The security of your account is our top priority. We do our best to keep your money and your data safe, but you too can affect the security of your account – in both positive and negative ways. Here, we summarize which measures Holvi implements to keep your account safe and tell you what you as a Holvi user can do to ensure that these measures are effective.
How does Holvi ensure the security of your account?
You should note the features described below, which are geared towards your account safety.
1. Two-factor authentication
We have implemented two-factor authentication for our users. When you sign in to your account or make a payment, you will be asked to complete 2-factor authentication. In addition to providing your secret authentication material (password, PIN code, or biometric data), you’ll also be required to input a one-time authentication code generated by the application you have previously configured. So even if someone has stolen your password, for example via an infected computer or a phishing web page, they still won’t be able to access your account.
2. Card settings
Holvi gives you control over your payment card settings.
If you suspect that you’ve lost your card, you can block it right away from directly from your account. And if it’s a false alarm and you find the card, you can unblock it yourself.
You can also restrict the use of the card and choose whether the card can be used for cash withdrawals or online payments. If you don’t usually withdraw cash from your Holvi account, it might make sense to disable cash withdrawals.
3. Mobile notifications for card usage
When you enable push notifications in the mobile app, you will always be notified when your card has been used. This way, you are always up to date on your card activity. If you notice a card payment that you haven't made, you can react immediately and block the card.
4. Holvi account users
Holvi allows you to add additional users to your account. It’s possible to delegate duties by creating corresponding users of your account, and by granting them only the permissions they need for their task.
For example, you can grant “assistant permissions” to your accountant, and they’ll be able to retrieve the information they need from your account – but not make any payments or change your account settings.
What can you do to make sure your account stays safe?
Security breaches are often caused by human error. Even with the best technology and strong authentication, the user still must follow general “information security hygiene”. The easiest and most relevant parts of it are summarized below.
1. Never share your secret information with anyone
The bits of information listed below should be never disclosed to anyone:
Any of your passwords.
Your PIN code.
Any one-time confirmation code (received by SMS or from an authentication app).
QR code received for configuring the authentication app.
Holvi will never ask you for this information!
If you want to delegate some tasks related to your Holvi account, always do so by adding users as described in the previous section – never share your Holvi account password.
2. Keep an eye on sensitive information
The information below is no secret in the sense that it shall be provided in certain cases. For example, payment card information is given to merchants, and Holvi technical support will ask for your username. Still, only specific people need to know this data and revealing it makes an unnecessary exposure. To protect yourself, be sure to keep the following information confidential:
The 16-digit Holvi card number and its CVV number (3-digit series on the back of the card).
Your Holvi username.
Any of your identifiers in Holvi system, such as your web shop internal ID.
3. Stay alert online
A fraudulent site can mimic Holvi and trick you into providing your username/password, or your card information. Such scam sites can look identical to the real thing, so it’s not enough to just trust your gut. Ensure that the URL is “https://holvi.com”, not anything similar-looking. Note "https://" – the ‘s’ in the address indicates that the connection is encrypted.
Remember that in many cases e-mail is not an authenticated channel. Just as with a paper letter, the sender address can often be faked. Keep in mind that the mail claiming to come from the correct address “holvi.com” can, in reality, be sent by fraudsters.
If you have any doubts that an email you received or a link in an email isn’t legitimate, don’t provide your account or payment card information – contact our customer support and we will check if everything is as it should be.
4. Keep your software up to date
Be sure to install the software updates issued by the vendors. This applies to your Holvi mobile app as well as your computer's operating system, antivirus software, browser or any add-ons.
5. Consider WiFi networks as untrusted
If you are using a WiFi network over which you do not have full control and full trust, using a VPN is strongly recommended. Remember that just the network ID does not always guarantee that the network is what you expected it to be: an attacker might have installed their own access point with the same name.
It’s about the small things
Keeping your account safe isn’t rocket science – it’s about small daily choices when managing your everyday finances to keep your account safe. Because when it comes to your money, a little extra vigilance is always in order.
How does Holvi differ from other traditional business current accounts and services provided for entrepreneurs? How does it help small business owners to spend more time on productive work? Here are ...
Holvi Payment Services Ltd is regulated by the Financial Supervisory Authority of Finland as an Authorised Payment Institution. The current account issued by Holvi is a payment account and the funds held on the account are managed as segregated customer funds. Funds on the payment account are not covered by deposit insurance and the funds do not accrue interest.
Mastercard is a registered trademark of Mastercard International Incorporated. The Card is issued by Wirecard Card Solutions Ltd (“WDCS”) pursuant to licence by Mastercard International Inc. WDCS is authorised by the Financial Conduct Authority (UK) to conduct electronic money service activities under the Electronic Money Regulations 2011 (Ref: 900051).