The created time stamp in seconds is set by the Gateway which cannot be modified from outside. The Gateway is trimming the milliseconds intentionally in order for it to be compatible with all the customers. See OASIS standard doc:
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf - Page 10, in the example created time stamp does not contain milliseconds.
To include milliseconds, please apply the XSL transformation using "Apply XSL Transformation" Assertion and include the schema below. Include this assertion soon after "Add or Remove Ws-Security" assertion in the policy.
<xsl:stylesheet version="1.0" xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsl="
http://www.w3.org/1999/XSL/Transform">
<xsl:output indent="yes" omit-xml-declaration="no"/>
<xsl:strip-space elements="*"/>
<xsl:template match="@*|node()">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
</xsl:copy>
</xsl:template>
<xsl:template match="wsu:Created|wsu:Expires">
<xsl:copy>
<xsl:value-of select="concat(substring-before(., 'Z'), '.000Z')"/>
</xsl:copy>
</xsl:template>
This will append 000Z with the created timestamp with the request.