Update your browser to the latest version in order to use all functions and increase your online safety.Update the browser
What is PSD2?
PSD2 (Payment Services Directive) is an EU Directive on payment services. Its regulations were incorporated into the Polish legal order through the amendment of the Payment Services Act. What are the goals of PSD2?
PSD2 [Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market] is an answer to development of technology as well as new payment services. PSD2, with its regulations incorporated into the Polish legal order through the amendment of the Payment Services Act, i.a. will allow a single payments market to be created in the EU, assure safety of your transactions and protection of finances. Apart from that it also introduces a new category of service providers known as TPP (Third Party Providers) who will be able to provide additional services e.g. if you agree, they will be able to get access to information about your account, order processing of payments and check availability of funds on your account.
More secure confirmation of operations
The security of your finances will increase. In accordance with new regulations, certain operations require the use of the strong customer authentication (SCA), which means a two-step process of verifying the Client's identity. We can ask you for additional verification via SMS P@ssword or Mobile Authorization, in particular:
- once every 90 days while logging in to Millenet
- when checking transaction history older than 90 days
Better perspective on your budget
Thanks to open banking you will have access to all your payment accounts from one place, e.g. you will check the balance of an account in another bank from the level of our banking. Thanks to open banking you will get a better grasp of your finances and will better manage your budget.
Benefits for you
Your liability for unauthorised transactions will be reduced e.g. if you lose the card or phone (remember to report any payment made without your consent). So far this has been 150 euro, now you are responsible for a maximum of 50 euros.
You will get a faster reply to claims concerning your payment transactions. This time will be shortened from 30 calendar days to 15 working days.
New rules for cross-border transfers
Sending a cross-border transfer to a country from the European Economic Area (EU member states, Iceland, Norway, Liechtenstein and Switzerland) you will pay part of the transfer cost and the recipient will pay the other part (SHA option, in which costs are shared between the sender and the recipient of the transfer).
How to prepare?
From 14 September 2019, in order to use Millenet and the mobile app, you must be able to receive SMS P@sswords. Therefore, make sure that you have added your phone number in the Bank system.
You can register or change your phone number in any Bank Millennium branch.Find branch
Open banking in summary
"Open banking" term refers to payment services that, according to the PSD2 Directive, can be provided by certified external service providers, e.g. other banks or payment institutions (i.e. TPP, Third Party Providers).
Of course, you must agree to using their services each time.
Important! It is worth remembering
- Can I resign from using the services of a Third Party Provider (TPP)?
TPP will ask you each time for your consent to performance of a particular service (AIS, PIS or CAF). If you do not agree to provision of services by TPP you can withhold your consent. In case of PIS i.e. Payment Initiation Service, you can set a PLN 0 limit for TPP. In this way TPP will not initiate any transaction from your payment account.
- What is strong customer authentication?
Strong Customer Authentication (SCA) is the way, in which identity should be verified of a payment services user during performance of particular transactions. Strong customer authentication means that a two-step user identity verification process has been used, using at least two of the following three categories:
- knowledge (something only the user knows);
- ownership (something only the user has);
- inherence (something only the user is).
- Can I give my login data to the Third Party Provider (TPP)?
Be very careful and do not disclose your data to unknown entities. Certified Third Party Providers (TPP) will use a special access interface, thus they will not require any confidential information from you.
- I gave my login data to a certified Third Party Provider but I am concerned about the safety of my finances. What can I do?
You always have the right to change or block MilleKod. To do this call TeleMillennium urgently. Moreover, you always have the right to file an objection to AIS and PIS services and also to withdraw your consent for CAF services in the repository of consents in Millenet. The consent must also be withdrawn at the Third Party Provider (TPP).
- How can I check if a particular service provider is a certified Third Party Provider (TPP)?
Every certified Third Party Provider (TPP) is subject to registration by the Polish Financial Supervision Authority and a list of such providers will be available on the KNF website (www.knf.gov.pl).
- I want to use the services of a Third Party Provider. What should I do?
Whenever you want to use external services, contact the selected TPP and agree to the selected services provided by him. When giving your consent, you will be redirected to the Bank Millennium website, where you will be required to enter your login details for Millenet. Expressing consent will require strong customer authentication.
- Can I give consent only to the selected Third Party Provider (TPP)?
Yes, consent is issued to individual service providers for selected transactions (each service requires separate consent). In the case of the CAF service, first you must agree in Millenet (in the repository of consents) that the Third Party Provider can offer us this service.
- I want to use the service of a Third Party Provider (TPP), but I can not. Why?
For certified third party service providers (TPP) we have prepared a special access interface and technical documentation. For security reasons, we need to verify each time that a particular entity complies with the Payment Services Act. Without this verification, we cannot share your data with the Third Party Provider.
- I have not agreed but a Third Party Provider (TPP) initiated payment from my account. What can I do?
If the TPP is outside the scope of consent or without it, the complaint must be submitted to TPP and, in addition, the Polish Financial Supervision Authority (UKNF) should be notified.
- Can I use TPP services if I am a co-owner of the account?
If you are a co-owner of the account, you can use TPP services. As a co-owner of the account, you have the full right to express consents regarding access to account data and transaction history, as well as to initiate payment transactions.
- Can I use TPP services if I am a representative of the account?
If you are an authorized representative of a bank account, you may not use Third Party Providers because the delegates do not have access and ability to manage the accounts of holders through electronic banking.
- The Third Party Provider (TPP), whose services I use, has lost the certificate. What is the status of my current transactions and what do I have to do?
All transactions initiated by TPP with your consent have been completed. According to the regulations, we verify TPP certificates, so if TPP has lost the certificate, we will not execute any transactions initiated by it.
Information for Third Party Providers (TPP)
For certified Third Party Providers (TPP), we provide an API access interface with documentation. You can use the production environment as well as the test one.
We guarantee the highest safety standards. We use effective methods of data encryption and protection against unauthorized access.
We provide a high quality API interface with a clear data structure. In order to start using it, you just need to register.
We provide a stable environment for both, the production and the test version with comprehensive and transparent documentation that allows for easy and quick integration with our system.
Availability and efficiency of Bank Millennium electronic channels
The average availability of each interface to Bank Millennium electronic channels in III quarter of 2019 was:
API access interface
Millenet for Individuals
Millenet for Companies
Mobile app for Individuals
Mobile app for Companies
Monitoring the availability and efficiency of the special API access interface and interfaces used by Bank Millennium Clients is carried out in accordance with regulatory technical standards contained in Commission Delegated Regulation (EU) 2018/389 of 27 November 2017.