At J.P. Morgan, we use a variety of technologies and techniques to help protect the security of our products and services. It also necessary for you to protect yourself when you use your computer or conduct business online.

Here are some of the steps you can take:

Computer Security

• Beware of emails you receive from senders you don't know. Don't open any email attachments or click on links until you have verified the sender
• Control physical access to your computer:
  • Log off or lock your workstation whenever you leave your computer
  • Do not leave your computer and digital media in unsecured locations
• Select passwords that are difficult for others to guess
• Tips for password safety:
  • Change passwords frequently
  • Use different passwords for different websites
  • Do not base passwords on any personal information, such as your User ID, birthday, telephone number or other personal information that is easily guessed
  • Do not give your passwords to anyone
  • Do not save passwords on your computer
  • Do not leave written notes with your password near your machine or in an easy-to-find place
• Never install software unless you are authorized, and/or know the source
• Do NOT open junk, spam, chain mail, or other suspicious email - DELETE immediately
• Use only trusted devices for online banking activities
• Be sure to use only software supported by J.P. Morgan. Please contact the J.P. Morgan Access Regional Help Desk for more information
• When you access a system, check your "last logon date/time" periodically to see if your ID is being used by someone else
• Check your web session is secure by looking for the letters "https://" at the beginning of the website URL, which means that the web connection is secure
• If you notice suspicious activity relating to J.P. Morgan accounts you access online, promptly contact your J.P. Morgan representative or your J.P. Morgan Access Regional Help Desk

back to top Back to top

Internet Banking Services

J.P. Morgan is serious about safeguarding your online business information and provides "defense in depth" for online websites, such as J.P. Morgan Access. Key features of risk management for online system access include:

• Secure customer and user on-boarding processes
• Controlled user access with "separation of duties"
• Multi-factor user authentication security
• Increased security credential requirements for more sensitive functionalities

Additional Security Elements

Additional detailed security features include:

• Session inactivity timeout
• Required password changes
• Automated user ID inactivation for unused IDs
• User education
• Alerts
• Blocking of unsupported operating systems and browsers

J.P. Morgan Environment

J.P. Morgan uses secured facilities in support of online banking operations. Key features include:

• Secured data centers
• Network firewalls
• Intrusion detection
• Network and system monitoring
• Disaster recovery with rapid-response capabilities
• Rigorous change management
• Penetration testing
• Computer incident response team

Weblinking Practices (links to Third-Party sites)

J.P. Morgan may provide a hyperlink to information, products or services offered on websites that are owned or operated by other companies (third-party websites). J.P. Morgan does not endorse, approve or guarantee information, products, services or recommendations provided at a third-party website. J.P. Morgan shall not be responsible for any loss or damage resulting from the use of a link on its websites, nor will it be liable for any products or services advertised or provided on these linked sites.

Here are some tips to help you tell if you have left a J.P. Morgan website:

• Instead of a J.P. Morgan address, the URL of the linked website appears in the location box (or address field) of your web browser
• The linked website may appear in a new browser window. The appearance of the linked site, including its colors and graphic design, is different from the J.P. Morgan site

back to top Back to top

Criminals and scammers use a variety of methods to obtain your personal or organizational information. These include:

Email Fraud

Email fraud is usually harsh, demanding and threatening. Please remember these are not legitimate messages; Do NOT reply to these messages.

Email spoofing: Forging an email header so that the message appears to have originated from someone or somewhere other than the actual source. Although most spoofed email falls into the "nuisance" category and requires little action other than deletion, the more malicious varieties can cause security risks and other problems. For example, spoofed email may purport to be from someone within your company or a vendor with which your company has a relationship. These emails may contain new payment instructions or changes to the beneficiary account on a recurring payment.

• Be very suspicious of emails from the CEO, Director, etc. that direct you to transfer a large amount of funds
• Verify all instructions verbally with the sender

Phishing: When criminals use email to try to lure you to fake websites, where you are asked to disclose confidential financial and/or personal information.

How to recognize common Phishing tactics:

• You do not recognize the "From" email address as valid
• The email requests you to verify your account/personal information (account number, user ID, password, etc.)
• A hyperlink within the email address does not display the actual address
• The email conveys a sense of urgency or threatens some dire consequence if you do not respond

Never respond to any email that:

• Requires you to click a link, open an attachment, confirm, verify or refresh account information
• Asks for personal or organizational information
• Asks you to enter your user ID, password or account number(s) into an email or non-secure webpage
• Threatens to close or suspend your account if you do not take immediate action by providing specific information about you or your company

Impersonation Fraud

Occurs when someone assumes your identity to perform a fraud or other criminal act. Criminals can get the information they need to assume your identity from a variety of sources, such as the theft of your wallet, your trash or from credit or bank information. They may approach you in person, by telephone, text message or on the Internet and ask you for the information.

Remember:

• J.P. Morgan will not send email notifications stating your account has been compromised or passwords need to be changed
• J.P. Morgan will never ask you for your password
• We will never call you to offer log-in assistance unless you have contacted us first
• When you call J.P. Morgan, only call your J.P. Morgan Access Regional Help Desk or your J.P. Morgan representative

back to top Back to top

J.P. Morgan offers the following resources to help you understand security best-practices.

General Reference

J.P. Morgan Payments Fraud Protection
Knowledge and awareness are the strongest defense against fraud scams. Learn how to identify and prevent fraud at your company.

AFP Payments Fraud & Control Survey
Learn what your colleagues are saying and doing about payments fraud. Read the results of the 2014 AFP Payments Fraud & Control Survey.

Third-party websites

OnGuard Online
Practical tips from the federal government and the technology industry to help you secure your computer, be on guard against Internet fraud and protect your personal information.

Federal Trade Commission (FTC)
Learn about the appropriate steps to take to prevent and protect against identity theft.

American Bankers Association
Cyber security is more important than ever for users of online banking, both personally and at work. Visit this site to learn more about the best practices and current news relating to online security.

back to top Back to top