Update your browser to the latest version in order to use all functions and increase your online safety.Update the browser
PSD2 (Payment Services Directive) is an EU Directive on payment services. Its regulations were incorporated into the Polish legal order through the amendment of the Payment Services Act. What are the goals of PSD2?
PSD2 [Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market] is an answer to development of technology as well as new payment services. PSD2, with its regulations incorporated into the Polish legal order through the amendment of the Payment Services Act, i.a. will allow a single payments market to be created in the EU, assure even greater safety of your transactions and protection of finances. Apart from that it also introduces a new category of service providers known as TPP (Third Party Providers) who will be able to provide additional services e.g. if you agree, they will be able to get access to information about your account, order processing of payments and check availability of funds on your account.
The security of your finances will increase. In accordance with new regulations, certain operations require the use of the strong customer authentication (SCA), which means a two-step process of verifying the Client's identity. We can ask you for additional verification via SMS P@ssword or Mobile Authorization, in particular:
Thanks to open banking you will have access to all your payment accounts from one place, e.g. you will check the balance of an account in another bank from the level of our banking. Thanks to open banking you will get a better grasp of your finances and will better manage your budget.
Your liability for unauthorised transactions will be reduced e.g. if you lose the card or phone (remember to report any payment made without your consent). So far this has been 150 euro, now you are responsible for a maximum of 50 euros.
You will get a faster reply to claims concerning your payment transactions. This time will be shortened from 30 calendar days to 15 working days.
Sending a cross-border transfer to a country from the European Economic Area (EU member states, Iceland, Norway, Liechtenstein and Switzerland) you will pay part of the transfer cost and the recipient will pay the other part (SHA option, in which costs are shared between the sender and the recipient of the transfer).
From 14 September 2019, in order to use Millenet and the mobile app, you must be able to receive SMS P@sswords. Therefore, make sure that you have added your phone number in the Bank system.
You can register or change your phone number in Millenet (after printing out a single-use P@sword 2 from a Bank Millennium ATM) or in any Bank Millennium branch.Find branch
"Open banking" term refers to payment services that, according to the PSD2 Directive, can be provided by certified external service providers, e.g. other banks or payment institutions (i.e. TPP, Third Party Providers).
Of course, you must agree to using their services each time.
TPP will ask you each time for your consent to performance of a particular service (AIS, PIS or CAF). If you do not agree to provision of services by TPP you can withhold your consent. In case of PIS i.e. Payment Initiation Service, you can set a PLN 0 limit for TPP. In this way TPP will not initiate any transaction from your payment account. It can be done in Millenet in the Transaction limits settings > Limits and other settings > Daily limit for PSD2 operations tab.
Strong Customer Authentication (SCA) is the way, in which identity should be verified of a payment services user during performance of particular transactions. Strong customer authentication means that a two-step user identity verification process has been used, using at least two of the following three categories:
Be very careful and do not disclose your data to unknown entities. Certified Third Party Providers (TPP) will use a special access interface, thus they will not require any confidential information from you.
Every certified Third Party Provider (TPP) is subject to registration by the Polish Financial Supervision Authority and a list of such providers will be available on the KNF website in Polish.
Whenever you want to use external services, contact the selected TPP and agree to the selected services provided by him. When giving your consent, you will be redirected to the Bank Millennium website, where you will be required to enter your login details for Millenet. Expressing consent will require strong customer authentication.
Yes, consent is issued to individual service providers for selected transactions (each service requires separate consent). In the case of the CAF service, first you must agree in Millenet (in the repository of consents) that the Third Party Provider can offer us this service.
For certified third party service providers (TPP) we have prepared a special access interface and technical documentation. For security reasons, we need to verify each time that a particular entity complies with the Payment Services Act. Without this verification, we cannot share your data with the Third Party Provider.
If the TPP is outside the scope of consent or without it, the complaint must be submitted to TPP and, in addition, the Polish Financial Supervision Authority (UKNF) should be notified.
If you are a co-owner of the account, you can use TPP services. As a co-owner of the account, you have the full right to express consents regarding access to account data and transaction history, as well as to initiate payment transactions.
If you are an authorized representative of a bank account, you may not use Third Party Providers because the delegates do not have access and ability to manage the accounts of holders through electronic banking.
All transactions initiated by TPP with your consent have been completed. According to the regulations, we verify TPP certificates, so if TPP has lost the certificate, we will not execute any transactions initiated by it.
For certified Third Party Providers (TPP), we provide an API access interface with documentation. You can use the production environment as well as the test one.
We guarantee the highest safety standards. We use effective methods of data encryption and protection against unauthorized access.
We provide a high quality API interface with a clear data structure. In order to start using it, you just need to register.
We provide a stable environment for both, the production and the test version with comprehensive and transparent documentation that allows for easy and quick integration with our system.
The average availability of each interface to Bank Millennium electronic channels in IV quarter of 2022 was:
Monitoring the availability and efficiency of the special API access interface and interfaces used by Bank Millennium Clients is carried out in accordance with regulatory technical standards contained in Commission Delegated Regulation (EU) 2018/389 of 27 November 2017.