Security
at Holvi
Our mission is to eliminate the distractions of financial admin and do away with concerns around money, account and data security.
Our security measures
Did you know Holvi means ‘vault’ in Finnish? That’s how seriously we take security at Holvi. This page covers the technical and organisational measures that keep your money, account and data safe at Holvi.
Read more about our security measures below:
Privacy
Customer privacy
Holvi processes personal data in line with the General Data Protection Regulation 2016/679 (GDPR). This means that all personal data is processed legally, fairly and transparently.
We only process necessary and relevant personal data – with the sole aim of providing the best possible service for current and future Holvi customers.
Compliance
Regulation and licensing
Holvi Payment Services Ltd is regulated and authorised to operate across the EEA as an Authorised Payment Institution by the:
- Financial Supervisory Authority of Finland (FIN-FSA)
- German Financial Supervisory Authority (BaFin)
- Federal Ministry of Finance Bundesministerium der Finanzen (BMF)
Safeguarding of funds
All funds deposited by our customers are segregated from Holvi’s own and safeguarded in compliance with the relevant legislation (PSD2). This means that in the unlikely event of Holvi’s insolvency, customer funds would remain unaffected. Your money is safe and sound.
Control
Push notifications
Our push notifications notify you instantly of account and card activity. If you spot questionable activity, you can react quickly and secure your account and card in-app.
Card control
Lock and unlock your card anytime. Change your card PIN and update settings – like ATM withdrawals and online payments. Stay in control of your Holvi card.
Security at a glance
Customer data security
All data is encrypted during transit and when stored on our cloud infrastructure. Encryption is done using industry-standard encryption algorithms.
Mastercard® 3D Secure 2
Holvi uses 3D Secure 2 (3DS2) as an additional authentication step to verify online payments. 3DS2 uses biometrics to confirm your identity directly in Holvi.
Holvi user authentication
A user can only access Holvi using token-based authentication, meaning identity must be proved to access an account. User activity is tracked and logged in dedicated databases.
Secure cloud infrastructure
All mission-critical systems are hosted on modern and secure cloud technologies. This technology allows us to set up multi-layer defences and increases the auditability of all actions and changes.
Independent security team
Our security team works on maintaining Holvi’s security daily. Additionally, Holvi uses a bug bounty programme for external application security testing. This global research community further helps to protect the application.
Multi-Factor Authentication
Holvi supports Multi-Factor Authentication (MFA). MFA uses a combination of passwords, codes and biometrics (e.g. fingerprint and face) to verify transactions.
24/7 information monitoring
The Holvi infrastructure is monitored 24/7. We also use automated alerts that allow us to act quickly on any potential issue.
What you can do for extra security
Why does Holvi sometimes have to block accounts?
We’re subject to strict regulations that may require us to take action due to security reasons.
How Holvi keeps your account safe – And how you can help
In this article, we share what you can do as a user to ensure extra security for your account.
Contact us
For any security related questions please contact us at security@holvi.com.