J.P. Morgan ACCESS® Security Center

At J.P. Morgan, we are serious about protecting your personal and account information. It is also necessary for you to protect yourself when you use your computer or conduct business online. Protecting yourself online starts with knowing how to prevent Cyber Fraud.

How to Protect Yourself Against Cyber Fraud

In order to help prevent Cyber Fraud, you should be aware of potential external threats and leverage the security features and functionality available to you within J.P. Morgan ACCESS®.

Do not respond or reply to an email, phone call or text message that:

  • Requires you to supply personal or account information (such as a user ID, password, or account numbers) directly in the email, non-secure webpage or text message
  • Threatens to close or suspend your account if you do not take immediate action
  • Invites you to answer a survey that asks you to enter personal or account information
  • States your account has been compromised, there are unauthorized charges on your account, or there has been third-party activity on your account, and then asks you to provide or confirm your personal or account information
  • Asks another user to log on from your computer
  • Asks you to confirm, verify or refresh your account, password or billing information

You should never:

  • Open emails, launch links, or open attachments from unknown sources
  • Click on links in emails and pop-up messages
  • Update payment information based on an email or other message without confirming the change with a known contact at your vendor or beneficiary
  • Share your user ID, password, secure token device or the answers to your security questions with anyone
  • Leave written notes with your log-in credentials nearby your computer or in an easy-to-find place where they can be viewed by others
  • Leave inactive user profiles online
  • Allow multiple people to use the same computer to process a transaction


  • Pay special attention to links and attachments
  • Always log off at the end of a session
  • Forward suspicious emails that appear to come from Chase or J.P. Morgan to abuse@jpmorgan.com
  • Call your J.P. Morgan ACCESS Regional Help Desk immediately if repeatedly prompted for log on information
  • Go Paperless so that statements with critical account information aren’t sitting around in the office or in the trash
  • Sign up for alerts to monitor account activity and review alerts whenever a payment is made or changed
  • Keep anti-virus software up to date and use current versions of web browsers
  • Set payment limits at a level reasonable for your typical activity and call us to arrange any exceptionally large payments
  • Regularly review and confirm the entitlements of your users
  • Regularly check your account activity for any suspicious transactions and contact us immediately about any suspicious or erroneous wires
  • Complete our Cyber Fraud & Secure Online Banking in the Support & Community Section of J.P. Morgan ACCESS

If you become suspicious after sending a wire transfer, immediately contact your J.P. Morgan ACCESS Regional Help Desk.

Reminder: It is NOT our practice to:

How to Protect Yourself Against Malware and Social Engineering Attacks

J.P. Morgan has received reports of fraudsters successfully installing on clients’ computers malware that requests the user to make multiple log on attempts, enter token codes multiple times as part of the log on, or asks the user to have someone else log on from their machine. Many varieties of malware (such as computer viruses, worms, Trojan horses, spyware, dishonest adware and other malicious and unwanted software) are specifically focused on obtaining financial credentials and are often customized for specific individuals.

Reminder: J.P. Morgan ACCESS will never request that another user attempt to log on from your computer or ask you to enter multiple token codes as part of the log on process.

Please take the time to review the information on Malware and Social Engineering Attacks

What to do if you suspect fraud or a cyber security attack

Further Information

Online Safety Tips

At J.P. Morgan, we use a variety of technologies and techniques to help protect the security of our products and services. It also necessary for you to protect yourself when you use your computer or conduct business online.

Here are some of the steps you can take:

Computer Security

  • Beware of emails you receive from senders you don’t know. Don’t open any email attachments or click on links until you have verified the sender
  • Control physical access to your computer:
    • Log off or lock your workstation whenever you leave your computer
    • Do not leave your computer and digital media in unsecured locations
  • Select passwords that are difficult for others to guess
  • Tips for password safety:
    • Change passwords frequently
    • Use different passwords for different websites
    • Do not base passwords on any personal information, such as your User ID, birthday, telephone number or other personal information that is easily guessed
    • Do not give your passwords to anyone
    • Do not save passwords on your computer
    • Do not leave written notes with your password near your machine or in an easy-to-find place
  • Never install software unless you are authorized, and/or know the source
  • Do NOT open junk, spam, chain mail, or other suspicious email – DELETE immediately
  • Use only trusted devices for online banking activities
  • Be sure to use only software supported by J.P. Morgan. Please contact the J.P. Morgan ACCESS Regional Help Desk for more information
  • When you access a system, check your “last logon date/time” periodically to see if your ID is being used by someone else
  • Check your web session is secure by looking for the letters “https://” at the beginning of the website URL, which means that the web connection is secure
  • If you notice suspicious activity relating to J.P. Morgan accounts you access online, promptly contact your J.P. Morgan representative or your J.P. Morgan ACCESS Regional Help Desk

back to top Back to top

How We Protect Your Online Security

Internet Banking Services

J.P. Morgan is serious about safeguarding your online business information and provides “defense in depth” for online websites, such as J.P. Morgan ACCESS. Key features of risk management for online system access include:

  • Secure customer and user on-boarding processes
  • Controlled user access with “separation of duties”
  • Multi-factor user authentication security
  • Increased security credential requirements for more sensitive functionalities

Additional Security Elements

Additional detailed security features include:

  • Session inactivity timeout
  • Required password changes
  • Automated user ID inactivation for unused IDs
  • User education
  • Alerts
  • Blocking of unsupported operating systems and browsers

J.P. Morgan Environment

J.P. Morgan uses secured facilities in support of online banking operations. Key features include:

  • Secured data centers
  • Network firewalls
  • Intrusion detection
  • Network and system monitoring
  • Disaster recovery with rapid-response capabilities
  • Rigorous change management
  • Penetration testing
  • Computer incident response team

Weblinking Practices (links to Third-Party sites)

J.P. Morgan may provide a hyperlink to information, products or services offered on websites that are owned or operated by other companies (third-party websites). J.P. Morgan does not endorse, approve or guarantee information, products, services or recommendations provided at a third-party website. J.P. Morgan shall not be responsible for any loss or damage resulting from the use of a link on its websites, nor will it be liable for any products or services advertised or provided on these linked sites.

Here are some tips to help you tell if you have left a J.P. Morgan website:

  • Instead of a J.P. Morgan address, the URL of the linked website appears in the location box (or address field) of your web browser
  • The linked website may appear in a new browser window. The appearance of the linked site, including its colors and graphic design, is different from the J.P. Morgan site

back to top Back to top

Types of Cyber Fraud

Criminals and scammers use a variety of methods to obtain your personal or organizational information. These include:

Email Fraud

Email fraud is usually harsh, demanding and threatening. Please remember these are not legitimate messages; Do NOT reply to these messages.

Email spoofing: Forging an email header so that the message appears to have originated from someone or somewhere other than the actual source. Although most spoofed email falls into the “nuisance” category and requires little action other than deletion, the more malicious varieties can cause security risks and other problems. For example, spoofed email may purport to be from someone within your company or a vendor with which your company has a relationship. These emails may contain new payment instructions or changes to the beneficiary account on a recurring payment.

  • Be very suspicious of emails from the CEO, Director, etc. that direct you to transfer a large amount of funds
  • Verify all instructions verbally with the sender

Phishing: When criminals use email to try to lure you to fake websites, where you are asked to disclose confidential financial and/or personal information.

How to recognize common Phishing tactics:

  • You do not recognize the “From” email address as valid
  • The email requests you to verify your account/personal information (account number, user ID, password, etc.)
  • A hyperlink within the email address does not display the actual address
  • The email conveys a sense of urgency or threatens some dire consequence if you do not respond

Never respond to any email that:

  • Requires you to click a link, open an attachment, confirm, verify or refresh account information
  • Asks for personal or organizational information
  • Asks you to enter your user ID, password or account number(s) into an email or non-secure webpage
  • Threatens to close or suspend your account if you do not take immediate action by providing specific information about you or your company

Impersonation Fraud

Occurs when someone assumes your identity to perform a fraud or other criminal act. Criminals can get the information they need to assume your identity from a variety of sources, such as the theft of your wallet, your trash or from credit or bank information. They may approach you in person, by telephone, text message or on the Internet and ask you for the information.


  • J.P. Morgan will not send email notifications stating your account has been compromised or passwords need to be changed
  • J.P. Morgan will never ask you for your password
  • We will never call you to offer log-in assistance unless you have contacted us first
  • When you call J.P. Morgan, only call your J.P. Morgan ACCESS Regional Help Desk or your J.P. Morgan representative

back to top Back to top

Additional Security Resources

J.P. Morgan offers the following resources to help you understand security best-practices.

General Reference

J.P. Morgan Payments Fraud Protection
Knowledge and awareness are the strongest defense against fraud scams. Learn how to identify and prevent fraud at your company.

AFP Payments Fraud & Control Survey
Learn what your colleagues are saying and doing about payments fraud. Read the results of the 2014 AFP Payments Fraud & Control Survey.

Third-party websites

OnGuard Online
Practical tips from the federal government and the technology industry to help you secure your computer, be on guard against Internet fraud and protect your personal information.

Federal Trade Commission (FTC)
Learn about the appropriate steps to take to prevent and protect against identity theft.

American Bankers Association
Cyber security is more important than ever for users of online banking, both personally and at work. Visit this site to learn more about the best practices and current news relating to online security.

back to top Back to top



Copyright © 2015 JPMorgan Chase & Co. All rights reserved.