Contact Us     Open an Account
Merchant Login

Phishing Guidelines

Protecting your Account from Unauthorized Access

Chase Paymentech rigorously protects the privacy of our customers. It is our strict policy to never request sensitive account information, such as account numbers, user names or passwords, via unsecured channels like e-mail. Any e-mail you receive that asks for account information should be treated as unauthorized by Chase Paymentech and should not be given a response. This type of unauthorized request is called phishing.

What is Phishing?

Online phishing (pronounced "fishing") is an attempt to trick someone into revealing personal or financial information online. Phishers use phony Web sites or deceptive e-mail messages that mimic trusted businesses and brands to steal protected information such as user names, passwords and credit card numbers.

While Chase Paymentech continues to take every possible step to prevent such attacks, responsibility also rests on each business to educate its employees on these scams to reduce risk and avoid becoming a victim.

Protecting Against Phishing Attempts

It's important to remember that Chase Paymentech never requests sensitive account information such as account numbers, user names or passwords, via unsecured channels such as e-mail.

Please follow these steps if you or anyone in your organization has doubts about an e-mail relevant to payment processing or receives a phishing e-mail that claims to come from Chase Paymentech.

  • If you are sent a questionable e-mail, do not respond or click on any links.
  • Forward the e-mail immediately to our abuse team so we can perform a full investigation, including notifying the host provider and taking down the bogus Web site.
  • If you have received a phishing e-mail marked from Chase Paymentech and have already responded with information, contact us immediately by calling 866.223.3345.

E-Mail Best Practices

Here are additional tips to help your organization protect against phishing attempts.

  • Be defensive with your personal and company information.
  • Evaluate all communications carefully.
  • Be suspicious of every request for proprietary information unless initiating a transaction yourself.
  • Be wary of clicking links in e-mail messages and instant messages.
  • Remember phishing sites can look extremely realistic. Bona fide organizations rarely initiate online requests for such information.
  • Use extreme caution when providing sensitive data, especially in an e-mail message, instant message or pop-up window.
  • Navigate directly to trusted Web sites by entering the URL in the browser Address Bar, rather than navigating through embedded hyperlinks.
  • Check to see if there are HTML (unlikely in an authentic communication) or other errors (spelling, grammar).
  • When you are entering personal or financial information on a Web site, check the security certificate and/or make sure the site utilizes Secure Hypertext Transfer Protocol (represented by a Web address prefix of “https”).