Digital payments are a must in the millennial generation. The greatest area of vulnerability is digital enabled services in the cards space.
Below are nine critical scenarios that should form the core of a digital enabled services testing strategy:
Validation of pre-digitization processes:
This is the first step and involves validation of cards eligible for digitization; which include card availability and secure issuer authorization.
Cryptographic validation of token generation process:
This is the most critical step in the validation process. Tokenization is the process of replacing a card’s primary account number, the 16-digit number embossed on the card with a unique alternate account number or “token.” These tokens leverage complex cryptography algorithms which deliver a unique code for every transaction; making this the very heart of a secure digital payments strategy.
Secure validation of provisioning of tokens onto a card:
In this step the tester prepares the encrypted tokenized test data and provisions the credentials onto the device testing the data preparation and provisioning of tokenized digital account credentials to the mobile device.
End to end Transaction payment gateway validation:
This includes end to end validation of transactions that originate from the mobile device with the merchant and the acquirer. This would also involve testing of various payment gateways from the device to the merchant, merchant to the issuer and the banks and verifying secure encrypted transmission to downstream systems.
Testing of the customer interface which is available for issuers and merchants to manage cardholder inquiries.
Testing appropriate report generation and data validation of various reports such as Card-level fraud/exception reports and Card Management reports.
Stress and volume testing at every step, including gateways and devices across multiple platforms.
Multi-platform Scalability tests:
This includes vallidation of the wallet functionality and the services across multiple platforms for example iOS, Android, etc.
PCI DSS compliance tests:
The ones that are most critical are validation of secure network, access control tests and verifying that the cryptographic encryption and decryption process is tested across networks.
The above scenarios are typical for most digital enabled payment services. This lends itself well to industrialization of the testing process by creating a simple catalog of testing types, indicating mandatory and optional test types in all scenarios in addition to the degree of automation possible for each test type. Over time, this list can get formalized by product, thus eliminating the people dependency from the testing process.
(About the author: Deepika Mamnani is principal at Capgemini. This post originally appeared on her Capgemibi blog, which can be viewed here)
Register or login for access to this item and much more
All Information Management content is archived after seven days.
Community members receive:
- All recent and archived articles
- Conference offers and updates
- A full menu of enewsletter options
- Web seminars, white papers, ebooks
Already have an account? Log In
Don't have an account? Register for Free Unlimited Access