How you can protect yourself
A good way to help prevent fraud is to recognize and be prepared for the threats you're facing. Here are some tips that will help you stay safe as you bank online.
Keep your chase.com user name and password safe
If you give out your chase.com User ID and Password, you are putting your money at risk
Some websites and software offer tools to help you with budgeting, managing accounts, investing, or even doing your taxes. But if you’re giving them your chase.com User ID and Password, you could be responsible for money you might lose as a result. This could happen because of:
- Unauthorized activity or fraud in your Chase accounts, or
- Misuse of the information by the people or services you’ve given it to.
For more detail, see the Password section of the Chase Online Service Agreement.
Have you already shared your information?
If yes, and if you want to protect yourself, change your User ID and Password:
- Go to chase.com and log in using your current User ID and Password.
- Click on "Customer Center" tab at the top.
- Under "My Information" click on each of the links:
- Change User ID
- Change Password
Signing in to chase.com from a website or app
We work with some financial websites and apps to give you control of your financial information and to keep it secure and private. If you choose to use them to help manage your finances or invest, you’ll be prompted to enter your Chase username and password directly into a secure chase.com window from their website. That way, they won’t need to see or store your name and password. And, you'll have to give access only once, for all your devices and browsers to work.
You can sign in to chase.com to see which websites and apps you’ve given access through the secure window. You can also remove that access.
Don't be fooled by an imposter
Phishing (pronounced "fishing") is a type of criminal activity that uses fraudulent techniques to trick you into providing personal information. An attacker might send an email that appears to be from a reputable company you do business with, such as your bank. The email asks you to reply to the email or go to a website that looks like your bank’s site and then give your user name, password, account number, personal identification number (PIN), Social Security number or other personal information.
Scammers might also contact you by text message or by phone.
For example, you could get a text message from a phone number you don’t recognize that says your bank account will be closed, frozen or terminated unless you call a phone number or go to a website listed in the message and then give your personal and account information.
If you have any doubts about whether an email, phone call or text message is actually from us, please call the toll-free number on the back of your credit/debit card or the toll-free number on your statement. We’ll help figure out if you’re dealing with a scam.
Don't reply to an email, phone call or text message that does these things:
- Requires you to give your personal or account information either directly in the email or on a website the email sends you to; some attackers, for example, use pop-up windows on Web pages to ask for your confidential information
- Threatens to close or suspend your account if you don’t take immediate action
- Invites you to answer a survey that asks you to enter personal or account information
- Tells you your account has been compromised, then asks you to give or confirm your personal or account information
- Tells you there are unauthorized charges on your account, then asks you to give your personal or account information
- Asks you to confirm, verify or update your account, credit card or billing information
Stay away from offers of money or prizes
You’re almost certainly dealing with a scam when you see an email or website that does these things:
- Asks you to provide your account information because someone wants to send you money
- Claims you have a refund coming to you
- Says you’ve won a contest
For legitimate programs, such as Chase QuickPaySM, we’ll never ask you to tell us personal or account information unless you’ve signed in to our secure website.
With Chase QuickPay, we may send you email messages telling you about money you’ve received, but we won’t ask you to click a link in the email to go to chase.com. Nor will we ask you to type your account or other personal information into the email itself. Instead, we’ll tell you to go to chase.com yourself and sign in to our secure website with your user name and password.
Email scams often try to create a feeling of urgency and alarm so you'll respond before you can think carefully. These kinds of messages typically threaten to cut off a service or close your account. Or they may pretend to be helpful by, say, offering a security update, but only after you’ve told them your personal or account information. These tactics are red flags and should alert you that the request is likely phony.
Another example involves an email that appears to come from a friend urgently asking you to send them money because they've lost their wallet or they’re stuck in a foreign country. Don’t respond. Instead, contact your friend first to see if they sent the email. Find out more about how to spot suspicious emails.
Be creative with your password
It's absolutely critical to use a highly secure password for all of your financial accounts. Never use your pet's name, your child's name or anything else that a fraudster could easily find out. The most secure passwords combine letters and numbers, not simply an address, phone number or birth date. For added security, remember to change your password on a regular basis and avoid using the same password for multiple accounts.
Call us quickly
Call us right away if you think you've mistakenly given out personal information about your Chase accounts (such as your account number, password or PIN) or if you’ve given it to a website you think may not be legitimate. You should call the toll-free number on the back of your credit/debit card or the toll-free number on your account statement. We’ll help you secure your account.
Put up a shield
You should install anti-virus and firewall software on your computer and keep it up to date. Make sure your anti-virus software scans incoming communications and files for viruses that could cause you trouble.
Be cautious about offers for "free" anti-virus software, and make sure you get your software from a highly reputable company. Also, look for anti-virus software that removes or quarantines viruses and that updates itself automatically on a regular basis.
A firewall is software or hardware designed to block unauthorized access to your computer. It's especially important to run a firewall if you have a broadband connection (such as from a cable modem or DSL line) because your connection is always open, so you’re more likely to be a target. Most common operating systems (including Windows® XP and Vista, and Apple’s OS X) come with a built-in firewall, but you may have to turn the feature on.
Develop good habits
We use a variety of technologies and techniques to help make our products and services secure. You should protect yourself too when you use your personal computer or conduct business digitally.
Here are some steps you can take:
- Don't give out financial information such as checking account and credit card numbers—and especially your Social Security number—on the phone unless you made the call and you know the person or organization you're dealing with. Don't give that information to any stranger, even someone claiming to be from Chase.
- Don't print your driver's license, phone or Social Security number on your checks.
- Report lost or stolen checks immediately. We’ll block payment on the check numbers involved. Also, look over new checks to make sure none of them have been stolen in transit.
- Store your new and canceled checks in a safe place.
- Tell us right away about any suspicious phone inquiries you get, such as those asking for your account information so the caller can "verify a statement" or "award a prize." Don’t give out any personal or account information.
- Keep your personal identification numbers (PINs) for your ATM and credit cards safe, and don't write your PIN on the card itself or store it in the same place you store your card. You should also guard your ATM and credit card receipts (and take care to destroy them before you throw them out). Thieves can use them to access your accounts.
- Be careful to create secure PINs and passwords. Don't use birth dates, parts of your Social Security or driver's license numbers, your address or your children's or spouse's names, for example. Someone trying to steal your identity probably has some or all of this information.
- If you get financial offers in the mail that you're not interested in, tear them up or shred them before throwing them away so thieves can't use them to steal your identity. Destroy any other financial papers, such as bank statements or invoices, before getting rid of them.
- Don't put outgoing mail in or on your mailbox. Drop it into a US Postal Service collection box. Thieves could use your mail to steal your identity.
- If you don’t get one or more of your regular bills in the mail, call each company to find out why. A thief could have filed a false change-of-address notice to send your mail to another address.
- If your bills include suspicious items, such as charges you don’t recognize, don't ignore them. Instead, investigate them immediately.
How to protect your computer:
- Don’t let others use your personal computer.
- Sign out of, or lock, your computer whenever you leave it.
How to protect yourself on your mobile devices:
- Avoid sharing your phone or tablet with others, especially strangers.
- Be sure no one is looking over your shoulder in congested public areas and reading information from your device’s screen.
- Sign out of your session when you’re finished, whether you’re using the Chase Mobile® app or the Chase Mobile® website.
- Don’t store your password in other apps on your mobile device, such as in a note-taking app.
- Avoid tampering with your phone’s operating system. This is called “jailbreaking” on an iPhone® and “rooting” on an Android™ phone.
- Always use official app stores to download any app.
- Keep the Chase Mobile app up to date.
Open with extreme care
Don't open an email attachment, even if it appears to be from a friend or co-worker, unless you're expecting it or are absolutely sure you know what it contains.
Watch out for email subject lines or emails containing only a generic message such as "check this out" or "thought you'd be interested in this." Call your friend to make sure they sent the email before you open the attachment or click any links in the message.
Take advantage of our warning system
We're always looking for ways to help you keep your accounts safe. Our free Account Alerts are a great way to keep track of your finances and to detect unauthorized withdrawals or other suspicious account activity. For example, you can sign up to get an alert by text, phone or email whenever there’s a withdrawal from your account that is more than the amount you’ve set. Find out more about how to set up Account Alerts.
Keep an eye on your credit reports
Look over your credit reports carefully—and at least once a year. You can request a free annual credit report from each of the 3 national credit reporting agencies, whether or not you suspect any unauthorized activity on your account, by visiting www.AnnualCreditReport.com or calling 1-877-FACTACT (1-877-322-8228). Or you can request the reports by directly contacting each of the agencies below. They can also tell you about setting up fraud alerts and security freezes:
- Equifax: 1-800-525-6285
- Experian: 1-888-397-3742
- TransUnion: 1-800-680-7289
Look out for credit inquiries from unfamiliar companies, accounts you never opened and unexplained debts; all of these could be warning signs of fraud and identity theft.
Remember to sign in to chase.com often. If you notice suspicious activity in your accounts, report it to us immediately.
Control your accounts on the go
One of the most convenient ways to keep track of your accounts is with our free Chase Mobile app. It lets you get to your accounts from your phone, virtually anywhere, anytime. We’ve armed the app with a variety of technologies to protect your information so you can access your accounts securely.
You have to sign up for Chase Online to see your account information and to bank through the Chase Mobile app. As of March 2015, if you’re using the Chase Mobile app on an iPhone or an Android phone, you can sign up for Chase Online directly from the Chase Mobile app.
If you’re using any other version of the app, though, you have to sign up at chase.com. We’re continually updating the app, so we’ll likely be adding support for other platforms in the future.
Depending on the type of phone you have, you can use these links to safely download the app:
- Chase Mobile® for AndroidTM
- Chase Mobile® for iPhone®
Set up and use internal controls
If you own your own business, it's important to:
- Maintain appropriate internal controls, including segregation of duties. For example, be sure that the people involved in reconciling accounts are different than the people who make payments.
- Periodically assess your risk and evaluate your internal controls, including reviewing your users and the permissions you grant them. Your system administrator can establish user permissions and online transaction limits for each of your users.
- Regularly look over your transactions and statements to check for any unauthorized activity. We promptly post your transaction details on Chase Commercial Online. It’s important to monitor and control transactions—including those originating online and through other channels, such as checks you've written or withdrawals you've made.
- Take advantage of online Positive Pay Service and Reverse Positive Pay Service to help you monitor and control checks clearing against your accounts.
- Customize your Account Alerts so you’re notified when certain account activity takes place.
Have you already shared your information?
Here’s what you should do to report fraud.
If you get an email from us that doesn't appear to be legitimate, don't reply. Instead, forward it to us at email@example.com.