In 2021, JPMorgan acquired Charlie Javice's startup, Frank, for $175 million, only to soon discover they were victims of her scam. Learn how even banking giants like JPMorgan can fall victim to fraud by not taking the proper due diligence measures.
JPMorgan Chase’s $175 million acquisition of a student financial aid platform, Frank, represented what the banking giant hoped would be an innovative step into the educational market. Instead, it became a case that can be presented for how even major financial institutions can still fall victim to determined fraudsters.
In late 2021, JPMorgan announced they were acquiring Frank, a fintech startup founded by Charlie Javice that promised to simplify the college financial aid application process. The company reportedly had more than four million users who used the app to help them navigate the complex and difficult process of applying for financial aid. However, by December 2022, JPMorgan filed a civil lawsuit against Javice, alleging fraudulent claims over the amount of customers Frank had. Instead of the around four million customers Javice reported, Frank had fewer than 300,000 actual users. Federal prosecutors then brought criminal charges in early 2023, and in March 2025, Javice was found guilty on multiple counts, including securities fraud, wire fraud, bank fraud and conspiracy charges.
The discrepancy was significant, as Frank had only about 7% of the users it claimed to have during negotiations with JPMorgan Chase. Evidence showed that Javice had actually hired a data scientist for around $18,000 to create synthetic user data, which was then presented to JPMorgan during the acquisition process as a selling point.
Due diligence is designed to verify claims, assess risks and determine accurate valuations. In a 2023 Fraud Magazine article, Mandy Yousif, CFE, described due diligence as “an essential preemptive measure against fraud, and failing to apply it can be detrimental." For companies and organizations where user numbers directly impact valuation, verifying these types of metrics is a fundamental part of proper due diligence.
In acquisitions where a major or substantial portion of the price reflects customer acquisition value, which was the case with Javice’s company, the verification of user data becomes an important step in proper due diligence measures. Think of it this way: each alleged customer essentially represents real monetary value in the transaction, meaning if the number of customers is falsified, the company initiating the acquisition would lose money after the deal is finalized.
JPMorgan executives, including Leslie Wims Morris, initially trusted Javice’s claim that Frank had more than four million users and was on track to reach 10 million, with Wims Morris testifying that she “100% trusted the young entrepreneur…” When JPMorgan went to verify these numbers, Javice claimed that user privacy concerns and terms of service agreements prevented her from sharing the user data. From there, the verification process faced several different challenges. JPMorgan enacted a third-party marketing company to verify Frank’s user data, but the third-party company primarily counted data fields instead of authenticating actual users. During the trial, evidence showed that the data provided to this verification firm was not Frank’s actual user database but rather synthetically created information designed to appear legitimate.
Additionally, market conditions factored into the situation. Testimony suggested that JPMorgan proceeded with the deal partly due to information indicating that Bank of America might also be interested in acquiring Frank. This competitive side is a common factor in corporate acquisitions. While some of JPMorgan’s employees reportedly raised questions about aspects of Frank’s data, these concerns did not ultimately prevent the acquisition from moving forward. On the other side of the case, in an unsuccessful attempt, Javice’s defense argued that JPMorgan suffered “buyer’s remorse” after changes in financial aid made the acquisition less valuable.
This case highlights several aspects of the process that companies across industries might consider when evaluating potential acquisitions. Direct database verification represents one important verification method. When possible, having secure, supervised access to a company’s actual customer database would prove valuable insights into user numbers and engagement patterns. Additionally, user sampling can serve as an additional verification layer. Contacting a statistically significant random sample of users can help confirm the existence and engagement of a claimed customer base.
Technical verification of user activity patterns offers another perspective. Real users typically generate consistent, logical patterns of platform engagement that differ from synthetic data. Analyzing these patterns can provide additional confidence in user metrics. Financial reconciliation also provides complementary verification. User numbers typically correlate with certain financial metrics, including server costs, customer service expenditures and marketing expenses. Alignment between alleged or claimed user numbers and operational costs can help validate claims.
Charlie Javice's conviction proved that even sophisticated financial institutions encounter fraudsters and should always be following the proper due diligence measures before finalizing any acquisition. While no due diligence process can guarantee absolute protection against fraud, following the proper steps is crucial. JPMorgan Chase’s unfortunate experience with Frank will likely inform future acquisition practices in the future, not just for them, but across the broader financial and technological sectors.
