For Companies and Institutions

  • Commercial Banking
    We provide tailored credit, financing, treasury and payment solutions for businesses of all sizes and commercial real estate. Backed by the strength and stability of J.P. Morgan, our dedicated experts deliver industry-specific guidance and services, empowering you to manage cash flow, seize growth opportunities and achieve your strategic goals.
  • Global Corporate Banking
    We help clients achieve their long-term strategic goals through financing, liquidity, payments, risk management and investment banking solutions.
  • Investment Banking
    Providing investment banking solutions, including M&A, capital raising and risk management, for a broad range of corporations, institutions and governments.
  • Payments
    Your partner for commerce, receivables, cross-currency, working capital, blockchain, liquidity and more.

Key Links

For Institutional Investors

  • Asset Management

    Putting our long-tenured investment teams on the line to earn the trust of institutional investors.

  • Markets

    Direct access to market leading liquidity harnessed through world-class research, tools, data, and analytics.

  • Securities Services

    Helping institutional investors, traditional and alternative asset and fund managers, broker dealers and equity issuers meet the demands of a rapidly evolving market.

  • Global Research

    Leveraging cutting-edge technology and innovative tools to bring clients industry-leading analysis and investment advice.

  • Prime Services

    Helping hedge funds, asset managers and institutional investors meet the demands of a rapidly evolving market.

  • Global Liquidity Solutions

    Global short-term fixed income strategies designed to help clients manage liquidity through the cycle.

Key Links

For Individuals

  • Wealth Management
    With J.P. Morgan Wealth Management, you can invest on your own or work with an advisor to design a personalized investment strategy. We have opportunities for every investor.
  • Private Bank
    A uniquely elevated private banking experience shaped around you.

Key Links

For Employers

  • Workplace Solutions

    Enhance your equity compensation offering with solutions designed to empower your employees and bring your reward strategy to life.

Key Links

Who We Serve

Key Links

All Insights

Explore a variety of insights.

Key Links

Insights by Topic

Explore a variety of insights organized by different topics.

Key Links

Insights by Type

Explore a variety of insights organized by different types of content and media.  

Key Links

About Us

We aim to be the most respected financial services firm in the world, serving corporations and individuals in more than 100 countries.

Key Links

[MUSIC PLAYING]

When AI writes the email, urgency feels real. The tone matches your CFO. The language reflects your company. In 2024, business email compromise drove $2.8 billion in reported losses. AI is making these attacks more convincing and harder to detect. The J.P. Morgan Payments Trust and Safety Suite helps assess risk in near real-time before funds are released. 

Fraud threats are evolving—and so are the solutions designed to detect them. In this series, we examine the risks businesses face today and how J.P. Morgan Payments Trust and Safety solutions help address them. We’re starting with the one that exploits something no firewall can protect: human trust.

Business email compromise (BEC) is a type of fraud in which bad actors impersonate trusted executives, vendors or partners to manipulate employees into sending payments to fraudulent accounts. Fraudsters use spoofed domains, compromised credentials and urgent language to convince employees to redirect funds to accounts they control. The emailed requests seem plausible, and the urgency feels real.

$2.8B

This form of attack costs organizations nearly $2.8 billion in 2024, according to the FBI’s Internet Crime Complaint Center1

71%

And the threat is widespread: 71% of organizations reported being targeted in 20242

$137K

with an average loss of $137,000 per incident, according to the 2025 AFP Payments Fraud and Control Survey2

These attacks have always been effective because they exploit human judgment, not technical vulnerabilities. But generative AI has changed the calculus. Attackers can now produce polished, context-aware messages at scale—fewer typos, more realistic phrasing, fewer obvious red flags. Spoofed emails that once took hours to craft can be generated in seconds and tailored to specific targets. Email security tools usually catch the obvious fakes, but they weren’t designed for the threats that look indistinguishable from legitimate requests.
 
That’s why validation can’t rely on manual checks alone—it has to happen in real time, at the account level.

The gap between trust and verification

Most accounts payable teams have no way to verify the one detail that matters most in any payment request: whether the receiving account is legitimate.
 
They can confirm that an email looks authentic. They can match an invoice to a known vendor. They can follow every step in their internal approval process. But none of that tells them whether the bank account on the invoice actually belongs to the vendor they think they’re paying.
 
Manual verification doesn’t solve this. Outreach to vendors often goes unanswered or produces ambiguous replies, especially under tight deadlines—and employees are under pressure to keep payments moving on schedule.
 
Email security tools help, but they were designed for an earlier generation of attacks. They flag misspelled domains and suspicious attachments. They don’t flag a well-crafted message from a legitimate-looking address that simply swaps one bank account number for another. That is the gap BEC exploits. The gap isn’t in process or intent. It’s in access to real-time account data at the moment of approval.

The wire that shouldn’t have been sent

A finance manager receives an email that appears to come from the CFO. The subject line reads “URGENT: Wire needed for M&A closing today.” An attached vendor invoice includes updated banking details.
 
The manager follows protocol: calls the vendor’s main number and reaches voicemail; emails the vendor contact, who replies that the invoice “looks right” but doesn’t confirm the account change. The CFO’s message emphasizes time sensitivity and confidentiality.
 
With no way to validate the account in real time, the manager approves the wire. $500,000 is sent to a fraudulent account. Two days later the real vendor asks about the missing payment. The funds have already been moved, making recovery unlikely.

Intercept the payment before funds move

Now, replay the scenario with J.P. Morgan Payments Validation Services embedded in the workflow.

Before the manager clicks “Approve,” they see, in near real-time:

  • Name mismatch: The account holder shows as “ABC Consulting LLC” while the invoice lists “ABC Consulting Group”.
  • Tenure signal: The vendor relationship on file is five years; the identified account is three days old.
  • Account status: The account is open and active.
  • Information check: One provider returns “No information found,” another returns “Information found”.
  • Out of profile: The bank and location differ from prior payments to this vendor.
  • Confidence signal: Overall status shows amber with a “Needs Review” message.

With those signals in view, the manager routes the payment for further review rather than release. A callback with the CFO at a known number confirms the attempted account change was fraudulent.

Two services make this possible:

  1. Entity Validation Services (EVS) verifies individual and business identities globally in near-real-time.
  2. Account Validation Services (AVS) routes requests across multiple data providers and machine learning models to confirm account status and ownership, covering over 80% of U.S. bank accounts with 96% accuracy.3 Within AVS, an embedded account-confirmation capability evaluates the status of registered recipients and provides feedback using an AI- and machine-learning confidence score model to inform risk.

Both services integrate directly into the payment workflow. Together, they provide a unified, off-the-shelf validation solution on our payments development platform.

The real cost of a spoofed business email

A fraudulent payment is only the first loss. Business email compromise also weighs on working capital, day-to-day operations and relationships you count on.

What that looks like in practice:

  • Direct financial hit

    Direct financial hit: An unauthorized outflow and recovery efforts that are time-sensitive and uncertain. Insurance deductibles and coverage limits may still leave exposure.

  • Investigation and recovery work

    Investigation and recovery work: Hours spent tracing funds, coordinating with banks and law enforcement and reviewing transactions and controls.

  • Operational disruption

    Operational disruption: Payment holds, reissued invoices and emergency wires that pull teams off core work and delay closings.

  • Supply chain friction

    Supply chain friction: Unpaid vendors pause shipments or change terms, and some ask for prepayment until trust is restored.

  • Governance and people impact

    Governance and people impact: More approval layers, targeted training and internal reviews—plus morale and accountability pressures for teams that followed process.

  • Reputation and client experience:

    Reputation and client experience: Service delays and strained relationships when counterparties don’t receive expected funds.

$8.5B in BEC losses were reported to the FBI between 2022 and 2024

Nearly $8.5 billion in BEC losses were reported to the FBI between 2022 and 2024.4

$8.5B in BEC losses were reported to the FBI between 2022 and 2024

In many cases, finance teams follow protocol but lacked access to real-time account data at the moment of approval—when an informed decision matters most.

Controls that adapt as threats evolve

BEC campaigns will keep evolving. Generative AI increases the volume and quality of convincing messages—making them harder to distinguish from legitimate requests.
 
That’s why controls can’t rely on manual checks alone. Effective defense works before release—when you choose to send payment. Validation Services brings near real-time checks to that moment, cross-referencing payment details against J.P. Morgan and third-party data and surfacing clear signals at approval.
 
As part of our Trust & Safety suite, Validation Services is one layer in a unified stack that uses AI and machine learning alongside screening and behavioral analytics as threats change. It’s prevention, not recovery. Confidence, not guesswork.

In the coming weeks, we’ll examine how the Trust & Safety suite addresses account takeover, deepfakes and ransomware—and how to embed controls in your payment workflow. We’re here to help you navigate this.

Speak with your J.P. Morgan Payments team about Validation Services or visit the Trust & Safety page to learn more.

References

1.

Federal Bureau of Investigation Internet Crime Report 2024 (Internet Crime Report Complaint Center).

2.

2025 AFP Payments Fraud and Control Survey Report (Association for Financial Professionals).

3.

J.P. Morgan Internal Data, 2025.

4.

Federal Bureau of Investigation Internet Crime Report 2024 (Internet Crime Report Complaint Center).

Disclaimer

© 2026 JPMorgan Chase & Co. All rights reserved. JPMorgan Chase Bank, N.A. Member FDIC. Deposits held in non-U.S. branches are not FDIC insured. Non-deposit products are not FDIC insured. The statements herein are confidential and proprietary and not intended to be legally binding. Not all products and services are available in all geographical areas.

Visit jpmorgan.com/paymentsdisclosure for further disclosures and disclaimers related to this content.

Fraud in the age of AI Account Takeover

0:40 - Payments

Detect account takeover before it hits

Jun 22, 2026

Behavioral monitoring catches what authentication can't. With J.P. Morgan Payment Control Center, you can spot suspicious payments before they clear.

Watch video
Fraud in the age of AI

0:42 - Payments

Your fraud-prevention posture is a business decision—and it should evolve like one

Jun 22, 2026

Every checkout flow, authentication step and refund policy is a door you’ve chosen to size. The question is whether you’re still sizing those doors right.

Watch video
Fraud in the Age of AI - AI and deepfake Fraud

0:37 - Payments

Deepfake fraud is evolving fast—here’s how to protect your payments

Jun 22, 2026

Deepfake fraud is targeting payment processes with growing sophistication, and defending against it requires layered technology and a culture of verification.

Watch video
Fraud in the age of AI : Ransomeware

0:41 - Payments

When ransomware takes your defenses offline, what's left?

Jun 17, 2026

Ransomware doesn’t just encrypt your data—it creates a window where fraud defenses go dark. When your controls live on infrastructure separate from your own, they can keep working.

Watch video
reflection of buildings

Payments

Payments Modernization for Global Impact: Opportunities for Multilateral Development Banks

Jun 10, 2026

Ongoing technological and macroeconomic shifts have led Multilateral Development Banks (MDBs) to reevaluate their operational strategies to emphasize resilience, crisis-readiness, and systems preparedness.

Read more

Payments

Beyond the stadium: Where fans go, spend follows

Jun 04, 2026

How payment data from major sporting and entertainment events reveals where, when, and how fans spend, and what it means for merchants preparing for a global soccer event.

Read more

Payments

2026 trends in cross-border payments for financial institutions

May 21, 2026

Learn how financial institutions can harness AI, resilience and interoperability to help navigate shifting FX corridors and the evolving global payments landscape.

Read more

Payments

BILL gives small and midsize businesses access to credit in minutes with Embedded Finance from J.P. Morgan

May 20, 2026

Learn how BILL helps businesses manage payments in real time with an API-based sub-ledgering solution.

Read more