Testing Banking & Financial Applications: Challenges, Trends, & Best Practices

Testing Banking & Financial Applications: Challenges, Trends, & Best Practices

“The most significant trend of 2016 will be the ‘platformification’ of banking” ~ Cornerstone Advisors

Banking and Financial Services industry has been a forerunner in adapting and scaling up to the changes as and when they happen in the IT world. It is, thus, no surprise that Digital Transformation has been indicated by the upcoming trends and digital initiatives like Mobile Wallets, P2P transfers, Ping Pay, Omni Channel Banking etc. to be is the future of BFSI Industry. As per Juniper Research, by 2017, more than 1B mobile subscribers (15% of global mobile subscribers) will be using mobile banking.

The Banking domain is replete with ever changing and cutting edge technology, with intricate functionalities intertwined into the applications. Being at the center of any commercial activity, it has a huge functional framework spread across Cards and Payment Gateways, Delivery Channels, Specialised service offerings such as Corporate Banking, Centralised Banking, etc.

Secure and smooth support for transactions, ease of access, and performance are vital for any banking application to succeed.

Challenges and Trends in the Banking Sector

  • Omni-channel Banking – With almost everyone getting hooked to the concept of anytime, anywhere banking, financial houses are trying to launch digital only banks – that is, banks without branches. Offering end-to-end functionality of a regular bank on the minimal and highly diverse front-end of a mobile poses a huge challenge.
  • Web Security, Regulatory & Compliance – Banking portals usually are major targets for hacking and fraudulent activities and thereby penetration testing poses a significant challenge. Regulation of Banks became even more critical after the 2008 Banking Crisis as improper functioning of a Bank has a big, negative impact on regular life. Today, banking institutions need to comply with international security standards such as BASEL III or BCBS 239 (addresses the Banking systemic risk and the operational risks of the banks), FATCA and AML (keep vigil on tax evasion and other illegal monetary transactions), SEPA (takes care of cross border payment regulation), and PCI DSS make testing of financial applications very important – and very challenging.
  • Performance Failures – Performance failures in banking portals can have a serious effect on daily life. Meeting the required performance levels involves taking into consideration the infrastructure, connectivity, and integration with the backend. The transaction spikes must be monitored at regular intervals and Stress and Load tests must also be regularly performed to ensure support for multiple transactions at any given point in time.

Some other IT trends already showing their impact and presence in the field of finance are Testing Center Of Excellence (TCOE), big data analytics, cloud, and virtualization. Even though these are not very pocket-friendly technologies to be maintained, they are here to stay and will continue to grow.

Additionally, some other commonly faced challenges in testing Internet Banking are:

  • Variety in internet connections and browsers
  • Usage paths
  • Usability testing
  • Security and Performance testing

And then there are specific challenges in Testing Mobile Banking Apps

  • Broad range of devices
  • Configuration and design vulnerabilities
  • Security Testing
  • Time to Market

Best Practices

A few best practices that will help manage the aforesaid challenges in testing banking applications are:

  • A clearly defined, endtoend testing methodology
  • Performing overall testing that encompasses all the requirements and workflows
  • Testing the application for performance, security, and functionality
  • Additional testing of the application for the UI, UX, integrity of Data, and support for multiple and concurrent users

Trying to implement the above mentioned practices require large investments both in terms of expenses and efforts, and a trusted partner can help banks save a lot of money and time in addition to ensuring business continuity and protection.

The team at Gallop Solutions specializes in providing testing solutions to the banking and financial services sector. Register for an informative and thought provoking webinar on Apr 13, 11:00 AM EST to learn how you can benefit from the latest test strategies that are being laid out to help you succeed in the digital age to provide world class experience to Mobile Banking customers.


The opinions expressed in this blog are author's and don't necessarily represent Gallop's positions, strategies or opinions.

Avoid Financial Glitches with well-tested Integrated Trading Platforms


Integrated Trading Platforms (ITPs), equipped with advanced trading tools, provide opportunities to trade seamlessly in equities, currencies & commodities. These are multi-asset trading platforms which are trusted to provide reliable performance 24×7. Given the tremendous volume of concurrent transactions which are executed through these platforms, it is imperative that the system is stable & secure at its peak performance and is compatible with the user-device’s  operating system and network carrier combinations.

An ITP is a perfect example on an intricate relationship between business and technology. Add the inclusion of the Mobile initiatives and the ITP is a 24/7 financial activity enabler ‘on the go’. What sets the platform apart from other IT initiatives is the sheer scope of real time data absorption and communication with absolutely real implications to customers, companies and markets.

In addition to the technical experts and decision makers in the BFS verticals, this blogpost holds equal relevance to stock brokers, banks, financial regulators and most importantly, customers.

Get the ITP Security sanitized

While security is a compelling concern for any IT initiative, it is definitely a top priority business requirement for ITP which consolidates real time financial information and enables transactions in real time.

Security vulnerabilities which are inherent to the ITP tend to go undetected. During certain scenarios of the external interfaces, these inherent vulnerabilities become active and pose a threat to the security. In addition, the access of the ITP from mobile devices makes it a vulnerable to penetration from a wider device range and usage scenarios. And with IPOs being listed, huge multiples of regular concurrent load gets on ITPs. Quality and stability then becomes significant differentiators for a greater buy-in for the Integrated Trading platforms.

Get the ITP’s Compatibility validated

ITP exists across the mobile and desktop landscape and is expected to offer a consistent experience on the combination of devices that are used by the customers. This makes compatibility a decisive factor in the acceptance of the platform, usage, conversions and a consolidated of a wider customer base.

Get the ITP’s Performance assessed

On September 15, 2014, South Africa’s Johannesburg Stock Exchange experienced a system failure and caused a two hours stoppage.

Source: JSE Stoppage – http://af.reuters.com/article/investingNews/idAFKBN0HA0IX2014091

Apart from the scheduled trade times which vary with the time zones and stock markets, most of the other features like information updates, estimates, preview, research reports and transfer options are functional 24×7. These characteristics of ITP give rise to situations where concurrency in customer interactions can be expected 24×7. In case of incidents like stock price rise or fall, ITP not only needs to be real-time but also need to sustain huge loads of buy-sell transactions.

Get the ITP’s functionality validated

August 2012, a major trading firm roiled the prices of 140 stocks listed on the New York Stock Exchange. The cited reason was an unspecified technological break down.

Source: Nyse glitch halts markets – http://www.huffingtonpost.com/2012/08/01/new-york-stock-exchange-glitch-volatility-halted_n_1728549.html

The financial services of an ITP include transactions with an enormous combination of trade/purchase rules, brokerage charges per certain amount of shares, percentage of rise/fall etc. Thus the rule configuration and communication is a decisive factor for all the stakeholders. In a way, every transaction needs to be supported by a reliable yet smart calculator to contain the minimum as well as maximum limits.

Get the ITP’s UI validated

An ITP enables transactions among customers, financial institutions, consummation of mutual funds, purchase, sale, dividends etc. The UI is the critical area with input fields and execution options that keep the stakeholders engaged. Testing the web and mobile UI is crucial to ensure the ITP offers error free digital interactions.

Get the ITP’s regression test automated

ITP supports the operations in the financial markets which are highly volatile. The financial information is updated real-time, daily, monthly, quarterly and annual intervals.

From rapidly fluctuating share prices to a 52 week performance, the list of stocks in profit/loss and activity, ITP has to make it conducive for the stakeholders to update and to stay updated 24/7.

Much of the surprise defects tend to be introduced at or during the updates of the features, interface options of data management. This is why a regression test automation framework that leverages the right tool set and incorporates the emerging changes goes a long way in making the ITP stable, reliable and manageable.

Get the ITP tested

Despite “widespread anticipation that the Facebook IPO would be among the largest in history with huge numbers of investors participating, a design limitation in Nasdaq’s system to match IPO buy and sell orders caused disruptions to the Facebook IPO. Nasdaq then made a series of ill-fated decisions that led to the rules violations,” – SEC Statement on Nasdaq

Source: SEC Slaps fine in NASDAQ – http://www.cnbc.com/id/100736915#

In August 2013, a technical glitch in an internal computer system  of Goldman Sachs (GS) caused the firm to issue incorrect equity options orders to various options exchanges.

Source: http://money.cnn.com/2013/08/21/investing/goldman-sachs-trading-glitch/index.html?iid=EL

The business scenario can be simplified into one application connecting multiple stakeholders, enabling multiple transactions and incorporating updates in real-time. The margin of error is expected to be reduced across all the processes and operations. Given the implications of defects in such a volatile environment, the ideal solution would be to make the ITP testable.

Testability increases the visibility of the defects in the platform before, during and after the scenarios are executed. This strengthens the risk mitigation strategies, accelerates testing and improves the precision of the remedial measures.

The opinions expressed in this blog are author's and don't necessarily represent Gallop's positions, strategies or opinions.

Testing Policy Administration Systems


Insurance is a policy guided, product specific, service oriented and inclusive vertical. Hence the business processes consolidate frequent updates, interactions, transactions and communication among groups of stakeholders ranging from agents, customers, marketing professionals and IT teams.

The increasing sophistication of the vertical, coupled with its reliance on IT has given rise to different versions of PASs (Policy Administration Systems). A PAS is an application which enables an insurer to manage End-to-End life cycle of insurance policies, from issuance of Quote till renewal, suspension or lapse of the policy. Validation of PAS includes Policy holder’s details like address, age and additional policy holder’s eligibility rules, verification of additional factors according to LOBs (Line of Business) like Property & Casualty, Catastrophe Coverage and Speciality Lines Policies. Its key function is to perform the complete policy life cycle, from inactive state till Renewal

The PAS ecosystem

The demands on the IT system are enormous because the applications include portals for the insurance carriers, agents, policy holders, potential customers and customer relationship executives. While it is evident that the application ecosystem is complicated, the requirements of underwriting profitability, estimate generation and rating engine make it even more challenging for an organization.

Since insurance is often mandated by governments and institutions, there exists an enormous population of bulk policy holders in addition to the individual customers. Ensuring connection among such a gigantic ecosystem of institutional insurance plans, individual policy holders and claims processing presents a formidable challenge much bigger than what can be imagined. A lot depends on the robustness of the software to handle millions of policies, plan sponsors, federal and state legislations, plan details and claim rules, concurrently, real-time.

The scope and impact of defects tends to increase with the coverage and expanse of the application. The defects can have negative impact in terms of flawed transactions, reduced customer base, miscommunicated policy information and compromised data integrity. A single decimal point shift can either mean ten times the payment during claim settlement. Considering tens of thousands of claims being processed in a day, the business loss for a seemingly small defect can run into millions of dollars.

That is why Software Testing holds a high position in the PAS priority list.

A successful PAS demands Testing that incorporates business logic and encompasses the external interfaces as well as the most intricate parts of the IT system. To ensure comprehensive coverage and reduce defect density, it is crucial to incorporate the following components into the test strategy:

  • Portals: Producer, Prospect and Policy holder
  • Underwriting profitability – Underwriting and Rating engine
  • Servers: Product Server and Policy Server
  • Forms Management – Document Management – Access Control – Identity Management
  • UI Generator – Policy Admin UI – Product Admin UI
  • Service – Rating, Underwriting, Access Control, Policy, Form definition and selection
  • API – Authorization and Authentication for Access Control and Identity Management components, Rule execution and Document Access
  • Claim process, retention and cross sell opportunities
Testing Cloud based PASs

Testing a PAS in the context of a Cloud is important and equally challenging because it also includes the compliance of security and continuity to the financial institutions and regulatory authorities. Irrespective of the scope and extent of the coverage, it is crucial for a cloud based PAS to undergo the following:

  • Quote Validations
  • Binding Validations
  • Endorsements/Mid-Term Change Validations
  • Renewals Validations
  • Interfaces Validations
  • Validation of Daily Events and Quote Eligibility Rules
  • Inclusion criteria and Premium value for Catastrophe Coverage
  • Brokers, agents and distributor database
  • Quote-Bind-Issue workflow for multiple products for Speciality line Policies
  • Additional drivers, Vehicle Information, Driver and Vehicle history for P&C Policies
  • Custom over rides in Rating and Risk evaluation
  • Report extractions in MSWORD and MS-EXCEL Formats

At a time when intuitive user interfaces are being deployed to ensure greater service with automated underwriting to ensure quote and bind in solo sessions, the health of the PAS depends on the security, performance and utility. When a single application can connect stakeholders, consolidate transactions and create an insurance cover for a geographically diverse user base, isn’t it important to ensure that the quality of the PAS is visible, measurable and actionable?

The opinions expressed in this blog are author's and don't necessarily represent Gallop's positions, strategies or opinions.