For private customers: 

• Holvi currently only has Business Customers. 

For Business customers: 

• In order to access a Payment Account or verify an outgoing payment Holvi requires Strong Customer Authentication (SCA) to be performed with its mobile app. For more specific information look at Holvi’s website here.
• In order to login to any active Payment Account users must have Holvi Mobile App installed, which acts as a Two Factor Device for authentication:

• • The first step is to provide the correct username and password
  • Then verify the login in your Holvi Mobile App

• To configure the Holvi Mobile App as a second-factor authentication device users also need to register their mobile number and verify it via SMS. Configuration of the device as a second-factor device is done with an SMS to the customer to prove ownership of the device.
  
• After an outgoing bank transfer is created, customers need to do a strong customer authentication (SCA) in Holvi Mobile App to confirm it.
• Giving permission to Third-Party Providers (TTP) to use an account is similar to the login flow for normal users, because we currently offer the same screen scraping APIs that our Web and Mobile clients use.
  • TPP should provide the username and password of the user
  • After that the user will be prompted to give consent to TPP for 90 days to access its account and/or initiate payments.

• There are no specific terms or agreements related to open banking that users need to accept; except for the consent they give to verify Third-Party Providers by doing a Secure Customer Authentication.
• Via the current Holvi PSD2 API a Third-Party Provider, with the corresponding permission, you have access to:
  • – Accounts Information (including current available balances)
    – Listing Transactions
    – Payment Initiation
    
  • See more details here https://holvi.github.io/psd2-api/.

This information is based on communication from Ålandsbanken to us. If you find any contradictory information, please let us know.