Update your browser to the latest version in order to use all functions and increase your online safety.Update the browser
What is PSD2?
PSD2 (Payment Services Directive) is an EU Directive on payment services. Its regulations were incorporated into the Polish legal order through the amendment of the Payment Services Act. What do these changes mean in practice?
PSD2 [Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market] is a reply to development of technology as well as new payment services. PSD2, which regulations were incorporated into the Polish legal order through the amendment of the Payment Services Act, i.a. will allow a single payments market to be created in the EU, assure safety of your transactions and protection of finances. Apart from that it also introduces a new category of service providers known as TPP (Third Party Providers) who will be able to provide additional services e.g. if you agree, they will be able to get access to information about your account, order processing of payments and check availability of funds on your account.
The liability for unauthorised payment transactions will be reduced e.g. if the card or telephone is lost. So far this has been 150 euro, now the maximum amount is 50 euros.
We will respond faster to claims concerning payment transactions. This time will be reduced from 30 calendar days to 15 working days.
New rules for cross-border transfers
Sending a cross-border transfer to a country from the European Economic Area (EU member states, Iceland, Norway, Liechtenstein and Switzerland) only SHA option, in which the costs are shared between the sender and the recipient of the transfer.
More secure confirmation of operations
The security of business finances will increase. In accordance with new regulations certain operations must satisfy the strong customer authentication requirement. This means a two-step process of verifying the user's identity, e.g. by means of simultaneous verification of Password 1 and a token.
Fuller picture of finances
Open banking will allow access to all business payment accounts from one place, e.g. an authorized user will check the balance of an account in another bank from the level of our banking. Thanks to open banking a company will get a fuller picture of finances and will better manage your budget.
Important! It is worth remembering
Information for Third Party Providers (TPP)
For certified third party providers (TPPS), we provide an API access interface with documentation. We allow you to use the production environment as well as the test one.
We guarantee the highest safety standards. We use effective methods of data encryption and protection against unauthorized access.
We provide a high quality API interface with a clear data structure. In order to start using it, you just need to register.
We provide a stable environment for both, the production and the test version with comprehensive and transparent documentation that allows for easy and quick integration with our system.
- Can I resign from using Third Party Provider (TPP)?
Using Third Party Povider services requires an appropriate consent each time. In order to use TPP services you must activate them in the repository of consents in Millenet in the Settings > Access and Limits section. Here you can also deactivate particular types of services.
- What is strong customer authentication?
Strong Customer Authentication (SCA) is the way, in which identity should be verified of a payment services user during performance of particular transactions. Strong customer authentication means that a two-step user identity verification process has been used, using at least two of the following three categories:
- knowledge (something only the user knows);
- ownership (something only the user has);
- inherence (something only the user is).
- Can I give my logon data to the Third Party Provider (TPP)?
Be very careful and do not disclose business data to unknown entities. Certified Third Party Providers (TPP) will use a special access interface, thus they will not require any confidential information.
- I gave my logon data to a certified Third Party Provider but I am concerned about the safety of my finances. What can I do?
Each user with a set of appropriate rights can change or block MilleKod. To do this call TeleMillennium urgently. Moreover you always have the right to file an objection to AIS and PIS services and also to withdraw your consent for CAF services in the repository of consents in Millenet. The consent must also be withdrawn at the Third Party Provider (TPP).
- How can I check if a particular service provider is a certified Third Party Provider (TPP)?
Every certified Third Party Provider (TPP) is subject to registration by the Polish Financial Supervision Authority and a list of such providers will be available on the KNF website (www.knf.gov.pl).
- I want to use the services of a Third Party Provider. What should I do?
Whenever you want to use external services, contact the selected TPP and agree to the selected services provided by him. When giving your consent, you will be redirected to the Bank Millennium website, where you will be required to enter your login details for Millenet. Expressing consent will require strong customer authentication.
- Can I give consent only to the selected Third Party Provider (TPP)?
Yes, consent is issued to individual service providers for selected transactions (each service requires separate consent). In the case of the CAF service, first you must agree in Millenet (in the repository of consents) that the Third Party Provider can offer us this service.
- I want to use the service of an Third Party Provider (TPP), but I can not. Why?
For certified third party service providers (TPP) we have prepared a special access interface and technical documentation. For security reasons, we need to verify each time that a particular entity complies with the Payment Services Act. Without this verification, we cannot share your data with the Third Party Provider.
- Where can I check the expressed consents and their scope?
All consents and their scope can be found in Millenet in the repository of consents. If there is any discrepancy between the expressed consent and the scope of the service provided by the Third Party Provider (TPP), contact him urgently.
- I have not agreed but a Third Party Provider (TPP) initiated payment from my account. What can I do?
If the TPP is outside the scope of consent or without it, the complaint must be submitted to TPP and, in addition, the Polish Financial Supervision Authority (UKNF) should be notified.
- Can I use TPP services if I am a co-owner of the account?
If you are a co-owner of the account, you can use TPP services. As a co-owner of the account, you have the full right to express consents regarding access to account data and transaction history, as well as to initiate payment transactions.
- Can I use TPP services if I am a representative of the account?
If you are an authorized representative of a bank account, you may not use Third Party Providers because the delegates do not have access and ability to manage the accounts of holders through electronic banking.
- The Third Party Provider (TPP), whose services I use, has lost the certificate. What is the status of my current transactions and what do I have to do?
All transactions initiated by TPP with your consent have been completed and their list can be found in the Millenet's repository of consents. According to the regulations, we verify TPP certificates, so if TPP has lost the certificate, we will not execute any transactions initiated by it. In addition, you always have the right to object to the AIS and PIS services, and to revoke your consent for CAF services in the repository of consents in Millenet. The consent must also be withdrawn at the Third Party Provider (TPP).
Availability and efficiency of Bank Millennium electronic channels
The average availability of each interface to Bank Millennium electronic channels in III quarter of 2019 was:
API access interface
Millenet for Individuals
Millenet for Companies
Mobile app for Individuals
Mobile app for Companies
Monitoring the availability and efficiency of the special API access interface and interfaces used by Bank Millennium Clients is carried out in accordance with regulatory technical standards contained in Commission Delegated Regulation (EU) 2018/389 of 27 November 2017.