Internet Banking Security

Your security is our priority

Our internet banking system is protected by a range of advanced and reliable security measures for which we received three times in a row the award: Złoty Bankier in the category: Security – best practices for 2016, 2017 and 2018.

  • comprehensive protection during login process (individual login, password change reminders, security image etc.) - More
  • single-use SMS codes (SMS P@sswords) to authorize transactions - More
  • adjustable transaction limits - More
  • 3D secure - additional safety feature for online card payments - More
  • encrypted Internet connection and security certificates More
  • SMS notifications (MilleSMS) to stay updated on transactions - More
  • 24/7 care line and tech support - More

Secure login

See what we do to give you secure access to internet banking.

How is your identity confirmed?

During login process you will be requested to provide the following data:

  • MilleKod - MilleKod - an 8-digit login stated in your account agreement. You can set your own, friendly name for MilleKod and use it interchangeably with the 8-digit code. To define your own name for MilleKod log in to Millenet and go to Settings > Security settings.
  • P@ssword 1 - individual password you provide each time you log in to Millenet and TeleMillennium care line. You set it during the first login and can change it anytime in Millenet. Additionally, from time to time, the system will remind you to change the password.
  • Identifier - additional login securty measure. It consists of PESEL, ID card or passport number, or if you have a business bank account - of NIP or REGON. Since you need to provide only 2 random digits of the selected identifier to log in, you minimize the risk of others intercepting the entire identifier.

Remember: for security reasons, your access to Millenet internet banking system will be blocked after 3 consecutive failed attempts.

How to increase your safety while logging in even more?

Use password strength meter

The password strength meter will help you set an appropriate password. The more complicated combination of digits you choose, the more secure your password will be. You can change P@ssword 1 in Millenet in Settings > Security settings.

How to increase your safety while logging in even more?

Define the security image

Once you log in to Millenet, you can set a security image in your Security settings. It will be visible every time on the login page - after entering MilleKod. If there is no picture displayed or it does not match, do not continue with the login and call our care line immediately.

Use on-screen virtual keyboard

For increased safety, while entering your P@ssword 1 or selected digits from identifier you can use on-screen keyboard. It's a perfect protection from keyloggers, i.e. software that records the user behaviour and keys struck on a keyboard.


  • What is a document checksum?

    Documents in Information about changes section in Millenet have their own, unique checksum (cryptographic hash function SHA 256, SHA being short for Secure Hash Algorithm). Any changes to the document will result in the change of the checksum.

  • Why do I get from Bank text messages with parts of checksum?

    In order to let you check the integrity and authenticity of the documents in Information about changes section, we send text messages with first four and last four characters of the checksum. This way you can be sure to always be in possession of uncorrupted and unchanged documents.

  • How to verify checksum of a document?

    You can check the checksum of any document (SHA 256 function) in the following ways:


    Method 1 – Windows:

    1. Run Windows PowerShell from Applications.
    2. In command line type „Get-FileHash -Path z:\desktop\file.jpg -Algorithm SHA256”.
    3. Change file path from „z:\desktop\file.jpg” to the path of a file for which you want to verify checksum.
    4. Select Enter.
    5. The application will run through SHA-256 cryptographic function and output it for you.
    6. Compare the checksum from the SMS with the checksum from the Windows PowerShell. If they are the same, the document downloaded from Millenet is original and has never been changed.


    Method 2 – Windows:

    1. Download document from Information about changes section in Millenet.
    2. Hover your mouse over the document icon and click the right mouse button.
    3. Choose options: CRC SHA and SHA-256 from the displayed menu.
    4. A new window will show checksum calculated by the function SHA-256.
    5. Compare the checksum from the SMS with the checksum from the window above. If they are the same, the document downloaded from Millenet is original and has never been changed.


    Method 3:

    1. Run the Internet website, which allows you to verify the checksum (using the SHA-256 function) for a given document.
    2. Send the downloaded document to the website from the point above.
    3. This website will show checksum calculated by the function SHA-256.
    4. Compare the checksum from the SMS with the checksum from the website. If they are the same, the document downloaded from Millenet is original and has never been changed.


    Method 4 – Mac OS:

    1. Run Terminal from Spotlight, Launchpad or Programs > Tools.
    2. Type „shasum –a 256” and after space type path of a file for which you want to verify checksum.
    3. The application will run through SHA-256 cryptographic function and output it for you.
    4. Compare the checksum from the SMS with the checksum from the Terminal. If they are the same, the document downloaded from Millenet is original and has never been changed.


    Method 5 – Linux:

    1. Run the Terminal.
    2. Type path of a file for which you want to verify checksum i.e. „cd download_directory”.
    3. Then type „sha256sum foto.jpg” where „foto.jpg” is the name of a file for which you want to verify checksum.
    4. Select Enter.
    5. The application will run through SHA-256 cryptographic function and output it for you.
    6. Compare the checksum from the SMS with the checksum from the Terminal. If they are the same, the document downloaded from Millenet is original and has never been changed.

Documents in Information about changes section in Millenet are signed by the Bank Millennium with the electronic certificate. The signature includes an embedded Timestamp.

SMS P@sswords

SMS P@ssowrds are free-of-charge, single-use codes sent to your moblie phone number. You will receive them every time you make a transfer, set a standing order or conclude an agreement online (order a new debit card, buy car insirance etc.). Just type in the 6-digit code you receive in the designated filed in Millenet and confirm the operation.

Remember: for security reasons, your SMS P@sswords will be blocked after 3 consecutive failed attempts to provide correct SMS P@ssword.


  • How to unlock SMS P@sswords or change mobile number to which they are sent?

    Unlocking the SMS P@sswords and changing the default mobile number is possible in one of 2 ways:

    Przy użyciu H@sła 2 pobranego z bankomatu:

    Through care line:

    • call 801 24 HELP (801 24 4357) or +48 22 598 40 50 (for mobile and international calls),,
    • choose option 3 (for English),
    • choose option 2,
    • enter your 8-digits MilleKod,
    • enter your 8-digits P@ssword 1,
    • you will be contacted with an operator in a while.

    After verifying your information the operator will ask you to state the mobile number to which SMS P@sswords will be delivered. You will confirm the transaction by giving the consultant the activation SMS P@ssword sent to your mobile phone during the call.

    Using P@ssword 2 downloaded from an ATM:

    • print P@ssword 2 from a Millennium ATM using your credit or debit card of Bank Millennium,
    • when you have logged in Millenet the system will ask you to give the number of the mobile phone, to which SMS P@sswords will be sent,
    • after approval of the number you will get an SMS with an activating SMS P@ssword, which you will have to enter in Millenet,
    • at the end of the activation the system will require you to give selected characters from the P@ssword 2 printed out in the ATM.

  • How long does the SMS P@ssword remain valid?

    Password sent by SMS is valid for 5 minutes. New password can be generated after 2 minutes by clicking on Generate new SMS P@ssword without the need to cancel performed transaction.

  • What to do if the SMS with the SMS P@ssword is not delivered?

    If the SMS P@ssword was not delivered to the mobile phone you can generate the SMS P@ssword again without the need to cancel the pending transaction. On the screen for typing the SMS P@sswords select the button Generate new SMS P@ssword.

  • Can I use SMS P@sswords when abroad?

    Yes, just remember to activate roaming service from your mobile network operator. Additionally the Bank enables use of SMS P@sswords through mobile telephones working in networks of operators in the United Kingdom and most European Union countires.

  • Can I make transactions without giving the SMSp@ssword every time?

    This is possible for domestic transfers and top-ups of prepaid phones. For this purpose you must give the transfer beneficiaries and defined phone numbers Trusted status. However defining and editing such trusted beneficiaries does require the SMS P@ssword.

Transaction limits

Additional protection of your money is provided by Millenet transaction limit, i.e. so-called Main Limit (daily limit).

It determins the total amount of transactions you can make in one day. The amount of standing orders as transfers rejected due to incorrect data are included in the daily limit. Mentioned restrictions are not applicable to internal transfers between own accounts in Bank Millennium.

The amount of the daily limit can easily be changed in Millenet in Security settings, at a branch or call TeleMillennium. The new limit becomes immediately applicable.

In case of joint account each holder can define the amount of daily transaction limit individually.

3D Secure card payments

3D Secure is an extra protection for your online card payments. Usually, when paying in online stores, you need to provide data such as full name, card number and card validity date. When paying in stores that support 3D Secure, after providing the aforementioned data you additionally confirm the transaction with a single-use SMS P@ssword.

  • 3D Secure service is free of charge
  • available for all Bank Millennium prepaid, debit and credit cards
  • no software installation or service activation is required

Which online stores support 3D Secure?

Stores that participate in MasterCard SecureCode or Verified by Visa programmes. You'll easily recognize them by distinctive logo. In stores that do not support 3D Secure you can pay in a traditional way, by providing card details in the online form.

How does 3D Secure work?

  • 1. Fill-in the form

    Please check if payment information is correct:

    • Merchant name,
    • Date and time,
    • Card number,
    • Amount (final amount of card payment)

    At the same time, a text message will be sent to your mobile phone. Upon its receipt, read it carefully and check whether its details are consistent with those presented in the form.

    If the data are correct, provide the one-time SMSP@ssword from the text message and confirm the transaction by selecting the "Accept" option.

    If the data shown are incorrect, cancel the transaction using the „Cancel" option.

  • 2. Finalizing the transaction

    After positive SMS P@ssword validation you will be informed that the transaction has been successfully completed.

    In case any problem occurs in the payment process, the system will inform you by displaying an appropriate message. Remember that for security reasons entering an incorrect SMS P@ssword three times may block your card for 3D Secure online transactions.

  • 3. (optionally) Finalizing the transaction using the mobile application

    If you changed the authorization method to mobile application, after the transaction, instead of SMS Password, you will receive a PUSH message. At the same time, payment details will be shown on your desktop (as it is visible on the screen below). The PUSH message will open a confirmation screen in your app where you can authorize the transaction using your PIN code, Touch ID or Android Fingerprint ID.

Encrypted connection and certificates

The security of the Millenet system is guaranteed by encrypted transmission between your computer and Bank server. The transmission is proptected by 128-bit SSL protocol. The information about the encryption is visible in the prefix https:// at the begining of the website address:

Millennium Bank uses GeoTrust True BusinessID SSL certificate guaranteed by GeoTrust, a renowned company specializing in encrypting and data security. This protection method prevents any unauthorized access to your confidential data. What is more, the certificate ensures that the login page belongs to the institution mentioned in the certificate, i.e. to Bank Millennium.

How to check certificate?

In most browsers, on the left or right side of the address bar you'll see a padlock icon. The padlock should be locked. click on it to display the security certificate and make sure your connection is safe and the website administered by Bank Millennium.

See how the certificate may look like in different browsers:

Safety rules

Read 10 friendly tips for safe online banking:

  • 1. Never enter all digits of your identifier when you lon in to Millenet

    • Millenet requests only 2 characters from your identifier, e.g. 2 digits from your PESEL
    • Upon failed login, Millenet will keep requesting you to enter the same two characters from your identifier, until they are entered correctly
    • If you notice that the system asks you to enter more than 2 characters, immediately stop the login and contact the Bank

  • 2. Never enter your phone number when you log in to Millenet

    • The Bank never requests your phone number when you log in, except when you print out P@ssword 2 for activation and change your contact phone number
    • Do not give access to your phone to third party

  • 3. Do not install software from untrusted sources on your computer or mobile

    • Do not launch programmes received by email
    • Do not open files with .exe extension of unknown origin. Often times, programmes with .exe extension, may install "in the background" additional spying software or software that provides full on-line access to your computer
    • Do not use P2P software (peer-to-peer)

  • 4. Check webite certificates and address

    • The connection between your browser and our server is encrypted with 128-bit SSL protocol. Small locked padlock on the bottom of the browser means that the connection is encrypted More about certificates
    • Always check if the Bank website address begins with https://

  • 5. Do not reveal personal details by e-mail

    • Bank Millennium will never ask you to provide by e-mail confidential data such as date of birth, Mother's maiden name, PESEL number, MilleKod, passwords, payment cards numbers, card validity dates, or CVV authorisation codes
    • When receiving emails with attachments from unknown source never open them. Very often such attachments contain viruses or spyware software and may be installed automatically on your computer.

  • 6. Regularly update your computer system

    Updates of your system that have impact on its security. If, for instance, you use Microsoft Windows, you can take advantage of the automatic Windows update option.

  • 7. Never reveal your P@ssword and remember to change it from time to time

    • Change passwords at least once per month (in Millenet system you can set password change reminder every 7 to 60 days)
    • Never write down your passwords nor send it via e-mail
    • Use passwords that are hard to guess, that vary from each other, from your phone number and from MilleKod

    Remember: Before confirming each operation (eg. transfer) with SMS P@ssword, compare the content of SMS with the information on the website, in order to make sure that proper operation is being confirmed..

  • 8. Use anti-virus software and presonal firewall

    • You should never disable your anti-virus! When the anti-virus software is disabled, spy software may be installed on your computer
    • Use personal firewall software, i.e. software that will warn you each time somebody tries to connect remotely to your computer or send information from your computer outside

  • 9. Use only trusted devices

    Do not enter confidential data (identifier, MilleKod, P@ssword 1) on computers, tablets and smartphones you do not trust or which are shared by many users, especially devices in internet cafes and other public places. Such devices may contain software that intercepts data.

  • 10. Always use "log out" option

    Always remember to end your work in Millenet system by clicking on "Log out" button in order to terminate session correctly. Do not use different browsers windows with active Millenet sessions.

Make sure your data and money are safe

Beware of phishing attempts

Pay special attention if:

  • you receive an e-mail from the bank-looking address with request for update, verification or confirmation of information and log in via website given in the mail
    (fraudsters may request for the complete PESEL number or providing another new digits from the ID multiple times)
  • you receive message on Facebook with request for transfering certain amount on your friend's behalf
    (fraudsters may request for all details needed for login under the excuse of a small loan or paying for the courier etc.)
  • website on which you begin to perform payment looks different than login to Millenet or will be available on different link than usually
    (fraudsters may also request for all details needed for login as well as for complete PESEL number)

Protect yourself from viruses and false software

  • install anti-viral software on each device that you use for accessing electronic banking
  • always use only the recent, certified version of anti-viral software
  • do not install apps from uncertain sources, e.g. outside Google Play or AppStore
  • pay attention to the app's appearance and grammar correctness of texts
  • do not provide other data than usual, especially complete PESEL number
  • carefully check SMS containing SMSP@ssword
  • do not enter passowrd if SMS content is not compliant with your order

If you think your data might have been taken over, contact the Bank immediately or change login data on another device you own. Do not access electronic banking from devices accessed by many people, especially in the public places. They may contain data intercepting software.