at Holvi

Our mission is to eliminate the distractions of financial admin and do away with concerns around money, account and data security.

Our security measures

Did you know Holvi means ‘vault’ in Finnish? That’s how seriously we take security at Holvi. This page covers the technical and organisational measures that keep your money, account and data safe at Holvi.

Read more about our security measures below:


Customer privacy

Holvi processes personal data in line with the General Data Protection Regulation 2016/679 (GDPR). This means that all personal data is processed legally, fairly and transparently.

We only process necessary and relevant personal data – with the sole aim of providing the best possible service for current and future Holvi customers.


Regulation and licensing

Holvi Payment Services Ltd is regulated and authorised to operate across the EEA as an Authorised Payment Institution by the:

  • Financial Supervisory Authority of Finland (FIN-FSA)
  • German Financial Supervisory Authority (BaFin)
  • Federal Ministry of Finance Bundesministerium der Finanzen (BMF)

Safeguarding of funds

All funds deposited by our customers are segregated from Holvi’s own and safeguarded in compliance with the relevant legislation (PSD2). This means that in the unlikely event of Holvi’s insolvency, customer funds would remain unaffected. Your money is safe and sound.


Push notifications

Our push notifications notify you instantly of account and card activity. If you spot questionable activity, you can react quickly and secure your account and card in-app.

Card control

Lock and unlock your card anytime. Change your card PIN and update settings – like ATM withdrawals and online payments. Stay in control of your Holvi card.

Security at a glance

Customer data security

All data is encrypted during transit and when stored on our cloud infrastructure. Encryption is done using industry-standard encryption algorithms.

Mastercard® 3D Secure 2

Holvi uses 3D Secure 2 (3DS2) as an additional authentication step to verify online payments. 3DS2 uses biometrics to confirm your identity directly in Holvi.

Holvi user authentication

A user can only access Holvi using token-based authentication, meaning identity must be proved to access an account. User activity is tracked and logged in dedicated databases.

Secure cloud infrastructure

All mission-critical systems are hosted on modern and secure cloud technologies. This technology allows us to set up multi-layer defences and increases the auditability of all actions and changes.

Independent security team

Our security team works on maintaining Holvi’s security daily. Additionally, Holvi uses a bug bounty programme for external application security testing. This global research community further helps to protect the application.

Multi-Factor Authentication

Holvi supports Multi-Factor Authentication (MFA). MFA uses a combination of passwords, codes and biometrics (e.g. fingerprint and face) to verify transactions.

24/7 information monitoring

The Holvi infrastructure is monitored 24/7. We also use automated alerts that allow us to act quickly on any potential issue.

What you can do for extra security

Why does Holvi sometimes have to block accounts?

We’re subject to strict regulations that may require us to take action due to security reasons.

How Holvi keeps your account safe – And how you can help

In this article, we share what you can do as a user to ensure extra security for your account.

Contact us

For any security related questions please contact us at