Quality Assurance for Financial Applications – What You May Be Missing
This is a guest article by Anand Ramakrishnan from QASource
Money makes the world go round. And so, it makes sense that financial products are in high demand. Just think about the old days – you used to have to move money between accounts at an actual, physical bank branch, deposit checks at the ATM, and pay your friends back with cash or a check. It’s a different world now, and you can do all of those things from your computer or smartphone thanks to financial applications.
For many people, financial apps are the lifeline they rely on to manage their personal wealth or gather insight into their business. Some use them to trade stocks and buy ETFs while sitting poolside or manage their retirement while they’re on a business trip.
There are investment apps that deal with capital markets and payment engines; banking applications that specialize in transferring and managing funds, or credit card and loan management; insurance applications that do claim processing, insurance management, and customer service. If it’s in the finance space, you can rest assured that it’s already out in the world – or will be soon.
In fact, 63 percent of smartphone users have at least one financial app installed, with 55 percent using at least one full-service banking app, 40 percent having at least one peer-to-peer payment app, 17 percent using one stand-alone budgeting app, and 17 percent – at least one stand-alone investing app.
While the demand for powerful, easy-to-use financial applications is obvious, these apps must also be reliant and secure to be widely adopted by modern, digital-first consumers, not to mention, compliant with the ever-growing list of federal regulations around data security and oversight.
While no company ever wants to launch an app with a bug or two, developing a financial application leaves literally no margin for errors. They are by far one of the most complex applications to create, test, and deploy.
According to technology analyst Andrew Chen, the average app loses 77 percent of its usage three days after install and 90 percent – after 30 days. With even more on the line for a financial app, those statistics can be intimidating for product companies hoping to become the next big thing.
But how do you make sure your financial app runs flawlessly, meets requirements, and keeps users engaged?
Key quality assurance focus points for financial apps
The answer is deceptively simple: extensive, efficient, and effective quality assurance testing. QA testing must be one of the top priorities for financial application developers in order to assure consumers that their money is safe and secure.
Financial software testing validates an application from both regulatory and reliability standpoints. Does the software meet business specifications? Can it handle large transaction volume? Does it meet current regulatory standards? These are all questions that finance-specific software testing seeks to answer – and a great testing provider does not rest until they have been answered fully, and in detail.
Some of the key characteristics that must be intensely scrutinized by quality assurance testers are:
Security. Financial applications and data centers are hot targets of cyber-criminal operations. By gaining control of customer accounts, hackers can withdraw customer funds or otherwise misuse the account.
Reliability. The reliability of financial applications depends upon how accurately an application processes and stores data. A financial application should have a high level of availability. In case an application crashes, it should have proper recovery management that can limit the impact on customer data.
Performance. Applications that specialize in banking, trading, and loan management often process many transactions in a short time period, so the response time of the finance application should be immediate. Any type of lag in transaction operations can impact business operations. For example, if a trading platform application has slow “buy” and “sell” operations, it can create major problems for users who want to buy or sell at a specific time, at a specific price.
Regulatory Compliance. All financial applications must comply with the requirements of one or more regulatory agencies. Applications, which are being operated/used in multiple regions, states, and countries, should comply with specific regulatory requirements of regional or national governments, or various international bodies. This is very important, as failure to meet compliance results in civil, financial, or even criminal consequences for the organizations or individuals found to be responsible.
How to test financial apps
Similar to other applications, finance applications should go through function and usability testing. This is important because depending on the different configurations, hardware, and networks, an application will experience a lot of variance in traffic.
Here are some testing techniques that should be used while testing finance applications:
The latest technologies and methods like multi-factor authentication and API security make the process of security testing a little bit easier. Multi-factor authentication makes the authentication process more complex, as it replaces the simple username and password login method with fingerprint verification or a confirmation email, call, or text message. This is the best way to ensure that the person attempting to access a given account is who they say they are.
User Acceptance Testing
As the name implies, user acceptance testing (UAT) is generally performed at the last stages of the testing process. In UAT testing, the team should perform scenarios based on potential use cases. A group of stakeholders (or real users) is also usually invited to the development facility to carry out this test to create the nuanced quality of real-life, in-person testing.
For effective testing, a new, dedicated UAT environment is set up, which is a replica of the real system. For real and valid customer data production, a database dump is deployed (which replaces the personal data and details of real users). The product team and real customers perform testing on the UAT environment, and the product team then shares the build health report with key stakeholders.
This testing technique plays a vital role in finance application testing, as any defects encountered here can avert any failures in critical features. Beta testing is also an example of UAT. Some other examples of acceptance testing include:
Alpha & Beta Testing. Alpha testing is done in-house by either a QA team or potential or real customers. Beta testing is performed in a live environment by end-users.
Contract Acceptance Testing. Here the application is tested as per the requirements and conditions, which are predefined and agreed upon in a contract.
Regulation Acceptance Testing. This testing validates that the product meets the required regulations. These compliances can be governmental and legal.
Operational Acceptance Testing (OAT). This testing is done to validate the operational readiness (pre-release) of a product. The OAT environment is also known as the pilot environment. All the components and systems in the live version should be in place in the pilot environment.
Regulatory and Compliance Testing
This is a non-functional testing technique performed to make sure that the developed system meets organizational and civic standards. This type of testing is carried out by compliance experts certified by the respective regulatory body. For this testing, auditors visit the development facility and audit the application according to required industry standards.
If a financial application is used in multiple regions/states/countries, then regulatory and compliance clearance from other local legal authorities may also be required.
Regulatory and compliance criteria depend upon the type of finance application and country in which the application is used.
Some of the most well-known regulatory and compliance agencies include:
Australia: Reserve Bank of Australia (RBA), Australian Prudential Regulation Authority (APRA), Australian Securities and Investments Commission (ASIC), and the Australian Competition and Consumer Commission (ACCC).
Canada: Bank Act, and FINTRAC.
United Kingdom: Financial Conduct Authority (FCA).
USA: Office of Foreign Assets Control (OFAC).
The majority of finance applications have multiple third-party applications integrated. For example, an online loan provider application could use a credit bureau, address verification, loan-processing software, CRM, etc.
Integration testing typically examines the following:
Data synchronization among all the third-party tools. The QA team must ensure that communication between the application and all third-party tools is smooth. Any update in customer data from the application side should also be synchronized with the third-party tool’s database, and similarly, any update done to the customer’s data in the third-party tool should sync with the application’s database. Failure to do so may introduce data discrepancy in two systems, which can produce major data errors.
Error handling in case any third-party application is not available. There is always a chance that a third-party tool could go down. So, while designing test cases, the QA team should also include and test for these scenarios.
Performance of a third-party application. Performance is a very crucial factor for the success of any application. It’s very important that third-party apps should also support good response time under the maximum amount of load. The QA team should validate the performance of third-party applications while doing performance testing of the application.
Data security. Data confidentiality is now vital for every industry. So while sharing data with a third-party application’s QA team, that data should always travel in encrypted form. The Personally Identifiable Information (PII), such as Name, Address, SSN, DOB, credit card numbers, etc., should always be encrypted end to end.
Challenges of Testing Financial Applications
Testing finance applications comes with many different types of challenges. The QA team needs to have a mitigation plan in place to help reduce risk. Here are some common challenges that the QA team should prepare – and create mitigation plans – for:
Production Data Challenge. In a finance application, some of the defects are encountered by some specific set of users/data, which cannot be created by the QA team in the test environment.
Mitigation Plan: While designing the testing approach, the QA team should cover the scenarios to test the feature with a user having good data history. The database team can help deploy the production database dump in the QA environment by first masking or replacing all the personal customer details.
System Migration. Due to rapid growth in the IT industry, now new technologies and frameworks are introduced in the market with high frequency. This creates the need to optimize the existing application or create a completely new one. The biggest challenge in finance applications, in this case, is to migrate all the existing data in the new system and get it working smoothly.
Mitigation plan: The QA team must ensure that Data Migration Testing is complete and regression test cases are executed on both old and new systems, and to ensure that the results match.
Lack of finance domain knowledge. While testing finance applications, the QA team can face one of the most common challenges: the team’s lack of familiarity with the industry, which may lead to general ignorance of important financial rules, standards, or common issues that a more experienced tester would be aware of.
Mitigation plan: As we mentioned above, there is no room for error in financial applications, so it’s very important to train the team on the appropriate financial space before commencing with any development or testing work. This will ensure that all financial requirements are understood and validated by the QA team.
Due to the necessity of intense, effective testing, it makes sense for developers to involve financial QA experts that have technical, as well as financial domain knowledge early on in the financial application development process.
Whether you are hiring an outside team or not, make sure you have a thorough process like the one outlined here to follow. For best results, start this process early in the development stage to avoid costly bugs that need to be fixed – and to help protect your reputation in the marketplace.
Anand Ramakrishnan is the QA Director at QASource where he is the director of 200+ engineers. He has been working in automation for the last 20 years. Anand started as a developer, was then a QA automation engineer, a manager and now a director. He has comprehensive experience in both hands-on development work and managing teams who are building automation frameworks and tests. He has worked in a variety of framework types, using a variety of different tools and technology.