and how fans spend, and what it means for merchants preparing for a global soccer event.

Read more

Payments

2026 trends in cross-border payments for financial institutions

May 21, 2026

Learn how financial institutions can harness AI, resilience and interoperability to help navigate shifting FX corridors and the evolving global payments landscape.

Read more

Payments

BILL gives small and midsize businesses access to credit in minutes with Embedded Finance from J.P. Morgan

May 20, 2026

Learn how BILL helps businesses manage payments in real time with an API-based sub-ledgering solution.

Read more