Chase: A Tier-1 Target for Financial Crimes
As one of the largest banks in the world, Chase is a primary target for sophisticated phishing campaigns and social engineering. Chase offers some of the best security tools in the retail banking space, but they are often buried in settings and must be manually configured to provide maximum protection.
1. Hardening Your Chase Account
The Chase Shield Control Center
Chase has consolidated its security settings into the Shield Control Center (available in the mobile app and online). This is your central hub for managing "who" and "what" has access to your money. Action: Review your "Linked Apps and Websites." Over time, many users link their Chase accounts to budgeting apps (like Mint or YNAB) or payment processors (like Venmo). Every link is a potential point of failure. Remove any app you no longer actively use.
MFA and the "Extra Security" Setting
Chase supports SMS and Email codes by default. However, you can enhance this by ensuring that MFA is required for every login, not just when the system thinks it's a "new" device. Action: Under Security Settings, toggle on the requirement for a code at every sign-in. This protects you if an attacker gains access to your browser cookies or a trusted device.
Secure Messaging over Email
When communicating with Chase about sensitive issues, never use standard email. The Policy: Use the Chase Secure Message Center within the authenticated portal. This ensures that the conversation is encrypted and that you are actually talking to a verified Chase employee, not a phisher.
2. Failsafe Recovery Preparation
The Identity Verification Loop
Chase relies heavily on the phone number and email address on file to verify your identity. If you lose access to these and your account, recovery becomes much harder. The Strategy: Ensure your Chase recovery email is a "Hardened" account (like a hardware-secured Proton or Gmail account). If your email is easy to hack, your Chase account is easy to hack.
In-Person Branch Recovery
If you are totally locked out (e.g., your phone was stolen and your email was compromised), you must go to a physical Chase branch. Preparation: Bring two forms of ID (e.g., Passport and Driver's License) and a physical copy of a utility bill. Tell the banker you need to "Reset your digital profile." This is a manual process that bypasses all digital MFA but requires your physical presence.
3. Protecting Your Business Treasury
If you use Chase for Business, the stakes are even higher.
- Dual Authorization: For business accounts, enable dual authorization for any outgoing wire or ACH transfer. This requires two different people (or two different devices) to approve a transaction.
- Positive Pay: If you still use physical checks, enable Positive Pay to ensure Chase only honors checks that you have specifically authorized in their system.
For more information on the underlying principles, see our articles on MFA Fundamentals and Password Security.
Why This Matters
The Importance of MFA
Multi-Factor Authentication (MFA) is your strongest defense against account takeover. Even if a physical or digital attacker obtains your password, MFA provides a critical second layer of defense that is much harder to bypass. Learn more about MFA best practices.
Unique, Strong Passwords
Never reuse passwords across different services. If one service is breached, every other account using that same password becomes vulnerable to "credential stuffing" attacks. Every online service should have its own unique, long, and complex password managed by a reputable password manager. Learn why unique passwords are critical.