Mobile Banking – Common Pitfalls and How to avoid them Sanjeeb Singh Yogita Sachdeva Infosys Limited (NASDAQ: INFY) Abstract With the advent of technology, there is an exponential growth in the technologies concerning Mobile Devices. Mobile banking space is seeing more traction here and with all the payments and security involved the testing of mobile banking application has become even more critical. Mobile banking QA not only relies upon functionality but usability, security, network and performance are also paramount and need to be tested properly. Majority of our clients are over the Globe and validating a banking transaction across Global carriers bring a challenge of positioning QA professionals globally. This challenge gets multi folded when the roll out happens on varied devices. Cost is ever green component to be optimized. In such a scenario, demand arises for looking at certain mechanisms which can ensure the completeness and coverage of mobile banking QA on each handset globally with optimized cost. This paper will talk about these challenges in details from all the dimensions related to mobile banking which make it so complicated. • Critical transactional scenarios in banking specifically in treasury and payments • Types of Mobile banking QA which can be and can’t done by remote testing technique • How important it is to understand end user dynamics • Network and Security challenges for mobile banking app • Performance Challenges for mobile banking 2 Abstract (Contd..) Also, this paper will cover certain proven practices and techniques which help to overcome the challenges •Proven device sampling techniques which will ensure the complete coverage for mobile banking QA team •Cost optimization techniques •Remote testing techniques •What NOT to Automate and Why •Network parametric testing techniques This research paper is completely based on the experiences and learning’s across various reputed banks and as an outcome of this, participants will be benefitted in getting to know a good picture of challenges in Mobile Banking QA and the relevant solutions. 3 Outline of the Paper 1. Mobile Banking Evolution 2. Mobile Banking Services 3. Mobile Banking Domain 4. Mobility Transaction Flow 5. Mobile Banking Testing Method 6. Complexities involved in Mobile Banking QA 7. Challenges involved in Mobile Banking QA 8. Common Mistakes in Mobile Banking QA- Our Experience 1. Scenario 1 : Our experience in Remote Based Testing 2. Scenario 2 : Our experience in Security Testing 3. Scenario 3 : Our experience in Network Testing 4. Scenario 4 : Our experience in Localization Testing 5. Scenario 5 : Our experience in Desktop and Real Device Testing 6. Scenario 6 : Our experience in Emulator Testing 9. Recommendations 4 Mobile Banking Evolution Radical change in end user’s technology exposure are forcing organizations to embrace new technologies and transform their businesses into tech-savvy platforms Banking and Financial services are also embracing Mobility big time Gradual Evolution of Banking from branch banking to SMS banking to Mobile Banking with emerging technologies. Branch Banking Mobile Banking Automated Teller Machine (ATM) Internet Banking IVR-Based Banking SMS-Based Banking Mobile Banking with browser-based and native applications gaining momentum Intuitive Mobile Banking apps for IPhone, Ipad and Prominent Android Devices are launched by global banks. 5 Mobile Banking Services •Balance Information •Monthly Statement •Transaction History • Alerts and Updates •Advertising and Brand Building •Social Networking •News and Update •Bill Payment •Third Party Payment •Account Transfer Information Based Services Transaction Based Services Multimedia Apps mCommerce • Stock Trading •Global Payment for business transaction •Remote Deposit Check 6 Services in Mobile Banking SMS Banking Mobile Web Banking Native App Banking A2P Messaging Location Based Services Near Field Communication Remote Deposit Check Augmented Reality Mobile Banking Domain Capital Market Cards & Payment Domain Services Mobile enabled Monthly Statement Viewing and downloading the card statement on mobile device. Checking the account history. Payments Making card payment through widget app or lately through NFC Reporting & account activity Setting up the alert for threshold on account activity and receiving them through SMS. Trade placement Place order for new trades through iPhone app Real time Stock quote Personalized alerts for security prices and notifications Getting the real time stock quote from the market through mobile app Trading app notifying the users through push notification on pre-set prices for making trade decision. Such trade app is provided for Android, iPhone, and Windows phone and easy to download and use. Making deposit through SMS based services or WAP applications. Deposits and Withdrawal Consumer Banking Example Account Info and Reporting Payment and Transfer Directly checking account history on iPhone bank app, download the account statement on your device. Also checking the account balance through app or SMS based services. Making mobile payment through SMS based services or WAP app. NFC is also becoming popular. 7 Mobility Transaction Flow Base Transceiver Carrier Network Carrier Network Internet Internet Web Apps Web Apps Network Network Mobile Device Native Apps Native Apps Server Side 8 Mobile Banking Testing Method Testing Method Advantage Disadvantage Real Device Provides exposure to device limitations (memory, performance, usability). The performance of the network elements / nodes with the newly implemented application is validated for any bottle necks. Expensive and not cost effective always Cannot record the protocols Device diversity Remote Method Elegant solution that can be connected either to the live networks or simulated network Ability to record a test for subsequent replay Expensive Device diversity Emulator Quick for initial functional validation after app development Cost effective, fast and extensive way of validating the application Capture and replay scenarios availabilities. Easier for diagnostic tool to analyze issues. Exact behavior in real time scenario will not be known Features limitations Since it runs on desktop OS, Emulators are faster than the normal processing 9 Complexities involved in Mobile Banking QA Complexities in Mobile Banking QA Domain Technical SOA Architecture SMS Based, WAP, LBS, NFC, RDC Domain 3rd party payment systems Rate systems Payment & reporting engines Complexities in Mobile Banking QA Operational Operational Development and Testing environment setup Procurement of devices with different network carriers Technical 10 Challenges involved in Mobile Banking QA Challenges in Mobile Banking QA Screen Size Operating Systems Alliance Change Screen Size – Smallest Size(128 * 128) Largest Size(1024 * 768) Skills Challenges @ Mobile Banking QA Upgrades User Interface Browsers Security Risk Geography & Carriers Network Access and Performance 11 Operating Systems – Android, IoS, Windows Mobile, RIM BB User Interface – Touch/Keypad, Track pad/Trackball Browsers – Android, Safari, RIM BB, IE Geography- Different carriers Network Access and Performance – Wi-Fi, 2G, 3G Frequent upgrades- OS versions, App versions Skills- Immature mobile Skill Market Alliance Change – Nokia alliance with Windows. Scenario 1 : Our experience in Remote Based Testing Remote Based Testing- a) Security Challenge while doing validation for banking application through remote based devices. Many a times QA tester acquire the device, login with the requisite credentials into the app and release the device without logout. In such cases, the other user can acquire the device and use the same session. b) Also using remote based testing method for network and precise usability validation. Mistake Solution Test Strategy for remote testing Training for Remote testing method Test Execution checklist include login and logout procedure. Session Login and logout without proper sign-out For usability and Network testing 12 Scenario 2 : Our experience in Security Testing One-time password (OTP) is the latest tool by the financial and banking service providers to fight against the mobile fraud. OTP is send to the customer through SMS whenever they want to perform critical transactions and the password is expired once used or after a designated life-cycle Sometimes QA team can fail to capture some of the critical real time scenarios associated with OTP during the test case preparation activity Mistake Solution Strong guidelines and Strong KM on Security Testing Experienced and matured QA in Security Testing Discussion with the client to identify all possible real time scenarios TC Prep Checklist to include such scenarios a) Missed validating if the OTP can be used more than once for critical transaction. b) Missed validating if the OTP is still active after the scheduled life-cycle. 13 Scenario 3 : Our experience in Network Testing Mobile QA validated the impact of network hop on critical transaction with only one type of network switch (say GPRS to Wi-Fi). The impact of network variability may be different for network hop between different networks. Also doing the validation only with a single network carrier. Mistake Solution Network Simulation Tool Different Network Bandwidth App behavior and impact at different network condition to be analyzed Experience mobile QA in Network Variability Testing Discussion with the client/business to identify the real time scenarios and getting a sign off on the transactions Analyze the support required for testing complex scenarios in advance and ensure the availability before testing starts Failing to identify the impact on transaction if any other type of network switch can occur. Limiting the testing to only one type of network switch Limiting the testing with a single network carrier 14 Scenario 4 : Our experience in Localization Testing Localization Failure- Spanish banking user receives English SMS with transaction related info rendering it useless for him. The application supposed to be launched in multiple geography with the local languages get extensive validation for selected few languages only(assuming it will work for other local languages as well). Mistake Solution Complete Test strategy for localization testing for mobile Strong mobile QA in localization Testing Scope of testing should clearly highlight the languages for which the application will be validated Specific training/exposure to the languages involved in validation improves the speed and quality of testing Failed to validate the application in all the requisite local language Test Strategy incomplete 15 Scenario 5 : Our experience in Desktop and Real Device Testing Validating the application features of the desktop instead on the actual device. User got an upgraded version of android app on his device but found some broken link and image distortion. Mistake Features Validated on Desktop With the size and content display constraint of the mobile devices, the usability for an app will be completely different on mobile devices and has to be validated properly. 16 Solution Optimize the test strategy to reduce the time and cost only up to the extent where the usability is not comprised Automate the regression suite to optimize the cost and time Good Expertise on Real Mobile Device Testing Proper Real Device available for testing Test execution reviews to be conducted to ensure the tester tests the features as expected Scenario 6 : Our experience in Emulator Testing Assuming that using the emulator, one can validate functional, security, usability, performance aspects of the application is a myth. Though one can cover lot of functional aspect through emulators, the test strategy can’t be built completely on emulator. It cannot validate the usability and performance of the application. Also one cannot rely on emulator for validating the transfers and payment features of mbanking solution due to security concerns. Mistake Solution Identification of different emulators for proper test coverage Identification of the test types to be covered using emulator Test strategy to clearly include details on how different types of testing will be covered Desktop availability and requisite configuration for Emulator so that the QA personnel can download them for application validation Emulator specific training to the mobile QA group Validation of usability and security aspects of banking app Test Strategy built only upon Emulator 17 Recommendations Technical Early Life Cycle Validation Good Device Sampling techniques Limited Testing with Emulator Mobile Automation Network Testing Tools and landscape Risk Based Testing Approach End-to-End functional Flow Identification of complex functionalities of app before validation Process Test strategy for different testing methods Usability Test Strategy for real device Training specific to mobile OS and Browsers Training specific to network, security and usability testing Engage the Client/Business team Reviews for Test plan, Test suite creation and Test execution 18 References Infosys project experience Infosys resources (www.infosys.com) Q&A: Sanjeeb_Singh@infosys.com, yogita_s@infosys.com 20