Security Center

Your security is
non-negotiable.

We use the same standards as major central banks — then go further. Your money and data are protected 24 hours a day.

Our Security Report an Issue

256-Bit Biometric ISO 27001

Cybersecurity and digital protection shield concept

Encryption

256-Bit

Monitoring

24/7

Fraud Protection

$0 Liability

256-Bit Encryption

AES-256 encryption at rest and in transit. Same standard used by the NSA for top-secret data.

Biometric Auth

Touch ID and Face ID support on iOS and Android. Passwords are never stored in plaintext.

FDIC & ECB Insured

US deposits insured to $250K per category. EU deposits protected to €100K under EDIS.

24/7 Fraud Monitoring

AI analyzes every transaction in real time. Unusual activity is flagged and you're notified instantly.

2FA / MFA

SMS, authenticator app (TOTP), and hardware security key support via WebAuthn/FIDO2.

Zero-Trust Architecture

Every internal system request is authenticated and authorized. No implicit trust, ever.

Bug Bounty Program

Responsible disclosure program with rewards up to $50,000 for critical vulnerability reports.

ISO 27001 Certified

Annual third-party audits against the international standard for information security management.

Security in Action

How we protect you every day

Infrastructure

Bank-Grade Data Centers

Our servers run in SOC 2 Type II certified facilities with redundant power, cooling, and network connectivity across multiple geographic regions.

Encryption

End-to-End Protection

Every byte of data is encrypted in transit and at rest using AES-256, the same standard trusted by governments worldwide.

Real-Time Fraud Detection

Our machine learning models analyze thousands of signals per transaction, blocking fraud before it happens.

Team

24/7 Security Operations Center

A dedicated team of security engineers monitors our systems around the clock, responding to threats in real time.

Authentication

Layers of protection,
not obstacles.

We've designed our multi-factor authentication to be strong and frictionless. You choose how you verify:

Authenticator App (Recommended)

Works with Google Authenticator, Authy, or 1Password TOTP. Generates a fresh code every 30 seconds, even offline.

Hardware Security Key

YubiKey and any FIDO2-compatible device. The strongest available option, supported for all account tiers.

SMS One-Time Code

Convenient and widely compatible. Available as a fallback when your primary method isn't available.

Biometric (Mobile App)

Face ID and Touch ID for quick, secure login in the Cathay mobile app. Your biometric never leaves your device.

Fraud Prevention Tips

Cathay will NEVER ask for your password, PIN, or one-time code via phone or email.

Always verify the domain is Cathaybank.com before entering credentials.

Enable instant push alerts in the Cathay app to catch unauthorized transactions immediately.

If you receive a suspicious call claiming to be from Cathay, hang up and call us at +1 800 555 1234.

Check your account at least weekly. Report anything unexpected immediately.

Use a unique, strong password. We recommend a password manager.

Report fraud or suspicious activity

Compliance

Regulated. Audited. Accountable.

🇺🇸

FDIC

Federal Deposit Insurance Corporation — US deposits insured to $250,000 per depositor per ownership category.

🇪🇺

ECB/SSM

European Central Bank Single Supervisory Mechanism — Cathay Europe S.A. supervised directly by the ECB.

🇺🇸

OCC

Office of the Comptroller of the Currency — primary US federal banking regulator.

🌐

ISO 27001

International information security management certification. Audited annually by Bureau Veritas.

🌐

PCI DSS

Payment Card Industry Data Security Standard Level 1 — the highest tier of card processing security compliance.

🌐

SOC 2 Type II

Service Organization Controls report on security, availability, processing integrity, confidentiality, and privacy.