Online Banking Security

Chase takes online fraud seriously and has a dedicated Security Center with information, resources and educational materials for your review and consideration.

If you forget to log out from Chase Commercial OnlineSM, we'll end your session after a few minutes of inactivity. This helps prevent unauthorized access to your financial data. When you log out, we automatically clear any Chase Commercial Online webpages from the browser's memory to prevent anyone else from seeing webpages you accessed during your session.

 Begin sidebar

Chase Dual ControlSM

Help reduce fraud by requiring additional approvals for your transactions.

 End sidebar

We use secure technology to encrypt your personal information over the Internet, and layered security controls to help protect against unauthorized activity.

You must take online fraud seriously, too. The tips and guidelines below can help you enhance your company's online security and reduce your risk of fraud.

Please review the information below and listen to our QuickBytes audio programs for more information.

Internal Controls

  • Maintain appropriate internal controls, including segregation of duties. For example, have the people making payments be different from those reconciling the accounts.
    • Require one user to set up or initiate online payments, and another to approve the payments. You can do this using Chase Dual ControlSM.
    • Review the full details, especially the beneficiary details of all payments, before you approve transactions—even if the payment amount and/or payment timing is not unusual.
  • Periodically assess your risk and evaluate your own internal controls, including reviews of your users and the permissions you grant them. With Chase Commercial Online, your System Administrator can establish user permissions and online transaction limits for each of your users.
  • Review your transactions and statements regularly to detect unauthorized activity. We post transaction details promptly on Chase Commercial Online. Monitor and control transactions, including those that begin online and through other channels, such as checks you've written or withdrawals you've made.
    • Chase Commercial Online offers Positive Pay Service and Reverse Positive Pay Service to help you monitor and control checks clearing against your accounts.
    • Report any unauthorized or suspicious transactions immediately to Chase by calling the Chase Commercial Online Service Center or contacting your Chase client service representative.
  • Set up customized Account Alerts so we can let you know when certain account activity takes place.

Validate Requests from Vendors or Partners

  • Fraudsters send emails to individuals and businesses from an email account that is disguised to be from a known vendor. These emails instruct the company to alter the instructions they use to make payments. Then, when a payment is made, the funds are actually sent to the fraudster instead of the intended vendor.
  • Prior to making any changes to your payment instructions, immediately contact the vendor to confirm that the change is legitimate. You may also ask the vendor to confirm the instructions by faxing or mailing the request in writing on company letterhead.


  • Select passwords that are not obvious. Avoid using personal information, such as your last name or birthday. Don't use the same user ID and password for multiple websites.
  • Don't write down or post user IDs, passwords or other sensitive information.
  • Don't save passwords on your computer or leave your password unprotected.
  • Don't share your passwords or any other login credentials with anyone. Chase representatives will never ask you for your Chase Password or security token code.
  • Don't share Chase User IDs among a group. Each user must have a unique User ID and Password.
  • Remind your users to change their passwords frequently.
  • Prevent unauthorized persons from using your computer by logging out or locking your workstation when you leave the area.

Viruses and Malware

  • Scan any software downloaded from the Internet for viruses before installation.
  • Ensure that your computer's operating system and software are updated on a regular basis. Consult your company's Information Technology professional for assistance.
    • Use a current browser that supports higher encryption standards.
    • Take advantage of the security features your organization provides, such as virus-scanning programs and firewalls.
  • Use anti-virus and anti-malware software, and keep the software up to date.
  • Report suspicious on-screen requests such as messaging asking you to enter your password/token code multiple times at log on or to have someone else log on from your computer. Chase will not ask you to perform these tasks.
  • If a website you typically use has misspellings or grammatical errors in the content or displays unexpected behavior, do not log on to the website.
  • Contact your company's Information Technology professional to verify that unused ports on your computer are closed.

Suspicious Emails or Phone Calls

Use caution when you receive email messages or phone calls that:

  • Include links to websites.
  • Instruct you to open attachments, especially attachments with the file extensions .exe, .pif or .vbs.
  • Require you to provide personal information, such as your Chase User ID, Password or account numbers.
  • Threaten to close or suspend your account if you don't provide personal information.
  • State that your account has been compromised and request that you provide your account information.
  • Ask you to confirm, verify or update your account, credit card or billing information.

Remember: It is not Chase's practice to contact you by sending you unsolicited email messages asking you to enter personal or sensitive information by responding or clicking a link. When we have important information for you, we'll ask you to log in to Chase Commercial Online and visit your Secure Message Center, which you can access from the My Accounts page.

If you receive a questionable email: Please forward it to

If you think your account has been compromised: Please contact the Chase Commercial Online Service Center or contact your client service representative.

Please use online security services and monitor your company's risk frequently. We hold Chase Commercial Online clients liable for the actions of their System Administrator and other authorized users, unauthorized transactions authenticated with the security procedure (as specified in the Chase Commercial OnlineSM Access and Services Agreement), and for not following Chase's recommended administrative procedures (such as Chase Dual Control).Footnote  (Opens Overlay) Also, please be aware that the Federal Reserve Board Regulation E (providing consumers with certain protections) is not applicable to Commercial Banking customers, including customers using Chase Commercial Online.

To learn more: listen to our QuickBytes audio programs.


To learn more about Chase Commercial Online,
please contact us or call your Commercial Banker.