Skip to main content

Security Information Center

Safeguard your

financial information

Welcome to our Security Information Center

Cathay Bank is committed to providing a safe and secure online banking environment for our customers. With our online banking security infrastructure, you can be confident that access to your accounts is private and secure. While Cathay Bank works to protect your banking privacy, you also play a key role in safeguarding your personal financial information and accounts. The links below provide information that can assist you with protecting your personal financial information and ensuring that your banking experience on the Cathay Bank Internet site is as safe and secure as possible.


How Cathay Bank protects your information

Cathay Bank recognizes the importance of protecting the privacy of our customers’ personal financial information. Our goal is to maintain the trust and confidence of our customers when handling their personal information, as well as that of our prior customers, and other individual consumers who obtain or request a financial product or service from us. We only collect and use the information we need to deliver the high level of customer service you have come to expect, including informing you about products, services and other opportunities that may be of benefit to you. Please click to be taken to our privacy policy page. 


Keeping your banking experience safe

Cathay Bank reviews and approves the use of different browsers to ensure that they meet the bank's strict security standards. In addition to browser requirements, passwords and other safety features, Cathay Bank uses other methods to help ensure that your banking experience on the Internet is safe and secure. We have a precise authentication process to ensure that when you request information on your account, only you receive the information. Cathay Bank's systems are protected by what's called a "firewall," allowing entry only to those who are authorized. For digital identity verification, we have a Cathay Bank digital server certificate by DigiCert that your browser uses each time you sign on to protect the communication from your computer to Cathay Bank’s systems. Cathay Bank will never request confidential information from customers via email or pop-up windows.


Bank account precautions

To reduce deposit account fraud, balance your account when you receive your statements. If you don't receive one when expected, contact your local branch or go online at to get a copy of your activity. Shred your statements and/or receipts once you are done with them.

Security & Alerts

Frequently Asked Questions

What is social engineering?

Social engineering is the act of manipulating people into performing actions or divulging confidential information. While similar to a confidence trick or simple fraud, the term typically applies to trickery or deception for the purpose of information gathering, fraud or computer system access; in most cases, the attacker never comes face-to-face with the victim.

  • Pretexting is the act of creating and using an invented scenario (the pretext) to persuade a targeted victim to release information or perform an action and is typically done over the telephone. It is more than a simple lie as it most often involves some prior research or set-up and the use of pieces of known information (e.g. for impersonation: date of birth, Social Security Number, last bill amount) to establish legitimacy in the mind of the target.
  • Phishing is a technique of fraudulently obtaining private information. Typically, the phisher sends an e-mail that appears to come from a legitimate business—a bank or credit card company—requesting "verification" of information and warning of some dire consequence if it is not provided. The e-mail usually contains a link to a fraudulent web page that seems legitimate—with company logos and content—and has a form requesting everything from a home address to an ATM card's PIN.
  • Phone-phishing or Vishing uses a rogue Interactive voice response (IVR) system to recreate a legitimate sounding copy of a bank or other institution's IVR system. The victim is prompted (typically via a phishing e-mail) to call in to the "bank" via a (ideally toll free) number provided in order to "verify" information. A typical system will reject log-ins continually, ensuring the victim enters PINs or passwords multiple times, often disclosing several different passwords. More advanced systems transfer the victim to the attacker posing as a customer service agent for further questioning.
  • Baiting is like the real-world Trojan Horse that uses physical media and relies on the curiosity or greed of the victim. In this attack, the attacker leaves a malware infected floppy disk, CD ROM or USB flash drive in a location sure to be found (bathroom, elevator, sidewalk, parking lot), gives it a legitimate looking and curiosity-piquing label, and simply waits for the victim to use the device.
  • Quid pro quo means something for something: An attacker calls random numbers at a company claiming to be calling back from technical support. Eventually they will hit someone with a legitimate problem, grateful that someone is calling back to help them. The attacker will "help" solve the problem and in the process have the user type commands that give the attacker access or launch malware. For example, an information security survey revealed that 90% of office workers gave researchers what they claimed was their password in answer to a survey question in exchange for an inexpensive pen. Similar surveys in later years obtained similar results using chocolates and other inexpensive lures, although they made no attempt to validate the callers.
  • Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. As with the e-mail messages used in regular phishing expeditions, spear phishing messages appear to come from a trusted source. Phishing messages usually appear to come from a large and well-known company or website with a broad membership base, such as eBay or PayPal. In the case of spear phishing, however, the apparent source of the e-mail is likely to be an individual within the recipient's own company and generally someone in a position of authority.

How do you protect yourself against social engineering?

Awareness is an effective weapon against many forms of identity theft. Be aware of how information is stolen and what you can do to protect yours, monitor your personal information to uncover any problems quickly and know what to do when you suspect your identity has been stolen.

Armed with the knowledge of how to protect yourself and take action, you can make social engineering thieves' jobs much more difficult. You can also help fight social engineering by educating your friends, family and members of your community.

Here are some tips on how to fight a social engineering call attempt:

  • Ask the requestor which company he/she works for;
  • Question why he/she needs your confidential information;
  • Take down the caller information and call the company to double check;
  • Be careful not to disclose your Social Security number, birth date, PIN, credit card, etc. numbers to strangers.

Should you provide your password or user ID in an e-mail?

Cathay Bank does not request confidential information from customers via e-mail or pop-up windows. In addition, Cathay Bank will never ask you for your password. You should safeguard and not share your password with anyone.

What do fraudulent e-mails usually contain?

Ask you for personal information. Fraudulent e-mails often claim that your information or account has been compromised and ask you to confirm the authenticity of your transactions.

Appear to come from a legitimate source. While some e-mails are easily identified as fraudulent, others may appear to come from a legitimate address and a trusted website. Never rely on the name or address in the "From" field, as this is easily altered.

Prizes. Some fraudulent e-mails promise a prize or gift certificate if you complete a survey that may ask for your personal information. It is best to not give your personal information. If you decide to provide any information, always confirm that the prize or gift certificate is being issued from a well-known company.

Link to fraudulent websites. Fraudulent e-mails may direct you to counterfeit websites carefully designed to look legitimate, but which actually collect personal information for fraudulent use.

Contain computer viruses. Fraudulent e-mails may include attachments that contain computer viruses.

Contain fraudulent phone numbers. Fraudulent e-mails often contain telephone numbers that are tied to the fraudsters. You should never call a number featured on an e-mail you suspect is fraudulent.

What should you do if you are suspicious of an e-mail with the Cathay Bank logo?

It is fairly common and easy for criminals to steal company logos and generate fake business e-mails, coercing the victims to disclose their online credentials. If you believe you have just received such a suspicious e-mail, you can call us at our customer service number 800-922-8429 to confirm before responding.

How do you tell if an e-mail from Cathay Bank is legitimate?

Cathay Bank may send promotional product information to our customers via e-mail occasionally but we do not request non-public information from customers via e-mail or pop-up windows.

If you encounter a suspicious e-mail, website or unsolicited pop-up window that claims affiliation with Cathay Bank, please report it to us immediately at 800-922-8429. You may also forward the information to us at [email protected].

You do not have an account with Cathay Bank, but getting e-mails about your Cathay Bank accounts. Why does this happen?

If you do not have a banking relationship with us, we will not inquire about your personal or confidential information via e-mail or pop-up windows. You should consider the intent of such e-mail as an attempt to collect your personal or confidential information to conduct identity theft.

If you encounter a suspicious e-mail, website or unsolicited pop-up window that claims affiliation with Cathay Bank, please report it to us immediately at 800-922-8429. You may also forward the information to us at [email protected].

What is Identity Theft?

Identity theft occurs when someone uses your personally identifying information, like your name, Social Security number, or credit card number without your permission to commit fraud or other crimes.

What should you do if your identity is stolen?

Should you receive a letter and check in the mail that is similar to those described above, do not cash or deposit the check into your bank account. If you have already cashed or deposited this check, you should immediately contact your bank/branch and inform them that the check is counterfeit. If you are a victim of these scams, you should contact your local police department for further instructions.

Does Cathay Bank use cookies on its website?

We may place “cookies” on a computer to track a visitor’s use of our website. A cookie is a piece of data that is stored on your hard drive. It takes up very little space on your system and helps us to customize our site and make its navigation easier for you. We sometimes use cookies to help estimate the number of visitors to our site and to determine which areas are the most popular. Unless you register with us for a service (such as our Online Banking Service), the cookie does not provide us with any personally identifying information about you, such as your name or address.  

Visit our Collection and sharing of nonpublic personal information page.

Cathay Bank

Email communication is not secure

Please do not include sensitive information such as account numbers or other personal information such as Social Security or Tax Identification numbers, driver’s license numbers, etc. in any email sent to us via this link.