A new and clearer way of presenting and entering the additional identifier (e.g. PESEL)
We have improved the graphic presentation and the method of entering the additional identifier in the logging process. Your identifier (e.g. PESEL, number of personal identity card, passport, REGON or NIP) will be presented in accordance with its actual number of digits to improve clarity and to facilitate logging.
Define your own alias for MilleKod
You can define your own name for MilleKod after logging and selecting the tab: My settings/ Security settings. You can use it interchangeably with MilleKod because MilleKod stays always active. Remember that your personalised name for MilleKod must be made up of at least 8 and not more than 16 characters (digits or letters) and cannot be easily deciphered by others.
Login to IVR is performed using MilleKod number received in agreement and there is no possibility to use own name for MilleKod.
Set up captcha
After logging, you can also define captcha. Simply select the tab: My settings/Security settings. After it has been defined, captcha will be shown at your login screen, after entering MilleKod.
Use the virtual keyboard for logging
During logging, you can use the virtual keyboard, which provides additional protection against keyloggers in electronic banking.
SMSP@ssowrds are one-time codes sent to your moblie phone number.
SMSp@sswords are used for authentication of operations in Internet Banking system for individuals.
What are the advantages of SMSP@sswords?
- Security. SMSP@ssord is unique for each operation. You can authorize only the operation for which it was generated. In addition to this higher security level is provided by introducing two separate devices necessary to perform an operation.
- No additional cost. SMSP@ssword service will be fully free of charge. Bank will pay for sent SMS's.
- You do not have to remember additional passwords. Bank will send SMSP@ssword always when you perform operation that should be authorized.
- You can activate SMSP@ssword at any moment.
Login - P@ssword 1
Every client recieves an unique MilleKod used as a username in the login process. Every user recieves also P@ssword1 which is used in the verification process. During the first login the system will force the user to change the P@ssword1.
P@ssword1 is an individual code consisting of 8 digits, used to Millenet login purposes.
The client can change P@ssword1, and what is more the system once in while remindes the user to change the password.
In order to increase the security level after the third failed attempt to login the system will block the access to Millenet for that specific user.
The security of the Millenet system is guaranteed by encrypted transmission using 128-bit SSL protocol.
The information about the encryption method is prefix https:// in the begining of the webpage address
Millennium Bank uses GeoTrust True BusinessID SSL certificate guaranteed by GeoTrust, a company specializing in encrypting and data security. This protection method prevents any unauthorized access to the client's confidencial data. What is more the certificate ensures that the login page belongs to the institution mentioned in the certificate.
Daily transaction limit (main limit) defines the amount limit for transactions executed in a specific day. The amounts of the incoming transfers and standing orders are included in the daily limit. Mentioned restrictions are not applicable to transfers between owned accounts in Millennium Bank.
In case of joint account each owner defines individually the amount of daily transaction limit.
It is an additional protection for the customer. The amount of the daily limit can be changed individually by customer (Profile -> security settings - confirmed by SMSp@sswords) or when visiting Bank's branch. User can check the used amount of the daily limit in the following Millenet section: Profile -> Security settings -- field Daily limit usage.
Maximum amount of daily limit is defined in price list.
How does 3D Secure work in Bank Millennium?
3D Secure transactions are made with an additional security mechanism in the form of authorisation with single-use SMS P@sswords or authorisation in the mobile application.
During card payments, e.g. at an online shop, the Bank may send to the mobile phone number predefined by you a single-use secure SMS P@ssword with request to enter it on the dedicated and secured website or send PUSH message with request to approve the transaction with PIN code or to scan the fingerprint (if your device supports this function).
Provided financial data will then be sent to a secure authentication server. On this very first stage it will be possible to immediately verify if the card was not stolen, lost or cancelled for other reasons.
What do you need to make an Internet payment?
To ensure the highest level of security of your online card transactions, it is necessary to activate the SMSP@ssword service. Detailed information about activation process are available in section Transaction confirmation.
In order to use a more convenient way of accepting online card transactions, you have to activate Bank Millennium mobile application and change 3D Secure settings in the application settings (tab Settings > Transaction acceptance).
The mobile phone number defined at the Bank is used in the Millenet system to confirm transfer orders, sign agreements and to receive transactions notifications.
You will learn how to activate SMS P@ssword service in the Access and login tab.
How does 3D Secure work?
When making payments, e.g. in an online shop, upon selection of the card payment method and entering the required data, transaction authorisation will follow (for sites participating in the MasterCard SecureCode or Verified by Visa. For sites not participating in the MasterCard SecureCode or Verified by Visa confirmation of payment will be processed as usual).
To make a 3D Secure payment follow the instructions:
1. Fill-in the form
Please check if payment information are correct:
- Merchant name,
- Date and time,
- Card number,
- Amount (final amount of card payment)
At the same time, a text message will be sent to your mobile phone. Upon its receipt, read it carefully and check whether its details are consistent with those presented in the form.
If the data are correct, provide the one-time SMSP@ssword from the text message and confirm the transaction by selecting the "Accept" option.
If the data shown are incorrect, cancel the transaction using the „Cancel" option.
2. Finalizing the transaction
After positive SMSP@ssword validation you will be informed that the transaction has been successfully completed.
In case any problem occurs in the payment process, the system will inform you by displaying an appropriate message. Remember that for security reasons entering an incorrect SMSP@ssword three times may block your card for 3D Secure online transactions.
3. (optionally) Finalizing the transaction using the mobile application
If you changed the authorization method to mobile application, after the transaction, instead of SMS Password, you will receive a PUSH message. At the same time, payment details will be shown on your desktop (as it is visible on the screen below). The PUSH message will open a confirmation screen in your app where you can authorize the transaction using your PIN code, Touch ID or Android Fingerprint ID.
- Maximum security – transactions protected by two independent access channels: web browser and mobile phone. Card holder will be identified on grounds of card number, expiry date, CVV2/CVC2 code and additionally on the basis of a secure, single-use SMS P@ssword sent to the mobile phone number pre-defined at the Bank or authorisation in the mobile application.
- No additional cost – 3D Secure provides the highest level of security without additional costs . The Bank does not charge for the service. All the text messages sent to the card holder and PUSH messages sent to the devices with active mobile application are free of charge.
- Convenience – the payment form is automatically filled in with the data submitted by the shop, you should only enter 6-digit password from the text message or PIN code/scan your fingerprint in the mobile application of your device.
3D Secure is available to Bank Millennium customers who meet the conditions below:
- Has an active Millennium prepaid, debit or credit card (Visa or MasterCard),
- Has access to the Millenet transactional system for individuals/business customers,
- Has activated the SMSP@ssword service,
- (optionally) has Bank Millennium mobile application.
When you log into the system, never give your entire PESEL and phone number. Remember that Millenet requests only 2 digits from your identifier.
Beware of the following situations:
- upon failed login, Millenet will keep requesting you to enter the same two digits from your identifier, until they are entered correctly,
- if you notice that the system asks you to enter more than 2 digits, immediately stop the login and contact the Bank.
We ask kindly to report us such issues notification of suspected abuse, through Millenet system or to number 801 24 HELP (801 24 4357).
Do not give your phone number in part or in full when you log in!
Beware of the following situations:
- if you see that Millenet asks you about your phone number during login, immediately stop the login process and contact the Bank,
- the Bank never requests your phone number when you log in, except when you print out password 2 for activation and change your contact phone number,
- do not give access to your phone to people whom you do not trust and do not install any software or applications from unknown sources.
Do not install software from untrusted sources on your computer or mobile.
The simplest way to install malicious software on your system is to make you install it yourself.Be very careful with software downloaded from the Internet.
- Do not launch programmes received by email
- Do not open files with .exe extension of unknown origin. Often times, programmes with .exe extension, may install "in the background" additional spying software or software that provides full on-line access to your computer
- Remember that use of P2P software (for instance, Bearshare, KaZaA, eMule, DC++ etc.) exposes your computer to security risks
- Do not install software on your mobile unless you know its origin
Verify the certificate of the page.
Verify the certificate of the page and never reply to e-mails in which you are asked to provide confidential data!
The connection between your browser and our server is encrypted with 128-bit SSL protocol. Small locked padlock on the bottom of the browser means that the connection is encrypted. Please check if while connecting to our transactional system the padlock looks as following:
MS Internet Explorer 7.0:
Mozilla Firefox 3.0.0.x:
By double clicking on the padlock we can see the certificate of the page. The certificates should be issued to www.millenet.pl as follows:
MS Internet Explorer:
Remember, that Bank Millennium never asks to provide confidential data by e-mail, so never reply to e-mails in which you are asked to provide your confidential data as for instance:
- personal data,
- Mother's maiden name,
- banking account number,
- payment cards numbers,
- card validity dates,authorisation codes CVV2 of payment cards (last 3 digits on the right of signature fields).
When receiving emails with attachments from unknown source never open them. Very often such attachments contain viruses or spyware software and may be installed automatically on your computer.
Regularly update system installed on your computer.
You shall be interested with the updates of your system that have impact on its security.
If you use Microsoft Windows, you should use automatic Windows update option.
Access to this option you can get by:
- Choosing option Windows update from your Windows Start menu.
- Or typing to your browser address: http://windowsupdate.microsoft.com.
You can also read about security on the Microsoft Windows pages:
If you use another operating system then you shall check web site of its developer and if possible you shall subscribe to the mailing list about system updates.
Take care about your passwords security and compare content of SMSp@assword with content of internet page!
- Never reveal your passwords to anybody
- Change passwords at least once per month (in Millenet system you can set password change reminder every 7 to 60 days)
- Never write down your passwords nor send it via e-mail
- If you think that somebody could know your password - change it as soon as possible
- Use passwords different from each other and from Millekod being not easy to guess
Remember: before confirming each operation (eg. transfer), with typed SMSP@ssword, please compare content of SMS with content of internet page, in order to make sure, that proper operation is being confirmed.
Use anti-virus software.
Unfortunately sometimes it can happen that dangerous software may appear in your system - virus or software that allows to remotely take control of your system.
Good anti-virus, regularly updated, will help you to fight against such programs and to prevent them to come on your PC. Even if you have such a dangerous program installed, anti-virus will warn you while it would be executed.
You should never disable anti-virus! 10 seconds without antivirus is enough to install spy software on your computer.
Examples of anti-virus scanners avaiable online:
- Skaner internetowy Mks vir
Examples of anti-virus software:
- Avast Home Edition
- Norton AntiVirus
- Kaspersky Anti-Virus Personal
Use personal firewall system.
Personal firewall is a software that will warn you when somebody will try to connect remotely to your computer. You will be also warned if some about the sending of information to the network.
Using personal firewall requires little bit better understanding of the system installed on your PC in order to know which programs can be allowed to connect to the network and which are to be blocked. It is worth to invest in such knowledge to make the attacks targetting to your personal data more difficult.
Examples of such programs are:
- Sunbelt Personal Firewall
- Comodo Free Firewall
Pay attention to the address of the page that you are connecting to.
The correct address of our transactional site begins with www.bankmillennium.pl
If another address is presented in the address field in the web browser you should be very suspicious and you should not enter any data.
If somebody would try to re-direct address www.bankmillennium.pl to another address, the following security alert should pop up:
MS Internet Explorer 7.0:
Mozilla Firefox 2.0.0.x:
It is very important to read carefully the communicate of the browser and to accept only certificate with correct data of the page.
By clicking on the button View Certificate you can see to whom the certificate has been issued.
Avoid using publicly available PCs for Millenet access.
Do not enter confidential data (Millekod, passwords) from the computer with public access, in particular from internet cafes and other public places. There can be installed a software for data interception.
Always end your usage of Millenet system by selecting "Logout" option.
Always remember to end your work in Millenet system by clicking on "Logout" button in order to terminate session correctly. Do not use different browsers windows with active Millenet sessions.