Three strategies for protecting payment systems
Current payments systems are more sophisticated than their predecessors, with more functionality, higher transaction volumes and continuously operating, open environments. As banks and their partners have rapidly expanded these payments infrastructures, many have failed to incrementally grow their testing practices to keep up with the pace of change. Many are only testing a small portion of their code, leaving entirely too much to chance. The sheer volume of payments being processed suggests risk is at an all-time high. Bankers must improve their testing practices in order to secure the business outcomes they desire while providing customers with the services they need.
Here are three key steps bankers can take to lower risk and improve quality in their payments systems:
Self-assessing your current testing strategy. Oftentimes, banks don’t have a formally defined testing strategy; they rely on what has evolved organically over a lifetime of change in the payments infrastructure. Self-assessments encourage bankers to thoughtfully consider their testing strategy, or lack thereof, and identify any potential or existing problems with their processes.
Carefully evaluating the current testing strategy will increase understanding of how to improve the quality of existing systems and decrease time-to-market for new payment types. As is often the case, self-assessment can prompt organizations to update their testing strategy to better fit today’s advanced payments ecosystem.
Embracing automation. Failures in payments infrastructure can turn out to be minor nuisances or have major impacts, costing some organizations millions of dollars. The scope of testing in a complex environment is not defined by the number of functions available to customers, but rather by the number of things that can go wrong. As a result, the amount of test scenarios required to validate performance is too large to be executed manually, and in some cases impossible to test at all. This is a major pain point facing the industry today and is why code coverage is often sacrificed in favor of meeting delivery deadlines. To expand this code coverage, organizations need to introduce automation with their testing environment.
Financial service providers often resist implementing automation to test the major payments systems in their infrastructure. This is usually because of the challenges associated with this process, such as the need for detailed planning and the learning curve that accompanies the testing of any major system. However, there are a number of reasons this should be a top priority.
Customers depend on these major payments systems daily, so when an ATM or debit card platform fails, millions of consumers can be instantly affected. These systems are also continually impacted by regulatory change. Once in place, automation speeds up the testing process, allowing organization to meet regulatory deadlines and avoid associated fines. In addition, an automated end-to-end testing platform allows organizations to more easily introduce new ways to pay without creating failure points in legacy systems through the introduction of a new payment type.
Automation is the most efficient choice for repetitive tasks, such as regression testing. For example, the expense and time involved in having a tester manually enter each test transaction while standing at an ATM can be eliminated with automation. This frees the tester to think more strategically about how to engineer the tests rather than manually needing to repeat them.
Performance and stress testing. Because there are a number of changes happening at any institution at any given time, stress and performance testing are vital. For example, most organizations are continuously going through some sort of migration project, whether that involves hardware, software, security or payments systems. New products, such as mobile payments, chip cards and EMV processing often impact existing systems and any many cases increase transaction volumes. These changes, among others, require thorough and reliable performance and stress testing to ensure that customer expectations are met without fail.
Performance testing confirms that payment systems can successfully and reliably process the anticipated volume of transactions, eliminating bottlenecks and improving system reliability. Stress testing allows organizations to identify the breaking points of their system and ensure that if systems do fail, a seamless recovery is possible. Stress and performance testing deliver meaningful results on system performance, reliability and recoverability that help organizations avoid potential failures, combat fraud and meet compliance.
However, too often performance and stress testing can be expensive and difficult to perform. Test plans often do not include performance or stress testing because of the expense and complexity involved to implement. A centralized, automated, end-to-end testing platform makes it possible to more easily incorporate these vital processes into an institution’s formal testing practices.
The leadership at payments organizations has a long list of things to worry about. Implementing next generation, automated testing strategies help these institutions mitigate risks and insure the availability of their payment services in a reliable and cost effective manner. It’s essential to thoroughly test as much code as possible to prevent system failures. When over-stressed systems do fail, the resulting errors can quickly and devastatingly multiply. A combination of self-assessment, automation, and performance and stress testing empowers payments providers to protect themselves, and their customers, from the unexpected.