Using Third Party Povider services requires an appropriate consent each time. In order to use TPP services you must activate them in the repository of consents in Millenet in the Settings > Access and Limits section. Here you can also deactivate particular types of services.

Strong Customer Authentication (SCA) is the way, in which identity should be verified of a payment services user during performance of particular transactions. Strong customer authentication means that a two-step user identity verification process has been used, using at least two of the following three categories:

• knowledge (something only the user knows);
• ownership (something only the user has);
• inherence (something only the user is).

Be very careful and do not disclose business data to unknown entities. Certified Third Party Providers (TPP) will use a special access interface, thus they will not require any confidential information.

Every certified Third Party Provider (TPP) is subject to registration by the Polish Financial Supervision Authority and a list of such providers will be available on the KNF website in Polish.

Whenever you want to use external services, contact the selected TPP and agree to the selected services provided by him. When giving your consent, you will be redirected to the Bank Millennium website, where you will be required to enter your login details for Millenet. Expressing consent will require strong customer authentication.

Yes, consent is issued to individual service providers for selected transactions (each service requires separate consent). In the case of the CAF service, first you must agree in Millenet (in the repository of consents) that the Third Party Provider can offer us this service.

For certified third party service providers (TPP) we have prepared a special access interface and technical documentation. For security reasons, we need to verify each time that a particular entity complies with the Payment Services Act. Without this verification, we cannot share your data with the Third Party Provider.

All consents and their scope can be found in Millenet in the repository of consents. If there is any discrepancy between the expressed consent and the scope of the service provided by the Third Party Provider (TPP), contact him urgently.

If the TPP is outside the scope of consent or without it, the complaint must be submitted to TPP and, in addition, the Polish Financial Supervision Authority (UKNF) should be notified.

If you are a co-owner of the account, you can use TPP services. As a co-owner of the account, you have the full right to express consents regarding access to account data and transaction history, as well as to initiate payment transactions.

If you are an authorized representative of a bank account, you may not use Third Party Providers because the delegates do not have access and ability to manage the accounts of holders through electronic banking.

All transactions initiated by TPP with your consent have been completed and their list can be found in the Millenet's repository of consents. According to the regulations, we verify TPP certificates, so if TPP has lost the certificate, we will not execute any transactions initiated by it. In addition, you always have the right to object to the AIS and PIS services, and to revoke your consent for CAF services in the repository of consents in Millenet. The consent must also be withdrawn at the Third Party Provider (TPP).