opinion
The top 5 things financial services institutions must consider when testing a payments system
The payments landscape has been undergoing a period of significant change for the last few years with the drive to real time payments. However, with the impending introduction of RTGS and ISO 20022, the challenge facing testers becomes ever-more complex.
Testing a payments system has always been a challenging undertaking. The stakes are high and there is no room for error. Failing to adequately test a payments system can have severe consequences for financial institutions from an operational and reputational standpoint. There are also significant financial penalties for inadequately tested payments systems; both for the company and the accountable individuals on the board of directors.
The payments landscape has been undergoing a period of significant change for the last few years with the drive to real time payments. However, with the impending introduction of RTGS and ISO 20022, the challenge facing testers becomes ever-more complex.
Roq, a leading organisation in the testing and quality engineering space, brings forth essential insights into the intricacies of testing a payments system, considering factors like test data, non-functional aspects, test environments, settlement and reconciliation, and the all-important audit trail.
1. Test Data: Striking a balance
The foundation of effective payment testing lies in a comprehensive understanding of compliance and regulatory rules governing data. In order to perform rigorous testing, valid account information for both the origination and destination transactions is needed. Valid card details and bank accounts are required, as well as physical test cards, merchant devices and test merchants to test the appropriate behaviour of systems. It is impossible to thoroughly test an instant payments system without valid data representative of live data.
However, in a regulated environment (governed by standards like PCI Payment Card Industry and GDPR), organisations need to grapple with the need for rich test data while simultaneously adhering to privacy regulations. Therefore, desensitised test data or obfuscation of production data is needed to strike a balance between data richness and compliance.
2. Non-Functional Aspects: Meeting customer expectations
Payments system requirements extend beyond the core functional capabilities. Meticulous attention to non-functional aspects such as performance, resilience, and security must be considered when designing and testing a system like RTGS.
In the realm of real-time, 24/7 instant payment systems, the challenge grows as organisations need to establish and maintain a test infrastructure and payment simulator that aligns with customer expectations. Role-based testing to control user access and actions within a payment system ensures a comprehensive evaluation of the system's capabilities.
Simply put, banks must adhere to strict performance related guidelines for instant payment systems. They must be able to conduct a payment in real time or risk the customer’s payment being rejected. This is why performance testing is particularly important in this landscape because financial institutions need confidence they can fulfil this need. If they fail, not only is the payment rejected, the customer and merchant lose out, and there could be reputational damage to the bank itself for being unable to fulfil its obligations.
3. Test Environments: End-to-end testing
End-to-end testing is a multifaceted endeavour, especially when it involves intricate functionality like fraud detection, Anti-Money Laundering (AML) checks, and online purchase verification processes. The extended timeframes for processes like chargebacks and disputes add another layer of complexity, often exceeding project test windows. Robust test environments must effectively simulate real-world scenarios, supporting end-to-end testing, to validate the intricacies and robustness of payment systems.
4. Settlement and Reconciliation
A well co-ordinated approach to settlement and reconciliation testing is pivotal in assuring the reliability of payment systems. Surprisingly however, this area is often underestimated despite being vitally important to ensure the seamless functionality of financial systems.
It is crucial banks can guarantee the accuracy, integrity and timeliness of transactions to protect both the vendor and the customer. If payments are sent, it is integral they are received by the intended recipient, and not intercepted, or sent elsewhere. Similarly, thorough testing in this area will also help to eliminate any risk of defrauding the bank which in turn could risk damaging the bank’s reputation.
5. Audit Trail: Guaranteeing traceability and compliance
The audit trail is the cornerstone of a payment system, providing the necessary traceability and auditability required for compliance and regulatory purposes. A thorough audit trail should include timestamps for both happy path tests and negative failure scenarios, ensuring full visibility for auditors, both internal and external. These trails provide a detailed record of transactions, actions, and events within the system. Auditors can use these trails to verify the integrity of transactions and ensure that the system operates within established parameters.
Systems like RTGS operate in a highly regulated environment. Compliance testing ensures that the system adheres to financial regulations, industry standards, and legal requirements. Traceability testing ensures sensitive information, such as personal and financial data, is handled securely and complies with data privacy regulations like GDPR. Compliance testing validates the effectiveness of security measures in place to protect customer information. Handling this information correctly is crucial for avoiding fines, penalties, legal consequences and reputational damage for banks.
Conclusion: Rethinking testing methodologies for real-time payments
The introduction of RTGS presents a unique opportunity to reimagine testing strategies, not just for speed and efficiency but for overall effectiveness. Roq acknowledges the diversity in payment settings, with varying schemes, levels of participation, and existing services among financial institutions. The testing of payments is nuanced and requires a tailored approach for each setting, recognising the industry-wide testing requirements and adherence to scheme guidelines and frameworks. As organisations navigate the complex landscape of payment testing, Roq's insights serve as an expert guide to ensure a faster, de-risked, and efficient delivery of a truly robust payment system.
Here at Roq, we are working closely with institutions involved in the RTGS programme. We understand the current roadmap, and the challenges this presents. We have the knowledge, capability and assets to help any organisation facing difficulties or frustrations with progress and operational challenges. Reach out to us and we’d be happy to discuss your project challenges and requirements.