Monitoring the Untestable - An Open Banking White Paper
Open banking rules require you do synthetic monitoring in production
Monitoring the Untestable focuses on the seeming conflict at the heart of PSD2 and open banking: if you don’t actively monitor your production environment with synthetic transactions, you have no idea whether your bank’s APIs are truly compliant at any given moment.
But banks are often reluctant (with good reason) to allow testing in the live environment.
For massive, complex, heterogeneous organizations like banks, sandboxes can never fully replicate the behavior of the live system that real users encounter.
Synthetic API monitoring against the production environment with dummy accounts solves this problem.
Only properly authorized users should have access to the accounts, so by setting up test calls that don’t have the proper authorization, you know there’s a serious problem if they pass. You simply can’t do that without active monitoring.
Download the white paper for more information on how to square this circle.