Cybersecurity
Certificates and encrypted connections
The Millenet internet banking system and Bank Millennium’s mobile application were designed in such a way that they are not only very convenient to use but also very safe.
Every PDF document downloaded from Millenet is signed with Bank Millennium’s safety certificate. That makes it possible to track with ease whether anyone has altered its contents after signing.
Every document placed in Millenet in the section “Information on changes” has a unique checksum (a cryptographic hash function using SHA 256). Any change to a document triggers a change in the checksum. Documents containing a checksum are signed using an electronic certificate that utilizes a time stamp.
Bank Millennium uses four different certificates to sign PDF documents. All of them are characterized by an identical parameter “O” (Organization) Bank Millennium S.A. and a list of attributes that, when they appear together, form the unique data of a given electronic signature.
Certificates used by Bank Millennium:
- Confirmation of integrity issued by Certum Digital Identification CA SHA2
- Bank Millennium S.A. issued by Certum Digital Identification CA SHA2
- Bank Millennium S.A. (OU Bank Millennium S.A.) issued by Entrust Class 3 Client CA – SHA256
- Bank Millennium S.A. (OU Confirmation of integrity) issued by Entrust Class 3 Client CA – SHA256
Logging into an account
To log into Millenet several data known only by a given client must be provided: the login, password and selected characters from an identification number. Moreover, once every 90 days we ask clients for additional confirmation of their login using a password by SMS. Clients may also choose a safety icon related to their login. This icon makes it possible to determine whether the client is logging into the Bank’s website or to a deceptively similar site copied by criminals.
Before a client starts to use the mobile application, it must be activated. The activation process includes entering the pertinent data known only to a given client and confirmation through an IVR connection. During the activation process the application is assigned to a given device. That is why clients must repeat the activation process every time they switch to a new device.
Logging into the application is secured using a 4-digit PIN code which clients select on their own. It is also possible to log in use biometric data if a device supports that option (thumb print, face scan).
If a client loses his or her handset with the installed application, he or she can rapidly block the mobile application in Millenet or through the hotline. After a short period of inactivity, clients are automatically logged out of Millenet and from the mobile application.
Payment safeguards
Wire transfers and payments submitted in electronic banking or using online cards must be authorized.
- 3-D Secure is an additional safeguard for internet transactions executed using a card, e.g. in online shops. It protects the identity of the buyer and transaction-related data. Clients additionally confirm payments in stores bearing the logo Visa Secure or Mastercard Identity Check using an SMS password or by logging into the mobile application.
- SMS passwords – are non-recurring free codes which we send to the client’s phone number. The code in the SMS should be keyed into the designated spot in the payment form and approved by clicking on it.
- Mobile Authorization – is a method of approving transactions submitted in Millenet in the mobile application and some transactions submitted in outlets. To utilize this form of confirmation clients must have an active application.
- Confirmation of a wire transfer in the application – clients confirm wire transfers submitted in the application not by using the PIN number to the application but by using the password to log into Millenet.
- Confirmation using the PIN number to the application – some operations submitted in the application require confirmation using the PIN number, e.g. mobile BLIK payments.
Daily transaction limits afford additional protection. Limits can be customized in the settings in Millenet or in the mobile application.
It is also possible at any time to block a card temporarily or permanently in Millenet or the mobile application. Clients do not have to wait for a connection to the hotline or for an outlet to open.