The risk of outdated payment testing

The risk of outdated payment testing

Payments industry organisations have all been affected by unprecedented levels of change. New regulations, competitors and technologies, and the expectations of a new generation of tech-savvy customers, are making more demands on technology teams than ever before.

To meet these new demands, financial institutions have embarked upon a period of significant development, or modernisation of the IT infrastructure that supports their payments business. Business and technology teams already face a considerable workload, in addition to the increasing complexity of their payments systems. However, while financial institutions are busy deploying the latest technology and working with imaginative new suppliers, the fundamentals of their testing frameworks and methods are not advancing at the same pace.

The established approach to testing is no longer sustainable, and everyone in the payments industry should be considering a different approach.  This would allow organisations to create more opportunities for successful innovation, and reduce risk in a highly competitive environment.

 

The price of getting it wrong

In July 2018, TSB’s half-year results revealed that the technology meltdown they had suffered earlier that year cost them £176.4m and 26,000 customer accounts. The subsequent IBM report into the bank’s failed attempt to migrate to a new IT system found that TSB had not carried out rigorous enough testing, and that it had “not seen evidence of the application of a rigorous set of go-live criteria to prove production readiness”.

More recently in the UK the Confirmation of Payee initiative, which aimed to reduce fraud, has been so difficult to test and implement that many Banks are reluctant to participate in phase 2.

 

What’s wrong with the current approach?

At the same time as some institutions experiencing such high profile failures, the payments businesses of all banks have been affected by unprecedented levels of change. While banks are busy developing the latest technology and working with new suppliers, their testing capability is lagging behind. Their current approach can be characterised as follows:

  • the absence of either a permanently available test hub or integrated test environment
  • the use of armies of staff often hired from external, specialist test resource suppliers
  • a focus on component-level testing with full end-to-end testing only being used when absolutely necessary
  • a per-project budgetary approach for both systems development and testing
  • lack of automation in testing
  • dependence on manual testing facilitated by a complex maze of simulators (‘stubs’), in-house developed tools and ad-hoc code.
  • frequent squeezing of the final testing stage – the UAT – due to time and budget constraints.
  • a “mixed” approach to DevOPS and Agile, changing the cadence of testing which can be complex to orchestrate with existing test tools.

This all results in banks and other financial institutions spending huge sums on testing: on people, on one-use test environments and especially on trying to mitigate the significant risks present. All financial institutions are aware of the damage to customer relationships, reputations and revenues that IT failures can cause and of the key role played by testing in avoiding these. However, it’s questionable whether a change in approach is happening fast enough. Remember, the quicker and more safely you can test, the quicker the revenue flows from new initiatives.

 

Is automation the answer?

 

Payments testing can be very complicated to automate. Stand-alone, often desktop-based simulators are almost impossible to automate effectively. Frameworks are then needed to control test data and collate results.  This leads to a pragmatic, “silo” approach, but with many shortcomings.

It is essential that testing reflects the real world, end-to-end process in full, with all its supporting interfaces and system foibles.  This may involve testing legacy systems in parallel with new technologies such as Micro-Services.  This is problematic with an array of stand-alone simulators.

Financial institutions firstly need to hold a fundamental review and change their approach to testing ahead of automation. This involves simplifying, investing to improve their current practices and then embracing automation with the latest testing tools and techniques. This investment in technology must rationalise, simplify and automate testing, and provide a constantly available and full regression capability.  Covid has also highlighted that this test capability needs to be accessible from anywhere in the world by anyone involved in the design, development, testing and implementation of payment initiatives.

Institutions wanting to succeed need to take their testing beyond automation, as this alone is not the answer to assure the quality of you next software release. Only the proposed ground-up review of banks’ current approach to testing, coupled with a strategic investment in appropriate technology, will enable a move from the current state of basic payments testing to one of strategic business assurance.

Anthony Walton

CEO, Iliad Solutions