Please update your browser.
J.P.Morgan ACCESS® Security Center
At J.P. Morgan, we are serious about protecting your personal and account information. It is also necessary for you to protect yourself when you use your computer or conduct business online. Protecting yourself online starts with knowing how to prevent cyber fraud.
How to Protect Yourself Against Cyber Fraud
To help prevent cyber fraud, be aware of potential external threats and leverage the security features and functionality available to you.
You should never:
- Open emails, launch links or open attachments from unknown sources
- Click on links in emails and pop-up messages
- Update payment information based on an email or other message without confirming the change with a known contact at your vendor or beneficiary
- Share your user ID, password, secure token device or the answers to your security questions with anyone
- Leave written notes with your log-in credentials nearby your computer or in an easy-to-find place where they can be viewed by others
- Leave inactive user profiles online
- Allow multiple people to use the same computer to process a transaction
Do not respond or reply to an email, phone call or text message that:
- Requires you to supply personal or account information (such as a user ID, password, or account numbers) directly in the email, non-secure webpage or text message
- Threatens to close or suspend your account if you do not take immediate action
- Invites you to answer a survey that asks you to enter personal or account information
- States your account has been compromised, there are unauthorized charges on your account, or there has been third-party activity on your account, and then asks you to provide or confirm your personal or account information
- Asks another user to log on from your computer
- Asks you to confirm, verify or refresh your account, password or billing information
Do:
- Pay special attention to links and attachments
- Always log off at the end of a session
- Forward suspicious emails that appear to come from Chase or J.P. Morgan to phishing@jpmchase.com
- Call your J.P. Morgan Access Help Desk or Support team immediately if repeatedly prompted for login information
- Go paperless so that statements with critical account information aren’t sitting around in the office or in the trash
- Sign up for alerts to monitor account activity and review alerts whenever a payment is made or changed
- Keep anti-virus software up to date and use current versions of web browsers
- Set payment limits at a level reasonable for your typical activity and call us to arrange any exceptionally large payments
- Regularly review and confirm the entitlements of your users
- Regularly check your account activity for any suspicious transactions and contact us immediately about any suspicious or erroneous wires
- Complete our Cyber Fraud & Secure Online Banking overview
If you become suspicious after sending a wire transfer, immediately contact your respective Help Desk or Support team of your platform.
Reminder: It is NOT our practice to:
- Send emails that require you to enter personal security information directly into the email
- Send emails threatening to close your account if you do not take the immediate action of providing personal or business information
- Send emails asking you to reply by sending personal or business information
- Share your name with any contacts outside our firm in a manner inconsistent with our privacy policy
How to Protect Yourself Against Malware and Social Engineering Attacks
J.P. Morgan has received reports of fraudsters successfully installing on clients’ computers malware that requests the user to make multiple login attempts, enter token codes multiple times as part of the login, or asks the user to have someone else login from their machine. Many varieties of malware (such as computer viruses, worms, Trojan horses, spyware, dishonest adware, and other malicious and unwanted software) are specifically focused on obtaining financial credentials and are often customized for specific individuals.
Reminder: We will never request that another user attempt to log on from your computer or ask you to enter multiple token codes as part of the log on process.
Please take the time to review the information on Malware and Social Engineering Attacks
What to do if you suspect fraud or a cyber security attack
- Call your J.P. Morgan Access Help Desk or Support team immediately
- You should also contact your Security Administrator to inactivate your ID if you believe you might have inadvertently compromised your user ID
Further Information
At J.P. Morgan, we use a variety of technologies and techniques to help protect the security of our products and services. It’s also necessary for you to protect yourself when you use your computer or conduct business online.
Here are some of the steps you can take:
Computer Security
- Beware of emails you receive from senders you don’t know. Don’t open any email attachments or click on links until you have verified the sender
- Control physical access to your computer:
- Log off or lock your workstation whenever you leave your computer
- Do not leave your computer and digital media in unsecured locations
- Select passwords that are difficult for others to guess
- Tips for password safety:
- Change passwords frequently
- Use different passwords for different websites
- Do not base passwords on any personal information, such as your user ID, birthday, telephone number or other personal information that is easily guessed
- Do not give your passwords to anyone
- Do not save passwords on your computer
- Do not leave written notes with your password near your machine or in an easy-to-find place
- Never install software unless you are authorized and/or know the source
- Do NOT open junk, spam, chain mail or other suspicious email—DELETE immediately
- Use only trusted devices for online banking activities
- Be sure to use only software supported by J.P. Morgan. Please contact your J.P. Morgan Access Help Desk or Support team for more information
- When you access a system, check your “last login date/time” periodically to see if your ID is being used by someone else
- Check your web session is secure by looking for the letters “https://” at the beginning of the website URL, which means that the web connection is secure
- If you notice suspicious activity relating to J.P. Morgan accounts you access online, promptly contact your J.P. Morgan representative or your J.P. Morgan Access Help Desk or Support team
General Reference
Third-party websites
Internet Banking Services
J.P. Morgan is serious about safeguarding your online business information and provides “defense in depth” for online websites. Key features of risk management for online system access include:
- Secure customer and user on-boarding processes
- Controlled user access with “separation of duties”
- Multi-factor user authentication security
- Increased security credential requirements for more sensitive functionalities
Additional Security Elements
Additional detailed security features include:
- Session inactivity timeout
- Required password changes
- Automated user ID inactivation for unused IDs
- User education
- Alerts
- Blocking of unsupported operating systems and browsers
J.P. Morgan Environment
J.P. Morgan uses secured facilities in support of online banking operations. Key features include:
- Secured data centers
- Network firewalls
- Intrusion detection
- Network and system monitoring
- Disaster recovery with rapid-response capabilities
- Rigorous change management
- Penetration testing
- Computer incident response team
Weblinking Practices (links to Third-Party sites)
J.P. Morgan may provide a hyperlink to information, products or services offered on websites that are owned or operated by other companies (third-party websites). J.P. Morgan does not endorse, approve or guarantee information, products, services or recommendations provided at a third-party website. J.P. Morgan shall not be responsible for any loss or damage resulting from the use of a link on its websites, nor will it be liable for any products or services advertised or provided on these linked sites.
Here are some tips to help you tell if you have left a J.P. Morgan website:
- Instead of a J.P. Morgan address, the URL of the linked website appears in the location box (or address field) of your web browser
- The linked website may appear in a new browser window. The appearance of the linked site, including its colors and graphic design, is different from the J.P. Morgan site
Criminals and scammers use a variety of methods to obtain your personal or organizational information. These include:
Email Fraud
Email fraud is usually harsh, demanding and threatening. Please remember these are not legitimate messages; Do NOT reply to these messages.
Email spoofing: Forging an email header so that the message appears to have originated from someone or somewhere other than the actual source. Although most spoofed emails fall into the “nuisance” category and requires little action other than deletion, the more malicious varieties can cause security risks and other problems. For example, spoofed emails may purport to be from someone within your company or a vendor with which your company has a relationship. These emails may contain new payment instructions or changes to the beneficiary account on a recurring payment.
- Be very suspicious of emails from the CEO, Director, etc. that direct you to transfer a large amount of funds
- Verify all instructions verbally with the sender
Phishing: When criminals use email to try to lure you to fake websites, where you are asked to disclose confidential financial and/or personal information.
How to recognize common Phishing tactics:
- You do not recognize the “From” email address as valid
- The email requests you to verify your account/personal information (account number, user ID, password, etc.)
- A hyperlink within the email address does not display the actual address
- The email conveys a sense of urgency or threatens some dire consequence if you do not respond
Never respond to any email that:
- Requires you to click a link, open an attachment, confirm, verify or refresh account information
- Asks for personal or organizational information
- Asks you to enter your user ID, password or account number(s) into an email or non-secure webpage
- Threatens to close or suspend your account if you do not take immediate action by providing specific information about you or your company
Impersonation Fraud
Occurs when someone assumes your identity to perform a fraud or other criminal act. Criminals can get the information they need to assume your identity from a variety of sources, such as the theft of your wallet, your trash or from credit or bank information. They may approach you in person, by telephone, text message or on the Internet and ask you for the information.
Remember:
- J.P. Morgan will not send email notifications stating your account has been compromised or passwords need to be changed
- J.P. Morgan will never ask you for your password
- We will never call you to offer login assistance unless you have contacted us first
- When you call J.P. Morgan, only call your J.P. Morgan Access Help Desk or Support team or your J.P. Morgan representative
J.P. Morgan offers the following resources to help you understand security best-practices.
General Reference
J.P. Morgan Payments Fraud Protection
Knowledge and awareness are the strongest defense against fraud scams. Learn how to identify and prevent fraud at your company.
AFP Payments Fraud & Control Survey
Learn what your colleagues are saying and doing about payments fraud. Read the results of the 2023 AFP Payments Fraud & Control Survey.
Third-party websites
Disclaimer: Each of the links below will take you to an external website. J.P. Morgan’s website terms, privacy and security policies will not apply. J.P. Morgan is not responsible for any products, services or content at these third-party sites.
OnGuard Online
Practical tips from the federal government and the technology industry to help you secure your computer, be on guard against Internet fraud and protect your personal information.
Federal Trade Commission (FTC)
Learn about the appropriate steps to take to prevent and protect against identity theft.
American Bankers Association
Cyber security is more important than ever for users of online banking, both personally and at work. Visit this site to learn more about the best practices and current news relating to online security.
You're now leaving J.P. Morgan
J.P. Morgan’s website and/or mobile terms, privacy and security policies don’t apply to the site or app you're about to visit. Please review its terms, privacy and security policies to see how they apply to you. J.P. Morgan isn’t responsible for (and doesn’t provide) any products, services or content at this third-party site or app, except for products and services that explicitly carry the J.P. Morgan name.