How to Test Banking Applications

Banking applications are one of the most complex applications in today’s software development and testing industry.

What makes Banking application so complex? What approach should be followed to test the complex workflows involved in banking applications?

In this article, we will be highlighting different stages and techniques involved in testing Banking applications.

How to Test Banking Applications

The characteristics of a Banking application are as follows:

  • Multi-tier functionality to support thousands of concurrent user sessions
  • Large-scale Integration: Typically, a banking application integrates with numerous other applications such as Bill Pay utility and Trading Accounts
  • Complex Business workflows
  • Real-Time and Batch processing
  • High rate of Transactions per seconds
  • Secure Transactions
  • Robust Reporting section to keep track of day to day transactions
  • Strong Auditing to troubleshoot customer issues
  • Massive storage system
  • Disaster / Recovery Management.

The above listed ten points are the most important characteristics of a Banking application.

Banking applications have multiple tiers involved in performing an operation. For Example, a banking application may have:

  • Web Server to interact with end users via Browser
  • Middle Tier to validate the input and output for web server
  • Data Base to store data and procedures
  • Transaction Processor which could be a large capacity Mainframe or any other Legacy system to carry out Trillions of transactions per second.

If we talk about testing banking applications, it requires an end to end testing methodology involving multiple software testing techniques to ensure:

  • Total coverage of all banking workflows and Business Requirements
  • Functional aspect of the application
  • Security aspect of the application
  • Data Integrity
  • Concurrency
  • User Experience

Typical stages involved in testing Banking Applications are shown in below workflow. We will be discussing each stage individually.

Testing Banking Applications

1) Requirement Gathering:

Requirement gathering phase involves documentation of requirements either as Functional Specifications or as Use Cases. Requirements are gathered as per customer needs and documented by Banking Experts or Business Analyst.

Requirement Gathering

Experts are involved in writing requirements on more than one subject as banking itself has multiple subdomains and one full fledge banking application will be the integration of all these domains.

For Example, A banking application may have separate modules for Transfers, Credit Cards, Reports, Loan Accounts, Bill Payments, Trading Etc.

2) Requirement Review:

The deliverable of Requirement Gathering is reviewed by all the stakeholders such as QA Engineers, Development leads and Peer Business Analysts.

Requirement Review

They cross-check that neither existing business workflows nor new workflows are violated. All the requirements are verified and validated. Follow up actions and requirement document revisions are done based on the same.

3) Business Scenario Preparations:

In this stage, QA Engineers derive Business Scenarios from the requirement documents (Functions Specs or Use Cases); Business Scenarios are derived in such a way that all Business Requirements are covered. Business Scenarios are high-level scenarios without any detailed steps. Further, these Business Scenarios are reviewed by Business Analysts to ensure all of the Business Requirements are met. It is easier for BAs to review high-level scenarios rather than reviewing low-level detailed Test Cases.

For example, a customer opening a Fixed deposit on the digital banking interface can be a business scenario. Similarly, we can have different business scenarios related to net banking account creation, online deposits, online transfers, etc.

4) Functional Testing:

In this stage, functional testing is performed and the usual software testing activities are performed such as:

Test Case Preparation:

In this stage Test Cases are derived from Business Scenarios, one Business Scenario leads to several positive test cases and negative test cases. Generally, tools used during this stage are Microsoft Excel, Test Director or Quality Center.

Test Case Review:

Reviews by peer QA Engineers

Test Case Execution:

Test Case Execution could be either manual or automatic involving tools like QC, QTP or any other.

The functional testing of a banking application is quite different from the ordinary software testing. Since these applications operate with customer’s money and sensitive financial data, they are required to be tested thoroughly. No important business scenario should be left to be covered. Also, the QA resource who is testing the application should have the basic knowledge of banking domain.

5) Database Testing:

Banking Application involves complex transaction which is performed both at UI level and Database level, Therefore, Database testing is as important as functional testing. The database is complicated & an entirely separate layer in the application and thus its testing is carried out by database specialists. It uses techniques like:

  • Data loading
  • Database Migration
  • Testing DB Schema and Data types
  • Rules Testing
  • Testing Stored Procedures and Functions
  • Testing Triggers
  • Data Integrity

6) Security Testing:

Security Testing is usually the last stage in the testing cycle. A prerequisite to commencing security testing is the completion of functional and non-functional testing. Security testing is one of the major stages in the entire Application testing cycle as this stage ensures that application complies with Federal and Industry standards.

Due to the nature of the data they carry, banking apps are very sensitive and are a prime target for hackers & fraudulent activities. Security testing makes sure that the application does not have any such web vulnerability that can expose sensitive data to an intruder or an attacker. It also assures that the application complies with standards like OWASP.

In this stage, the major task is the whole application scan which is carried out using tools like IBM AppScan or HP WebInspect (2 Most popular tools).

Once the Scan is completed, the Scan Report is published. Over this report, False Positives are filtered out and rest of the vulnerabilities are reported to Development team so that they start fixing the issues depending on the severity of each issue.

Penetration testing is also done at this step to reveal propagation of errors.

Rigorous security testing should be done across platforms, networks, and OS.

Some Other Manual tools for Security Testing used are: Paros Proxy, Http Watch, Burp Suite, Fortify tools Etc.

Apart from the above main stages, there might be different stages involved in Integration Testing, Usability testing, User acceptance testing and Performance Testing.

Let us talk in brief about these stages as well:

Integration testing

As you know that in a banking application, there might be several different modules like transfers, bill payments, deposits, etc. And thus, there are a lot of components developed. In integration testing, all the components and integrated together and validated.

Usability Testing

Usability Testing

A banking application serves to a wide variety of customers. Some of these customers might lack the skills and awareness required to perform the banking tasks over the app. Thus, the banking application should be tested for simple and efficient design to make it usable across different groups of customers. The simpler & easy to use interface is, the higher number of customers will be benefitted from the banking application.

Performance Testing

Certain periods of time like payday, end of financial year, festive seasons might bring in change or spike in the usual traffic on the app. Hence, a thorough performance testing should be done so that customers don’t get affected by performance failures. A significant example from the past where bank customers got personally affected due to performance failures is NatWest and RBS cyber Monday IT outage in which the customers had their debit and credit card got declined transactions across shops in the country.

User Acceptance Testing

This is done by involving the end users to ensure that the application complies with the real-world scenarios and will be accepted by users if it goes live.

In today’s scenario majority of Banking Projects are using: Agile/Scrum, RUP and Continuous Integration methodologies, and Tools packages like Microsoft’s VSTS and Rational Tools.

As we mentioned about RUP above, RUP stands for Rational Unified Process, which is an iterative software development methodology introduced by IBM which comprises of four phases in which development and testing activities are carried out.

Four phases are
i) Inception
ii) Collaboration
iii) Construction and
iv) Transition
RUP widely involves IBM Rational tools.

In this article, we discussed how complex a Banking application could be and what are the typical phases involved in testing the application. Apart from that we also discussed current trends followed by IT industries including software development methodologies and tools.

Further Reading

In case you have queries, comments or any unanswered questions please post it below I will be happy to answer those.

Like this post? Subscribe to get new articles via RSS or Email.


125 thoughts on “How to Test Banking Applications”

  1. Hi ,
    Currently am residing in US.I don’t have any experience in IT field.I went through some desi consultancy and they put fake experience in my resume and marketed my resume that i had 6 yrs experience working in financial domain.I have undergone a 3 months software testing course in US.But i don’t have real time experience.Is it hard for me to work in financial domain without prior experience?pls help me friends…

  2. @gayathri,
    Hi!!
    You will face the following issues.
    1) You will be considered as a 6 year experienced and the level of questions asked in the interview will be too high..Three month of course will give you just an overview of basic testing concepts..The actual testing process is way too different.
    2) In case you crack the interview and get a job you will not be given any kind of training.The expectations will be too high…and it will be difficult to meet those expectations.
    What i suggest is don’t show 6 years of experience. Make it to max 2 or 1.8.It will be pretty easy for you to face the interview…You might get less package in the beginning but surely this will give you an opportunity to gain knowledge..

    Thanks!!!

  3. hi team,

    if assume banking application we are transfers the amount
    the process is
    1.login with user details
    2. funds transfer next
    3.already added account select
    4. amount
    5.text box
    6.check the accept the terms and condition
    7.enter the password
    8.submit
    this is the flow of application in this case what is the end to end testing and also backend what will happen pls tell me

  4. please anyone share banking domain related docs. which will be useful to manually test banking applications. i.e. how to test funder trfr module end to end

  5. Hi ,

    Need to know how Banking and financial services applications captures Country Code data and currency code data via API integration

  6. SI No Internet Banking
    1 Verify the bank website URL.
    2 Verify if the bank website URL has HTTPS on the address bar and in the URL.
    3 Verify if the bank website login page does not appear forged.
    4 Verify if the bank login page has username and password.
    5 Verify the username and password are being accepted or not.
    6 Verify that user with invalid password is not allowed to login.
    7 Verify that if either of the username or password is blank, user is not allowed to login. User should be given an alert also.
    8 Verify that after repeated attempts to login with incorrect password( as per the limits), user should be blocked.
    9 Verify if the SMS authentication is triggered after login.
    10 Verify that user is allowed to change password
    11 Verify if the user is redirected to the dashboard after passing all authentication processes.
    12 Verify if the user has access to the online money transfer feature.
    13 Check if the user can transfer funds option is available during specific time period (9 am to 5pm).
    14 Check if the fund transfer option shows notice for off-business hours transaction.
    15 Verify if the user can add the beneficiary.
    16 Verify if the beneficiary details can be verified.
    17 Verify that user is able to add decimal number into amount ( limited by 2 numbers)
    18 Verify that user is not able to add negative number into amount field.
    19 Verify that user is allowed to transfer money only if there is proper account balance.
    20 Verify that there is a confirmation check for financial transactions
    21 Verify that user is given an acknowledgment receipt upon successful financial transaction.
    22 Verify that customer is able to send money to multiple people
    23 Verify if the fund transfer option allows NEFT or RTGS option for nationalized money transfers.
    24 Verify if the fund transfer page asks for beneficiary name, IFSC code, bank name and fund amount and purpose of transfer.
    25 Verify if the fund transfer page asks for PAN number if the amount of funds gets over 50k.
    26 Check if the fund transfer page has an 2-step authentication before you finalize transfer.
    27 Check if the inter bank fund transfer happens instantly or not.
    28 Check if the amount of time it takes for the funds transferred between the in-business hours.
    29 Check if the amount of time it takes for the funds transferred between the off-business hours.
    30 Check if the amount transferred notification is sent to sender and receiver.
    31 Check if the amount gets transferred to the exact person mentioned in the beneficiary.
    32 Verify that time-out feature is implemented

  7. Hi,
    I have worked in Insurance Domain throughout where I have dealt with modules viz New Business, Underwriting, Admin, Commissions, etc. and this is standard in all the admin systems (read applications).
    I would like to know if there is any such standard or best practice that Banking Domain follows.

    Thanks!

  8. Can anyone pease tell me how can i explain auto insurance project in the interview. I showed on my resume that i worked on geico Auto insurance in the usa But i Need some Help How can i explain the geico INSURANCE project. How Can i explain what modules i tested . Please if anyone can help to answer it.

  9. Can anyone please tell me how can i explain State Street project in the interview. I showed on my resume that i worked on State Street Bank in the usa But i Need some Help How can i explain the project. How Can i explain what modules i tested . Please if anyone can help to answer it.

Leave a Comment