The security of your account is our top priority. We do our best to keep your money and your data safe, but you too can affect the security of your account – in both positive and negative ways. Here, we summarize which measures Holvi implements to keep your account safe and tell you what you as a Holvi user can do to ensure that these measures are effective.


How does Holvi ensure the security of your account?

You should note the features described below, which are geared towards your account safety.


1. Two-factor authentication

We have implemented two-factor authentication for our users. When you sign in to your account or make a payment, you will be asked to complete 2-factor authentication. In addition to providing your secret authentication material (password, PIN code, or biometric data), you’ll also be required to input a one-time authentication code generated by the application you have previously configured. So even if someone has stolen your password, for example via an infected computer or a phishing web page, they still won’t be able to access your account.


2. Card settings 

Holvi gives you control over your payment card settings. 

If you suspect that you’ve lost your card, you can block it right away from directly from your account. And if it’s a false alarm and you find the card, you can unblock it yourself. 

You can also restrict the use of the card and choose whether the card can be used for cash withdrawals or online payments. If you don’t usually withdraw cash from your Holvi account, it might make sense to disable cash withdrawals.


3. Mobile notifications for card usage

When you enable push notifications in the mobile app, you will always be notified when your card has been used. This way, you are always up to date on your card activity. If you notice a card payment that you haven't made, you can react immediately and block the card.


4. Holvi account users

Holvi allows you to add additional users to your account. It’s possible to delegate duties by creating corresponding users of your account, and by granting them only the permissions they need for their task. 

For example, you can grant “assistant permissions” to your accountant, and they’ll be able to retrieve the information they need from your account – but not make any payments or change your account settings.


What can you do to make sure your account stays safe?

Security breaches are often caused by human error. Even with the best technology and strong authentication, the user still must follow general “information security hygiene”. The easiest and most relevant parts of it are summarized below.


1. Never share your secret information with anyone

The bits of information listed below should be never disclosed to anyone:

  • Any of your passwords.
  • Your PIN code.
  • Any one-time confirmation code (received by SMS or from an authentication app).
  • QR code received for configuring the authentication app.

Holvi will never ask you for this information!

If you want to delegate some tasks related to your Holvi account, always do so by adding users as described in the previous section – never share your Holvi account password.


2. Keep an eye on sensitive information

The information below is no secret in the sense that it shall be provided in certain cases. For example, payment card information is given to merchants, and Holvi technical support will ask for your username. Still, only specific people need to know this data and revealing it makes an unnecessary exposure. To protect yourself, be sure to keep the following information confidential:

  • The 16-digit Holvi card number and its CVV number (3-digit series on the back of the card).
  • Your Holvi username.
  • Any of your identifiers in Holvi system, such as your web shop internal ID.


3. Stay alert online

A fraudulent site can mimic Holvi and trick you into providing your username/password, or your card information. Such scam sites can look identical to the real thing, so it’s not enough to just trust your gut. Ensure that the URL is “”, not anything similar-looking. Note "http‌s://" – the ‘s’ in the address indicates that the connection is encrypted.

Remember that in many cases e-mail is not an authenticated channel. Just as with a paper letter, the sender address can often be faked. Keep in mind that the mail claiming to come from the correct address “” can, in reality, be sent by fraudsters.

If you have any doubts that an email you received or a link in an email isn’t legitimate, don’t provide your account or payment card information – contact our customer support and we will check if everything is as it should be.


4. Keep your software up to date

Be sure to install the software updates issued by the vendors. This applies to your Holvi mobile app as well as your computer's operating system, antivirus software, browser or any add-ons.


5. Consider WiFi networks as untrusted

If you are using a WiFi network over which you do not have full control and full trust, using a VPN is strongly recommended. Remember that just the network ID does not always guarantee that the network is what you expected it to be: an attacker might have installed their own access point with the same name.


It’s about the small things

Keeping your account safe isn’t rocket science – it’s about small daily choices when managing your everyday finances to keep your account safe. Because when it comes to your money, a little extra vigilance is always in order.

Don't have a Holvi account yet? Download the Holvi guide here to learn how your business can benefit from Holvi.


What is Holvi? Explore