The era of digital advancement we live in these days does not find all the inThe era of digital advancement we live in these days does not find all the industries equally well. Being highly dependent on technology, the financial and banking industry is frequently forced to deprive its operations of innovation in the favor of stable performance expected by users. Is there a way out for banks and other financial entities stuck with outdated software solutions? Yes, and it is called software quality assurance for banking.
How can banks achieve high-tech progress without compromising the continuous crash-free consumer service through software testing? Answered in today’s guide to banking application testing.
dustries equally well. Being highly dependent on technology, the financial and banking industry is frequently forced to deprive its operations of innovation in the favor of stable performance expected by users. Is there a way out for banks and other financial entities stuck with outdated software solutions? Yes, and it is called software quality assurance for banking.
How can banks achieve high-tech progress without compromising the continuous crash-free consumer service through software testing? Answered in today’s guide to banking application testing.
A banking application is a digital product built and owned by a financial institution to give their consumers the control over electronic operations related to finance, like transaction processing, account management, and easy access to one’s deposit. The term banking/finance app is also used to name any software system in the BFSI (banking, financial services and insurance) industry, at times including CRM and ERP programs for operational management, corporate banking, and user delivery channels.
Given that banking and finance digital products are built for a few very specific and rather complex operations, which makes them prone to errors mostly unseen in other types of software. This requires a non-standard approach to banking applications testing, which we’re discussing further in this article, alongside the unwanted situations a financial institution might face if the QA process is neglected.
Online banking system crash due to emojis
Why type all those characters if a single emoji does the trick? If you didn’t skip over the title of this section, you’ll know why.
In May 2016, a client of a certain bank decided to use emojis to name their savings accounts: 💸 instead of “Tax Money” or 🏠 for “Mortgage”. While the client was enjoying the new, concise, and cute name in the banking application, the bank itself experienced the system crash. After investigating everything that could potentially affect the performance of their CRM software, the technical support team found out that it was the emoji that their system couldn’t recognize. After changing the account name, the team was able to get the CRM back on track again.
A thorough examination of this issue showed that financial applications aren’t the only type of software that can break because of emoji figures. Putting them in the names of your Wi-Fi network or Bluetooth device can reportedly cause problems when connecting to these interfaces. This is because the character encoding standards that most software systems rely on were created way before people knew what emojis are. So, if not tested in advance and extended intentionally, representational systems like ASCII (American Standard Code for Information Interchange) and EBCDIC (Extended Binary Coded Decimal Interchange Code) won’t support funny faces or even diacritical marks such as ë or é.
Surprisingly to many, large powerful corporations are no stranger to software glitches. Namely, one of the largest financial companies in the world HSBC has experienced difficulties keeping its mobile application live numerous times. For example, in November of 2018, HSBC mobile app crashed during Black Friday ― the largest global sales of the year. Thousands of people were unable to enter their accounts, therefore could not take advantage of the limited-time offers from online shops. Poorly functioning apps are always irritating, but when it comes to a program that enables you access to your own money, mild frustration can turn into righteous fury really fast.
There could be many reasons why banking software might fail, but when this happens during the long anticipated sales (as with HSBC), we can surely tell the application just couldn’t stand the user load. Such events will always be a challenge for banks due to the wave of transactions, so in our humble opinion, this is something the HSBC online-banking test team should have foreseen. Both stress and load are rather unexpected issues, yet they can (and should) be planned and assessed by R&D teams. The corporation prefers not to publicly discuss other reasons why their app eventually stops working, as opposed to their users, who were very vocal on social media when it came to complaining on application performance.
AI ruins credit scoring systems
It’s hard to imagine that in the time when people just won’t stop talking about all the amazing benefits of artificial intelligence and machine learning, some industries can actually deteriorate when adopting them.
Initially, AI and its applications for banking were aimed at making credit risk assessment faster and less biased by decreasing the level of human involvement. But as practice has shown, AI is influenced by the information it is fed, and the bias that was meant to be expelled from the system becomes part of the AI’s decisions. For example, the FICO score system which is used to measure consumer credit risk across the United States continuously works towards making the scoring process more transparent and gender- and race-neutral. However, given that artificial intelligence algorithms do not differentiate the discriminatory factors from fair-minded ones, the correlations they produce inevitably include the information about ethnicity, gender, social group, etc. Furthermore, there are also many small details like grocery preferences and music taste that end up in the AI-powered credit score analysis. All that is really fascinating, but the real question is, do we really need all that information to make the right lending decision? Finance practitioners admit that ML and AI applications for credit scoring rather create bias than help to prevent it.
Another issue the banking industry has with AI is the lack of explainability. All consumers who weren’t approved for loan, have the right to get an extensive explanation of the refusal. This information is nearly impossible to gather because of the unknown patterns a machine learning model follows to analyze consumer data. While making the rating procedure faster for credit managers, AI decreases its transparency for end users thereby affecting the level of trust to financial institutions in general.
Less eye-catching bugs are still there
The aforementioned software errors made their way to the news, yet this doesn’t mean character recognition, load stability, and control over AI extensions are the only things you have to think of when testing your banking application. There are thousands of less headline-worthy bugs that happen in finance software daily, and only a thoroughly planned and well executed QA process can help your business deal with each of them in advance. That being said, we’re moving to more aspects to consider when working on a banking application.
Select a banking software testing platform
The more complicated an app’s functionality is, the more complex and layered the testing process of it is going to be. That’s why you definitely need to choose the right testing management platform to maintain all the controls over your QA activities in one place. Namely, through a testing platform you and your QA team will be able to:
- Reach maximal test coverage
- Use time and resources more efficiently
- Track the test cases execution
- Balance testing on different operating systems
- Maintain concise testing documentation
- Decrease the level of work-associated stress in the team by organizing the process well.
With banking and financial programs especially, this choice has to be well thought out. This is because such software solutions are very feature-rich therefore have a complex architecture. To organize the testing process, you’ll have to use multiple tools, environments, and devices, which means it would be better to select a testing platform that can cover multiple activities and integrate with many other programs at once. Every time our team has to find a matching test management platform for a new project, we weigh up the following factors beforehand:
- Application tech stack ― programming languages and frameworks used by the development team. This will define to which testing environment and debugging facility we are restricted.
- Software development methodology followed on the project (Agile, Waterfall, etc.).
- Software testing tools that are currently in use, if any, to know what integrations to look for in a test management platform.
- Project requirements, its scope, and deliverables.
- Project scale ― how large and how long in duration the project is expected to be.
- Project type: web, desktop, or mobile.
- Size of the team to understand if we need a system that supports collaborative use.
- Types of testing required to execute, which lets us find out the ratio of static and dynamic testing tools on the project.
- Quality assurance budget that will define if we use open-source software or go for a ready-made solution.
If you don’t have much experience comparing the different QA management tools, here are a few that we recommend checking out as your starting point for further comparison:
- Zephyr is one of the largest software testing tools that perfectly suits Agile teams and enables continuous quality improvement and bug tracking in real time. Comes in several different editions: for smaller one-time testing projects, large enterprise software products, and the one that seamlessly syncs multiple technical teams together, all well compatible with Jira by Atlassian.
- qTest test case management platform supports numerous integrations like open-source frameworks and automation tools, as well as allows QA teams to use different types of tasks for different types of testing. The flexibility of qTest makes it suitable for various software development methodologies, Waterfall included.
- PractiTest is a QA management multi-tool that offers maximal visualization for all your processes and achievements. While having all the technical features that you would expect to see in a test management system (from task tracking to integrations with Jira, Eggplant, Azure DevOps, Rally, etc.), it makes the working process a lot easier for people preferring the visual learning style.
- TestRail is a great option for teams who value reporting and documentation over anything else in testing. The functionality of this test case management system includes multiple types of automated reporting and a wide range of customizable metrics that you fill in once and just let the program track them with minimal human involvement. It is great for insight-driven testing that is beneficial for both end product quality and operations management.
- Test Collab is an intuitive platform to manage all QA processes from one powerful dashboard. It is well suited for the adopters of early testing approach due to its great test planning functionality. You can customize the dashboard up to your preferences, as well as set all the milestones, product requirements, and long-term project objectives and let the system help you track the achievement of each.
No matter what software testing platform you’re going to choose for your project, banking and finance application testing is impossible to keep productive without one. By maintaining the accurate project planning, linking different experts and teams together, and tracking the progress, a test management system basically becomes an integral part of your QA operations.
Leave room for future growth
They say a good plan makes the job half-done, and we couldn’t agree more, especially in the context of software testing for banking. The BFSI industry highly depends on IT, which creates pressure for software owners to keep up with the emerging tech trends so that their digital products would remain concurrent and interesting in the eyes of consumers. And while there’s no doubt in the importance of continuous digital transformation of banking applications, many product owners do not realize that unless you have planned for software scalability, it’s going to be extremely difficult to transform in the future.
Software scalability is the ability of a system to extend its functionality and capacity when needed. In other words, a scalable application allows software engineers to add new features to the existing codebase instead of starting over the development process only because they need some extra functions on board. Unfortunately, scalability is only achievable if planned early and implemented in the codebase on the architectural level. But how to find out if your banking application is going to be technically scalable? Of course, through early banking app testing.
Involving QA engineers to work on complicated projects like finance software as early as you can always pays back with a better performance and saved resources. Usually, when people think of how to test banking application, they imagine the process to follow as “develop first, test later”. In reality though, if you want to end up with a future-proof digital solution with enough room for new functionality when needed, we strongly recommend adding prototype and requirements testing to your QA scope. By gathering expert opinions about what is planned to be built, you will be able to predict potential bottlenecks on the paper rather than urgently fix them before the release. With such a sensitive sector as finance management, early testing approach is essential if you do not want to risk your brand reputation and consumer trust.
“For a banking application to be viable, the first and foremost thing it has to give its users is the confidence about their data safety. Followed by a high performance, intuitive UI/UX, and wide platform and OS coverage, these attributes will make a banking application that needs no alternatives in the eyes of consumers.”
Igor Kovalenko, QA Team Lead
Start looking for a way out from legacy solutions
Financial institutions are generally prone to bureaucracy that oftentimes holds them back from technological advancement. The thing is, in order to keep their internal operations running as safely as possible, banks and insurance entities cannot adopt IT change fast. That’s why the vast majority of modern banks are stuck with legacy operating systems and mainframe technologies that are just too huge and puzzling to transform. And there’s nothing too bad about legacy systems as long as they work as required. But once you stumble across an emergency or just a new technology invented that your bank just can’t ignore, the legacy and mainframe systems might put at risk the functioning (if not the whole existence) of a bank.
A vivid example of such an emergency is the infamous COBOL crisis of 2020. In short, after the pandemic hit the fan, numerous US government departments experienced a huge increase in online unemployment claims. There were so many, that the mainframe system to process them simply could not stand the load. That mainframe system was based on COBOL (Common Business Oriented Language) ― a programming language created and widely used in the 1960s. It is outdated to the point that the majority of COBOL talent pool is now in their 70s, and the state had to ask for help from retired programmers to put the software back on track. It worked this time, luckily, but as the time goes by, next time there might be no such option available.
Is there a solution for finance establishments dependent on their legacy applications? We believe there is, even though the transformation path for such enterprises won’t be the easiest. If you don’t want to realize one day that your operating system is just a pile of fossils, we recommend you to set a solid QA process before the need for change actually comes into play. Again, the earlier software quality experts enter your SDLC, the less inaccuracies will make it to the end product. No digital product will benefit from QA supervision more than a large legacy solution that’s been developed for years. In this case, the duties of the software testing department are shifting to the strategic planning, code analysis, and prototyping from the usual pre-release testing, which is in fact just a small part of what quality assurance teams actually do.
What is BFSI domain in testing?
BFSI domain testing is a set of activities executed by software testing engineers to assure a banking application meets the technical requirements and works smoothly. Any operation aimed at achieving the higher software quality or fixing a glitch in a finance-related digital product falls into the BFSI domain testing. This means, the objectives for such an operation have to be aligned with the most important aspects of a good bank application.
Bank application testing: aspects to focus on
Banking software testing is not much different from any other type of quality assurance: it is still intended to check if the program works as expected and has no hidden bottlenecks drawing its potential back. However, the peculiarities of BFSI as an industry, namely ― data confidentiality and extreme sensitivity to thieving, make software development and testing teams shift their focus to particular areas that might not get as much attention with different types of software.
Banking software security testing
Financial applications directly interact with user confidential information and basically have all the keys to one’s capital, which means there is nothing more important than security for a banking app. QA engineers should devote proportionally more time to security testing, as well as include both negative and positive scenarios of the app’s database being attacked. Only after the testing team can call the application fully hack-proof, it can be considered market-ready (given that you got all the other aspects like performance and UI/UX covered as well).
Efficiency in use
Banking and finance sector has a huge share in IT services consumption, meaning there are millions of people who use at least one banking app on a daily basis. Understanding that not all users have equally strong technical skills, programs targeted at such a wide audience have to be very efficient and straightforward to be accepted by people. Make sure your banking app allows users to get things done fast and easy.
Different industries run by different rules, and banking is no exception. It has its own terms, customs, and procedures which can cause confusion if not followed. Developing finance or banking software, product owners have to make sure the way their apps look and work corresponds to the generally accepted standards for both professionals and consumers. We recommend seeking domain-specific expertise for at least some roles in your R&D team. Ideally, if the testing team you’re hiring has already worked with products targeted to the same industry, regardless of the app’s type and tech stack.
As we already explained above, unscalable applications sooner or later will pull the rug out from under your business. This is why we can’t stress enough how important it is to keep the application’s architecture scalable and leave the room for potential functionality growth since the very start. QA team has to keep an eye on the app’s tech stack to pick modern technologies that will not lose its relevance in a few years and further, code implementation which has to be clear and reusable, and product structure to make sure it can increase in capacity without breaking down what’s already working. To test how scalable your application is going to be, a ton of tiny details have to be analyzed, from app’s data processing algorithms to file system and memory management.
Accessibility in banking applications
As the World Health Organization reports, about a billion people in the world have at least one limitation ― physical or mental ― that affects their ability to use technology and software. This inspired software developers to pursue the higher level of accessibility for digital products. Considering how wide and diverse the target market of banking apps is, the accessibility issue should definitely be among the top priorities for owners of such products.
Manual banking app testing
Manual banking application testing implies that a quality assurance engineer executes certain test case scenarios by hand. This allows the development team to evaluate the product from human perspective and improve the subjective side of the application, intuitivity and aesthetics included.
Usability testing is pretty self-explanatory ― it examines how easy and comfortable it is to use a program for different people. Usually, the process of usability testing consists of executing typical tasks the app was created for and documenting the issues representative users or manual testers stumble across during the execution, especially ones that are related to UI/UX design. The test cases should be realistic, like booking a flight for a customer-facing airport CRM or tracking an order for an online shop. Test case for banking application in this context could vary as follows:
- Log in with correct or incorrect credentials; Check card balance;
- Initiate a transaction to another account with valid or invalid data;
- Check the status of the transaction.
Mobile UI/UX testing for banking
Due to its sensory and technical peculiarities, mobile application testing differs a lot from desktop and web programs. Mobile banking testing is mostly centered on UI/UX because the basic functionality of such applications are not the easiest to reflect on a small screen. Furthermore, these days users want to be able to do anything on the go without compromising the safety of their personal information, which is another challenge to mitigate for UI/UX designers and testers. Test case scenarios for mobile UI/UX usually include:
- Testing the visual elements in terms of position, resolution, and size;
- Testing of the pop-up windows and messages;
- Testing the readability of app’s content;
- Testing the alignment of the buttons, icons, and other elements;
- Testing the clickable elements for the comfort of use;
- Testing the different screen resolutions and sizes to see if the app looks appropriately on all devices that are planned to cover.
To achieve accessibility with your application, you need to incorporate and thoroughly test such features as font size customization, one-hand operation mode, screen reader, colorblind screen filter, etc. Testing of such features can be tricky since it’s only people living with a certain limitation who can tell if the app is doing a good job. If possible, we’d recommend considering a focus group for accessibility testing or at least launching a beta to gather the feedback and implement the necessary changes. Specifically for the finance and banking apps, we suggest the following addings to make your product more accessible:
- Solid first-launch tutorial to introduce new users to your application;
- Incorporate speech recognition technology;
- Closed captioning and subtitling for low-hearing users;
- Touch screen and/or gesture alternative for people with sensory limitations;
- Contrast and color options for users with compromised vision.
Bank software functional testing
Functionality testing means a QA engineer defines the core functions of an application and then tests them one by one in different scenarios. The output received after the test cases execution gets compared to what was expected and fixed if needed. With bank software functional testing, engineers usually focus on the following:
- The time needed for the application to launch;
- Registration of a new user;
- Login of an existing user;
- Transactions and cash withdrawal;
- Cancellation of a transaction;
- Communication with technical support in the app;
- Session finalization with a corresponding warning message;
- Notifications and pop-ups.
The purpose of localization is to assure the content displayed in the application fits the region it is intended to launch in. Due to the cultural differences across countries, the look of the app at times requires drastic changes. Online-banking tests for localization include:
- Different default currency for each region;
- Time and date change according to the location;
- Marketing campaigns adjustment (like congratulatory messages regarding the local holidays);
- Translation and switchable multi-language interfaces;
- Adherence to the local regulations regarding the finance and tax monitoring.
Compatibility testing stands for the analysis of how your application works with different operating systems, network environments, and hardware models. Nowadays, this is a very important type of testing due to the fact that the IT industry develops at a very fast pace. Versions of operating systems change one another every year, let alone the minor updates we all receive on our gadgets regularly without even noticing this anymore. However, even the slightest technical change like another Android security patch can interfere with the functioning of your app. To test the compatibility of a banking application, software testers usually focus on these specifications:
- Networks: Wi-Fi, 5G, etc.
- Operating systems, web and mobile: Mac, Windows, Linux, iOS, and Android with defined versions and updates.
- Hardware generations: for example, iPhone 6 to 12.
- Web browsers: Safari, Google Chrome, Microsoft Edge, Firefox, Opera.
Automated testing is a method of software quality assurance that implies test cases execution with the use of automated testing tools, as opposed to manual testing. To enable testing automation, the team has to come up with the expected outcome for each test case that a program will then compare to the real result received after the execution. This method of quality assurance perfectly suits routine and continuous types of testing that have strictly defined outcomes (for example, pass/fail criteria or similar).
Bank software load testing
Load and performance testing examines the work of an application under different levels of load, from low to average and extremely high. It allows QA departments to prevent application shutdowns because of rapid increase in traffic, as with the HSBC mobile app we mentioned above. This type of testing falls under the automation category perfectly, because the typical QA flow with performance and load consists of numerous very similar test cases that differ only in the level of user sessions, requests, or, in our case, banking transactions. To successfully automate bank software load testing, the QA team has to:
- Identify critical actions that your application has to perform;
- Write test cases basing in these critical actions;
- Identify the strict fail/pass outcome for each test case;
- Create isolated test environment that would be free of any traffic other than the results of your load testing;
- Let the system execute the test cases and analyze the results.
Penetration testing is basically just another name for security testing, which means it checks how safe and solid your system is and whether it’s possible to hack it. The key objective of penetration testing is to discover weaknesses in the application database, as well as explore app’s reaction to unauthorized access attempts. Since the essence of penetration testing is a simulated attack, it also can be easily automated with software testing tools without compromising the accuracy of results. For banking application penetration testing, the test cases usually include the following:
- Track data transpassed by the application;
- Check if any sensitive information is exposed in URLs, binary files, etc.
- Identify insecure functions;
- Check the application’s reaction to spam attacks;
- Monitor proxy server traffic;
- Exploit all application’s databases and systems.
Regression banking application testing
Regression testing is a type of software quality assurance aimed at checking whether the recent update or a new feature affects the existing codebase of the application. When a developer introduces a code change, even if it was intended at bug fixing, it can interfere with the work of the whole program. The codebase performance should be re-evaluated after each change, which makes regression testing a repeatable and monotonous process. That’s why we believe QA automation is very beneficial for regression testing, especially in the banking sector which has extremely high performance standards for digital products. When checking a bank app for potential regressions, we recommend paying attention to the following:
- Spots and functions that were affected by the last updates;
- User-facing features;
- Integrations and third-party services.
Just like the software development life cycle, quality assurance has its own phases and steps to take for the team. Depending on a particular moment the QA team joins the development process, these stages might differ from one project to another. Traditionally, the software testing life cycle goes through the following phases:
That’s when the QA team communicates with product owners and stakeholders to define what they expect from the end product and how much time the team has to achieve the deliverables. We recommend organizing a few brainstorming sessions that would unite all people involved in the development, from investors to marketers. This will be useful to exchange the ideas about the future product, make sure all the colleagues operate the same terms, and clearly understand the desired end goal.
After analyzing the requirements, QA engineers can get to test planning. Each requirement should be reflected in the corresponding text case scenarios, for the start ― the more the better. During this phase, the QA lead develops the testing strategy that resonates with the project objectives suits the tech stack. The testing strategy should be documented in the form of checklists and feasibility reports and agreed with the team and product owner.
Test case design for banking software
After the planning phase is over, it’s high time to write the actual test cases. Depending on what testing types will be present on the project, as well as manual to automated testing ratio, the amount and form of test cases can vary greatly. The way a QA engineer approaches the test case design will be defining for the whole software testing life cycle. If a feature or code unit is not reviewed from the right angle, the bugs can easily get into the end product. The three basic techniques of test case design include specification-based, structure-based, and experience-based. For banking applications in particular we recommend focusing on the specification-based testing with pointwise use of the other two when needed.
Banking app testing tools selection
While the tech stack of the application implies certain limitations for online-banking test teams, there are still many SaaS testing tools that support various programming languages and frameworks. In your search for software quality stack, we recommend considering testing frameworks and libraries proven by years of use. In our opinion, these include:
REST Assured is a Java library that allows engineers to automate REST APIs testing. It is used to test JSON and XML web services by validating the requests including GET, POST, PUT, PATCH, DELETE, OPTIONS and HEAD. The way REST Assured is built was aimed at bringing the simplicity of software testing with dynamic languages like Ruby and Groovy to the Java-based testing. Created specifically for REST (Representational state transfer, a software architecture style based on HTTP subset) API testing, the library provides extensive coverage for HTTP operations.
Test environment setup
This is when the QA team has to prepare all the configurations needed for future test cases execution. The configurations include network setup, software installation, and hardware allocation. It is important that the testing environment would match the production environment, so that all the documented inaccuracies and bugs would appear the same for QA engineers and programmers. For example, with banking software testing, it is required to study the environment (hardware capacity, operating system, web browser, Wi-Fi specification, etc.) in which the software used in this bank works at the moment, an operations management system as an example. This can serve as a good starting point for creating a testing environment for other products for this particular institution.
Online banking test execution
Test case execution is the practical phase of the software testing to implement all the plans and scenarios designed earlier. That’s when the quality assurance team finally gets to run the test cases in the environment set before and pass the results to the development team for fixing. It is important that all the divisions working on the product maintain effective communication between one another, namely the bug spotting and fixing processes should not be isolated. Development teams that seek (and take!) advice from their fellow QA colleagues deliver way higher results in terms of product quality and speed on the programming process.
Reporting and closure
Reporting is a vital part of the software testing life cycle that at times, unfortunately, gets neglected by product development teams. Clearly, nobody likes paperwork, but with software testing for banking, the accurate documentation pays back all the effort and time invested in it. With such complex software solutions as finance applications, testing documents provide solid information on everything that the product has gone through, updates, errors, and regressions included. Just from examining the QA documentation about a banking app, the R&D team can get valuable insight into the product architecture and necessary maintenance solving various “what if?” questions without risking the actual performance of a live application.
Depending on the software testing methodology, the reporting process can differ in frequency and form, however we’d recommend supporting it on a weekly basis or at least after each sprint. As for the QA test reporting banking applications, the documents also might differ from team to team as there are no strict global standards of how a bug report should look like. However, even though the contents of a bug report are considerably more important than the form of it, there are still some requirements for a report to be usable. Namely, it has to be very clear, concise, and preferably follow the listing form giving the bug reproduction instructions one by one.
Software testing for banking is a complicated process that requires solid domain expertise, let alone the technical skills and deep understanding of software development principles and best practices. After nearly two decades of industry-specific quality assurance services, we can tell that BFSI is one of the most challenging sectors to adopt high-tech changes due to its highly standardized and bureaucratic nature. However, with the right approach and a team of motivated professionals by your side, even such a surreal thing as a shift from legacy system to a modern lightweight yet high-performing application becomes achievable.