How to stay a step ahead of fraudsters
Take these simple steps to help protect you and your family, friends, coworkers and employees.
At J.P. Morgan, protecting client information is a top priority. That’s why we apply controls and procedures that help shield your accounts from fraudulent activity.
But we can’t do this alone. It’s also important for you to stay vigilant—by understanding emerging trends and taking action to protect yourself against potential breaches and exposure.
As the fraud landscape continues to evolve, we encourage all of our clients, as well as their children and parents, and extended network of friends, employees, and coworkers to take the simple action steps below to protect their information, identities and financial profiles.
To start, whether with or outside of J.P. Morgan, one of the most important precautions you can take to prevent fraud is to verbally verify all payment instructions with your beneficiary, service provider or trusted contact when you receive payment request details via email.
Top 5 things to do with J.P. Morgan
1. CREATE UNIQUE, COMPLEX USERNAMES—NOT JUST PASSWORDS
As part of our multi-factor authentication, J.P. Morgan offers an RSA token—a real-time code that refreshes every minute and is only given to you. In addition to your username and password, an RSA token provides a second layer of validation when you log in to your account via J.P. Morgan Online℠ and the J.P. Morgan Mobile® app.
Take action:
- On a Computer:
- Log in to your J.P. Morgan Online account.
- Click on the “person” icon at the top right-hand corner.
- Select “Protect Info” under “Sign-in and Security.”
- Create a unique username that does not include your personal information.
- Click on “Password” from the left-hand menu to create a strong password using a mix of upper- and lower-case letters, numbers and special characters.
- Next, review your other online accounts to ensure those login credentials are strong and unique as well. Use multi-factor authentication on all accounts (including email accounts).
- On a Mobile Device or Tablet:
- Log in to your J.P. Morgan Mobile® app.
- Click on the “person” icon at the top right-hand corner.
- Select “Settings.”
- Select “Sign-in Preferences” and “Username & Password.”
- Create a unique username that does not include your personal information.
- Create a strong password using a mix of upper- and lower-case letters, numbers and special characters.
2. SET UP A SECURE TOKEN TO FURTHER SECURE YOUR ONLINE ACCOUNTS
Contact your J.P. Morgan Client Service team to request a secure token for your online profile.
3. Enable online alerts.
Turning on alerts allows you to be one step ahead of fraud. J.P. Morgan Online offers alerts that you can apply to your online profile and accounts. When enabled, these alerts notify you of potentially fraudulent transactions or account changes.
Take action:
- On a Computer, enable alerts:
- Log in to your J.P. Morgan Online account.
- Click on the “person” icon at the top right-hand corner.
- Select “Manage Alerts” under “Alerts.”
- Set up the email(s) and phone number(s) where alerts should be sent.
- Select “Choose Alerts” from the left-hand menu to enable alerts for each account.
- For more information on available alerts, click here.
- On a Mobile Device or Tablet:
- Log in to your J.P. Morgan Mobile® app.
- Click on the “person” icon at the top right-hand corner.
- Select “Manage Alerts.”
- Select “Delivery Preferences” to set up the email(s) and phone number(s) where alerts should be sent.
- Enable alerts for each account.
4. SET UP PAPERLESS STATEMENTS TO HELP PREVENT YOUR ACCOUNT INFORMATION FROM BEING LOST OR STOLEN IN THE MAIL
If a check is stolen or lost, a fraudster has access to your personal information—including your name, address, bank account number and signature. When you use online bill payment systems, J.P. Morgan sends a check on your behalf without disclosing your personal account number to the beneficiary.
Take action:
- Enroll in Paperless Statements by contacting your Client Service team. You can also update your preferences within J.P. Morgan Online via these steps:
- On a Computer:
- Log in to your J.P. Morgan Online account.
- Click on the “person” icon at the top right-hand corner.
- Select “Customize settings” under “Account Settings.”
- Review settings and click “I consent” to save changes.
- On a Mobile Device or Tablet:
- Log in to your J.P. Morgan Mobile® app.
- Click on the “person” icon at the top right-hand corner.
- Select “Settings.”
- Select “Account settings” and “Paperless.”
- Review settings and click “I consent” to save changes.
5. IMPLEMENT MONEY MOVEMENT CONTROLS
Take action:
- Employ a callback process to verify payment details
- Contact your J.P. Morgan Client Service team to learn more about enrolling in J.P. Morgan Online. If you need assistance setting up your online bill payments, you will be connected to a dedicated Banking Personal Assistant.
- Leverage online bill pay systems instead of writing personal checks to protect your account details.
Top 5 things to do outside of J.P. Morgan
1. PROTECT YOUR IDENTITY: FREEZE YOUR CREDIT, REVIEW YOUR CREDIT REPORTS PERIODICALLY AND ENROLL IN A CREDIT MONITORING SERVICE
Freezing your credit is a proactive measure against identity theft. A credit freeze—also known as a security freeze—restricts access to your credit report, making it more difficult for identity thieves to open accounts in your name and/or abuse your credit.
Take action:
- Contact each credit bureau to place and lift a credit freeze:
- Equifax: 800.349.9960 | www.equifax.com/personal/credit-report-services/credit-freeze.
- Experian: 888.397.3742 | www.experian.com/freeze.
- TransUnion: 888.909.8872 | www.transunion.com/freeze.
- Note: Don’t forget or lose the PIN to lift the credit freeze.
- Request a copy of your report from www.annualcreditreport.com, or contact each credit bureau directly.
- Enroll in Chase Credit Journey, our free credit monitoring service through J.P. Morgan Online. For more information, go to https://www.chase.com/personal/credit-cards/chase-credit-journey.
2. Choose a reputable email provider AND ENABLE THEIR SECURITY OFFERINGS
Take action:
- Maintain separate accounts for personal and business use, and don’t use them interchangeably.
- Create complex and unique log in credentials using a mix of upper- and lower-case letters, numbers and special characters. Change your passwords three or four times a year.
- Enable multi-factor authentication to further secure email accounts.
- Delete emails containing personal information—such as photos of IDs or documents saved in your email Inbox, Sent and Trash folders.
3. Contact your mobile service provider to proactively prevent phone porting and call forwarding.
In an emerging trend, fraudsters have begun hijacking phone numbers by tricking cell phone service providers into transferring (or porting) a victim’s phone number to a new device, or by hacking into an individual’s online account with the service provider. When this occurs, fraudsters gain access to the data ported from the original mobile device and are able to reset a victim’s passwords on every account that uses the phone number for auto recovery. They are also able to receive one-time verification codes sent to the mobile number by text, phone call or email. Equally concerning is the ease with which a phone number can be forwarded to another number.
Take action:
- Log in to your online account or call your service provider to freeze phone porting and call forwarding capabilities, and add a verbal password to your account for additional security.
4. Install anti-virus and ad-blocking software on all of your devices, and keep it up-to-date.
Take action:
- Do your homework—not all software is created equal. You will want to consider software that includes multi-layered malware, spyware and adware protection. Some also offer firewall and spam filtering capabilities as well as ransomware protection.
5. PROTECT YOUR IDENTITY BY LIMITING THE AMOUNT OF INFORMATION SHARED ONLINE AND ON SOCIAL MEDIA
Take action:
- Review your social media privacy settings and the information a person may have access to when viewing your accounts as well as your children’s.
- Remove personal information shared online that can be used by fraudsters in an attempt to defraud you.
Top 5 things you should never do
1. Do not assume a phone call, email or text message is genuine.
Be wary of impersonators. Fraudsters use social engineering techniques to deceive you into divulging information or taking action on a financial account.
2. Do not share personal information with unknown individuals.
Be mindful of the information you share with others, even in the normal course of business.
3. Do not use the same credentials and passwords for your online accounts.
Consider using a password management tool.
4. Do not allow unknown individuals to access your computer remotely.
Even if they claim to be from a reputable service or technology provider.
5. Do not use public Wi-Fi networks (such as those in hotels, airports and coffee shops).
If you must use public WiFi, use it through a Virtual Private Network (VPN).
At your fingertips
Print out this checklist to help you protect yourself, your family, and your business against fraud.