PSD 2, segregation of IT environments

Hi,
i’ve found out at GUIDELINES ON SECURITY MEASURES FOR OPERATIONAL AND SECURITY RISKS UNDER PSD2 [1]

In designing, developing and providing payment services, PSPs should ensure that segregation of duties and ‘least privilege’ principles are applied. PSPs should pay special attention to the segregation of IT environments, in particular to the development, testing and production environments.

My question is whether Monzo uses dev/test/prod environments (a typical banking/telco approach) or something more like testing in production approach [2] e.g. automatic tests at during CI, then deploy to production and phase rollout.

Thank you

[1] https://www.eba.europa.eu/documents/10180/2081899/Guidelines+on+the+security+measures+under+PSD2+(EBA-GL-2017-17)_EN.pdf/c63cfcbf-7412-4cfb-8e07-47a05d016417
[2] https://medium.com/@copyconstruct/testing-in-production-the-safe-way-18ca102d0ef1

1 Like

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.