Data Security in the Integration & UAT Environment

The Integration and UAT environment is provided solely for development, integration, and testing activities.

Our Integration and UAT environment is subject to the same strict security controls present in our production environment however to protect customers, comply with regulatory obligations, and maintain strict environment isolation, only test data is permitted in this environment.

Mandatory Requirement

Production, live, or customer‑identifiable data must never be used in the Integration environment. This requirement applies to all data types, including but not limited to:

• Personally identifiable information (PII)
• Financial or payment data
• Real account numbers, PayIDs, or identifiers
• Production secrets, credentials, or tokens

What Is Acceptable

You must only use:

• Synthetic or fictitious data
• Anonymised or irreversibly masked data sets
• Test credentials issued specifically for the Integration environment

Test data should be clearly identifiable as non‑production and safe to use for development and debugging.

What Is Not Acceptable

The following are strictly prohibited:

• Copying or restoring production data into Integration
• Connecting Integration services to production systems
• Re‑using production credentials, keys, or certificates
• Using real customer, merchant, or transaction data for testing

Rationale

This control exists to:

• Prevent accidental disclosure or misuse of live data
• Enforce environment isolation and least‑privilege access
• Support compliance with privacy, security, and financial services obligations
• Ensure safe testing without impact to production services

Enforcement

Any detection of production or customer data in the Integration environment may result in:

• Immediate suspension of Integration access
• Mandatory data purge and incident review
• Escalation under security and incident management processes