Since 25.08 It will not be possible to log in to Millenet from the version of the browser you are now using. Update the browser on your device and use online banking in a comfortable and secure way.Update the browser
What is PSD2?
PSD2 (Payment Services Directive) is an EU Directive on payment services. Its regulations were incorporated into the Polish legal order through the amendment of the Payment Services Act. What do these changes mean in practice?
PSD2 [Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market] is a reply to development of technology as well as new payment services. PSD2, which regulations were incorporated into the Polish legal order through the amendment of the Payment Services Act, i.a. will allow a single payments market to be created in the EU, assure even greater safety of your transactions and protection of finances. Apart from that it also introduces a new category of service providers known as TPP (Third Party Providers) who will be able to provide additional services e.g. if you agree, they will be able to get access to information about your account, order processing of payments and check availability of funds on your account.
- Stronger protection
The liability for unauthorised payment transactions will be reduced e.g. if the card or telephone is lost. So far this has been 150 euro, now the maximum amount is 50 euros.
- Faster claims
We will respond faster to claims concerning payment transactions. This time will be reduced from 30 calendar days to 15 working days.
- New rules for cross-border transfers
Sending a cross-border transfer to a country from the European Economic Area (EU member states, Iceland, Norway, Liechtenstein and Switzerland) only SHA option, in which the costs are shared between the sender and the recipient of the transfer.
More secure confirmation of operations
The security of business finances will increase. In accordance with new regulations certain operations must satisfy the strong customer authentication requirement. This means a two-step process of verifying the user's identity, e.g. by means of simultaneous verification of Password 1 and a token.
Fuller picture of finances
Open banking will allow access to all business payment accounts from one place, e.g. an authorized user will check the balance of an account in another bank from the level of our banking. Thanks to open banking a company will get a fuller picture of finances and will better manage your budget.
Important! It is worth remembering
Information for Third Party Providers (TPP)
For certified third party providers (TPPS), we provide an API access interface with documentation. We allow you to use the production environment as well as the test one.
We guarantee the highest safety standards. We use effective methods of data encryption and protection against unauthorized access.
We provide a high quality API interface with a clear data structure. In order to start using it, you just need to register.
We provide a stable environment for both, the production and the test version with comprehensive and transparent documentation that allows for easy and quick integration with our system.
Using Third Party Povider services requires an appropriate consent each time. In order to use TPP services you must activate them in the repository of consents in Millenet in the Settings > Access and Limits section. Here you can also deactivate particular types of services.
Strong Customer Authentication (SCA) is the way, in which identity should be verified of a payment services user during performance of particular transactions. Strong customer authentication means that a two-step user identity verification process has been used, using at least two of the following three categories:
- knowledge (something only the user knows);
- ownership (something only the user has);
- inherence (something only the user is).
Be very careful and do not disclose business data to unknown entities. Certified Third Party Providers (TPP) will use a special access interface, thus they will not require any confidential information.
Every certified Third Party Provider (TPP) is subject to registration by the Polish Financial Supervision Authority and a list of such providers will be available on the KNF website in Polish.
Whenever you want to use external services, contact the selected TPP and agree to the selected services provided by him. When giving your consent, you will be redirected to the Bank Millennium website, where you will be required to enter your login details for Millenet. Expressing consent will require strong customer authentication.
Yes, consent is issued to individual service providers for selected transactions (each service requires separate consent). In the case of the CAF service, first you must agree in Millenet (in the repository of consents) that the Third Party Provider can offer us this service.
For certified third party service providers (TPP) we have prepared a special access interface and technical documentation. For security reasons, we need to verify each time that a particular entity complies with the Payment Services Act. Without this verification, we cannot share your data with the Third Party Provider.
All consents and their scope can be found in Millenet in the repository of consents. If there is any discrepancy between the expressed consent and the scope of the service provided by the Third Party Provider (TPP), contact him urgently.
I have not agreed but a Third Party Provider (TPP) initiated payment from my account. What can I do?
If the TPP is outside the scope of consent or without it, the complaint must be submitted to TPP and, in addition, the Polish Financial Supervision Authority (UKNF) should be notified.
If you are a co-owner of the account, you can use TPP services. As a co-owner of the account, you have the full right to express consents regarding access to account data and transaction history, as well as to initiate payment transactions.
If you are an authorized representative of a bank account, you may not use Third Party Providers because the delegates do not have access and ability to manage the accounts of holders through electronic banking.
The Third Party Provider (TPP), whose services I use, has lost the certificate. What is the status of my current transactions and what do I have to do?
All transactions initiated by TPP with your consent have been completed and their list can be found in the Millenet's repository of consents. According to the regulations, we verify TPP certificates, so if TPP has lost the certificate, we will not execute any transactions initiated by it. In addition, you always have the right to object to the AIS and PIS services, and to revoke your consent for CAF services in the repository of consents in Millenet. The consent must also be withdrawn at the Third Party Provider (TPP).
Availability and efficiency of Bank Millennium electronic channels
The average availability of each interface to Bank Millennium electronic channels in III quarter of 2023 was:
- API access interface
- Millenet for Individuals
- Millenet for Companies
- Mobile app for Individuals
- Mobile app for Companies
- Millenet Link
Monitoring the availability and efficiency of the special API access interface and interfaces used by Bank Millennium Clients is carried out in accordance with regulatory technical standards contained in Commission Delegated Regulation (EU) 2018/389 of 27 November 2017.