Did you know... Holvi means 'vault' in Finnish? That's right, account security is our top priority. We do our utmost to keep your money and your data safe, but your activity also plays a role in how secure your account is.

In this article, we sum up measures Holvi takes to keep your account safe and secure, and share what you can do as a user to ensure these measures are effective.

How does Holvi keep your account safe? Introducing 3D Secure 2

Here are some of the ways we keep your account safe. Have a glance through and sleep soundly knowing that we’re doing all we can to protect you and your business.

1. 3D Secure 2 – Stronger online payment authentication

As of June 2021, Holvi uses 3D Secure 2 (3DS2) to verify online payments made using your Holvi cards. This upgraded version includes the use of biometrics (fingerprint and face recognition) to confirm your identity directly in the Holvi mobile app. This is much safer than receiving a code via SMS. You can read more about it in our full article on 3D Secure.

2. Two-factor authentication for logins

We've implemented two-factor authentication for our users. When you sign into your Holvi account or make a payment, you'll be asked to complete 2-factor authentication.

On top of providing your secret authentication material (password, PIN code, or biometric data), you’ll also be required to input a one-time authentication code. So even if someone does somehow discover your password, they still won’t be able to access your account.

3. Card settings 

Holvi gives you full control over your payment card settings. 

If you’ve lost your card, you can lock it right away directly from your account. And if it’s a false alarm and you find the card, you can unlock it yourself. 

You can also restrict the use of the card and choose whether the card can be used for cash withdrawals or online payments. For example, if you don’t usually withdraw cash from your Holvi account, it might make sense to disable cash withdrawals. Just to be safe.

4. Mobile notifications for card usage

When you enable push notifications in the mobile app, you'll always be notified when your card has been used. This way, you're always up to date on your card activity. If you notice a card payment that you haven't made, you can react immediately and block the card.

5. Holvi account users

Holvi allows you to add additional users to your account. It’s possible to delegate duties by creating corresponding users of your account, and by granting them only the permissions they need for their task. 

For example, you can grant 'assistant permissions' to your accountant, and they’ll be able to retrieve the information they need from your account – but not make any payments or change your account settings.




What can you do to help keep your account safe?

Security breaches are often caused by human error. Even with the best tech and 3DS2 authentication, users still need to follow general 'information security hygiene'. We sum up the easiest and most relevant elements below.

1. Never share your information with anyone

The bits of information listed below should be never disclosed to anyone:

  • Any of your passwords
  • Your PIN code
  • Any one-time confirmation code (received by SMS or from an authentication app)
  • QR code received for configuring the authentication app

Holvi will never ask you for this information.

If you want to delegate some tasks related to your Holvi account, always do so by adding users as described in the previous section.

Never share your Holvi account password, obviouslyyy.

2. Keep an eye on sensitive information

Always practice caution around who you share sensitive information with. To protect yourself, be sure to keep the following information confidential:

  • The 16-digit Holvi card number and its CVV number (3-digit series on the back of the card)
  • Your Holvi username
  • Any of your identifiers in Holvi system, such as your web shop internal ID

3. Stay alert online

A fraudulent site can mimic Holvi and trick you into providing your username/password, or your card information. These scam sites can look identical to the real thing, so it’s not enough to just trust your gut.

Ensure that the URL is 'https://holvi.com', not anything similar-looking. Note 'http‌s://' – the ‘s’ in the address indicates that the connection is encrypted.

Remember, in many cases e-mail is not an authenticated channel. Just as with a paper letter, the sender address can often be faked. Keep in mind that the mail claiming to come from the correct address 'holvi.com' can, in reality, be sent by fraudsters.

If you have any doubts that an email you received or a link in an email isn’t legitimate, don’t provide your account or payment card information – contact our customer support and we'll check if everything is as it should be.

4. Keep your software up to date

Be sure to install the software updates issued by the vendors. This applies to your Holvi mobile app as well as your computer's operating system, antivirus software, browser or any add-ons.

5. Consider WiFi networks as untrusted

If you're using a WiFi network you don't have full control over, using a VPN is strongly recommended. Remember that just the network ID doesn't always guarantee that the network is what you expected it to be: an attacker might have installed their own access point with the same name.

It’s about the small things

Keeping your account safe isn’t rocket science – it’s about small daily choices when managing your everyday finances to keep your account safe. Because when it comes to your money, a little extra vigilance is always in order.