Mobile Banking – Common Pitfalls and
How to avoid them
Sanjeeb Singh
Yogita Sachdeva
Infosys Limited (NASDAQ: INFY)
Abstract
With the advent of technology, there is an exponential growth in the technologies concerning Mobile
Devices. Mobile banking space is seeing more traction here and with all the payments and security
involved the testing of mobile banking application has become even more critical. Mobile banking QA
not only relies upon functionality but usability, security, network and performance are also paramount
and need to be tested properly. Majority of our clients are over the Globe and validating a banking
transaction across Global carriers bring a challenge of positioning QA professionals globally. This
challenge gets multi folded when the roll out happens on varied devices. Cost is ever green
component to be optimized. In such a scenario, demand arises for looking at certain mechanisms
which can ensure the completeness and coverage of mobile banking QA on each handset globally with
optimized cost.
This paper will talk about these challenges in details from all the dimensions related to mobile banking
which make it so complicated.
•
Critical transactional scenarios in banking specifically in treasury and payments
•
Types of Mobile banking QA which can be and can’t done by remote testing technique
•
How important it is to understand end user dynamics
•
Network and Security challenges for mobile banking app
•
Performance Challenges for mobile banking
2
Abstract (Contd..)
Also, this paper will cover certain proven practices and techniques which help to overcome the
challenges
•Proven device sampling techniques which will ensure the complete coverage for mobile banking QA
team
•Cost optimization techniques
•Remote testing techniques
•What NOT to Automate and Why
•Network parametric testing techniques
This research paper is completely based on the experiences and learning’s across various reputed
banks and as an outcome of this, participants will be benefitted in getting to know a good picture of
challenges in Mobile Banking QA and the relevant solutions.
3
Outline of the Paper
1. Mobile Banking Evolution
2. Mobile Banking Services
3. Mobile Banking Domain
4. Mobility Transaction Flow
5. Mobile Banking Testing Method
6. Complexities involved in Mobile Banking QA
7. Challenges involved in Mobile Banking QA
8. Common Mistakes in Mobile Banking QA- Our Experience
1. Scenario 1 : Our experience in Remote Based Testing
2. Scenario 2 : Our experience in Security Testing
3. Scenario 3 : Our experience in Network Testing
4. Scenario 4 : Our experience in Localization Testing
5. Scenario 5 : Our experience in Desktop and Real Device Testing
6. Scenario 6 : Our experience in Emulator Testing
9. Recommendations
4
Mobile Banking Evolution
 Radical change in end user’s technology exposure are forcing organizations to
embrace new technologies and transform their businesses into tech-savvy platforms
 Banking and Financial services are also embracing Mobility big time
 Gradual Evolution of Banking from branch banking to SMS banking to Mobile Banking
with emerging technologies.
Branch Banking
Mobile Banking
Automated Teller
Machine (ATM)
Internet Banking
IVR-Based Banking
SMS-Based Banking
 Mobile Banking with browser-based and native applications gaining momentum
 Intuitive Mobile Banking apps for IPhone, Ipad and Prominent Android Devices are
launched by global banks.
5
Mobile Banking Services
•Balance
Information
•Monthly Statement
•Transaction History
• Alerts and
Updates
•Advertising and
Brand Building
•Social Networking
•News and Update
•Bill Payment
•Third Party
Payment
•Account Transfer
Information
Based Services
Transaction
Based Services
Multimedia
Apps
mCommerce
• Stock Trading
•Global Payment for
business transaction
•Remote Deposit
Check
6
Services in Mobile Banking
SMS Banking
Mobile Web Banking
Native App Banking
A2P Messaging
Location Based
Services
 Near Field
Communication
 Remote Deposit
Check
 Augmented Reality





Mobile Banking Domain
Capital
Market
Cards &
Payment
Domain Services Mobile enabled
Monthly Statement
Viewing and downloading the card statement on mobile device.
Checking the account history.
Payments
Making card payment through widget app or lately through NFC
Reporting & account activity
Setting up the alert for threshold on account activity and receiving them
through SMS.
Trade placement
Place order for new trades through iPhone app
Real time Stock quote
Personalized alerts for security prices
and notifications
Getting the real time stock quote from the market through mobile app
Trading app notifying the users through push notification on pre-set
prices for making trade decision. Such trade app is provided for Android,
iPhone, and Windows phone and easy to download and use.
Making deposit through SMS based services or WAP applications.
Deposits and Withdrawal
Consumer
Banking
Example
Account Info and Reporting
Payment and Transfer
Directly checking account history on iPhone bank app, download the
account statement on your device. Also checking the account balance
through app or SMS based services.
Making mobile payment through SMS based services or WAP app. NFC is
also becoming popular.
7
Mobility Transaction Flow
Base Transceiver
Carrier Network
Carrier
Network
Internet
Internet
Web Apps
Web Apps
Network
Network
Mobile Device
Native Apps
Native Apps
Server Side
8
Mobile Banking Testing Method
Testing Method
Advantage
Disadvantage
Real Device
 Provides exposure to device limitations
(memory, performance, usability).
 The performance of the network elements /
nodes with the newly implemented
application is validated for any bottle necks.
 Expensive and not cost
effective always
 Cannot record the protocols
 Device diversity
Remote Method
 Elegant solution that can be connected either
to the live networks or simulated network
 Ability to record a test for subsequent replay
 Expensive
 Device diversity
Emulator
 Quick for initial functional validation after
app development
 Cost effective, fast and extensive way of
validating the application
 Capture and replay scenarios availabilities.
Easier for diagnostic tool to analyze issues.
 Exact behavior in real time
scenario will not be known
 Features limitations
 Since it runs on desktop OS,
Emulators are faster than
the normal processing
9
Complexities involved in Mobile Banking QA
Complexities in Mobile Banking QA
Domain
 Technical
 SOA Architecture
 SMS Based, WAP, LBS, NFC, RDC
 Domain
 3rd party payment systems
 Rate systems
 Payment & reporting engines
Complexities
in Mobile
Banking QA
Operational
 Operational
 Development and Testing
environment setup
 Procurement of devices with
different network carriers
Technical
10
Challenges involved in Mobile Banking QA
Challenges in Mobile Banking QA
Screen Size
Operating
Systems
Alliance Change
 Screen Size – Smallest Size(128 * 128)
Largest Size(1024 * 768)
Skills
Challenges @
Mobile Banking
QA
Upgrades
User Interface
Browsers
Security Risk
Geography &
Carriers
Network
Access and
Performance
11
 Operating Systems – Android, IoS,
Windows Mobile, RIM BB
 User Interface – Touch/Keypad, Track
pad/Trackball
 Browsers – Android, Safari, RIM BB, IE
 Geography- Different carriers
 Network Access and Performance –
Wi-Fi, 2G, 3G
 Frequent upgrades- OS versions, App
versions
 Skills- Immature mobile Skill Market
 Alliance Change – Nokia alliance with
Windows.
Scenario 1 : Our experience in Remote Based Testing
Remote Based Testing- a) Security Challenge while doing validation for banking
application through remote based devices. Many a times QA tester acquire the device,
login with the requisite credentials into the app and release the device without logout. In
such cases, the other user can acquire the device and use the same session.
b) Also using remote based testing method for network and precise usability validation.
Mistake
Solution
 Test Strategy for remote testing
 Training for Remote testing method
 Test Execution checklist include login
and logout procedure.
Session Login and logout without
proper sign-out
 For usability and Network testing

12
Scenario 2 : Our experience in Security Testing
One-time password (OTP) is the latest tool by the financial and banking service providers
to fight against the mobile fraud. OTP is send to the customer through SMS whenever
they want to perform critical transactions and the password is expired once used or after
a designated life-cycle
Sometimes QA team can fail to capture some of the critical real time scenarios associated
with OTP during the test case preparation activity
Mistake
Solution
 Strong guidelines and Strong KM on
Security Testing
 Experienced and matured QA in
Security Testing
 Discussion with the client to identify
all possible real time scenarios
 TC Prep Checklist to include such
scenarios
a) Missed validating if the OTP can be
used more than once for critical
transaction.
b) Missed validating if the OTP is still
active after the scheduled life-cycle.
13
Scenario 3 : Our experience in Network Testing
Mobile QA validated the impact of network hop on critical transaction with only one type
of network switch (say GPRS to Wi-Fi). The impact of network variability may be different
for network hop between different networks.
Also doing the validation only with a single network carrier.
Mistake



Solution
 Network Simulation Tool
 Different Network Bandwidth
 App behavior and impact at different network
condition to be analyzed
 Experience mobile QA in Network Variability
Testing
 Discussion with the client/business to identify
the real time scenarios and getting a sign off
on the transactions
 Analyze the support required for testing
complex scenarios in advance and ensure the
availability before testing starts
Failing to identify the impact on transaction if
any other type of network switch can occur.
Limiting the testing to only one type of
network switch
Limiting the testing with a single network
carrier
14
Scenario 4 : Our experience in Localization Testing
Localization Failure- Spanish banking user receives English SMS with transaction related
info rendering it useless for him. The application supposed to be launched in multiple
geography with the local languages get extensive validation for selected few languages
only(assuming it will work for other local languages as well).
Mistake


Solution
 Complete Test strategy for localization
testing for mobile
 Strong mobile QA in localization Testing
 Scope of testing should clearly highlight
the languages for which the application
will be validated
 Specific training/exposure to the
languages involved in validation improves
the speed and quality of testing
Failed to validate the application in all the
requisite local language
Test Strategy incomplete
15
Scenario 5 : Our experience in Desktop and Real Device Testing
Validating the application features of the desktop instead on the actual device.
User got an upgraded version of android app on his device but found some broken link
and image distortion.
Mistake


Features Validated on Desktop
With the size and content display constraint
of the mobile devices, the usability for an app
will be completely different on mobile devices
and has to be validated properly.
16
Solution
 Optimize the test strategy to reduce the time
and cost only up to the extent where the
usability is not comprised
 Automate the regression suite to optimize the
cost and time
 Good Expertise on Real Mobile Device Testing
 Proper Real Device available for testing
 Test execution reviews to be conducted to
ensure the tester tests the features as
expected
Scenario 6 : Our experience in Emulator Testing
Assuming that using the emulator, one can validate functional, security, usability, performance aspects
of the application is a myth. Though one can cover lot of functional aspect through emulators, the test
strategy can’t be built completely on emulator. It cannot validate the usability and performance of the
application. Also one cannot rely on emulator for validating the transfers and payment features of mbanking solution due to security concerns.
Mistake


Solution
 Identification of different emulators for
proper test coverage
 Identification of the test types to be covered
using emulator
 Test strategy to clearly include details on how
different types of testing will be covered
 Desktop availability and requisite
configuration for Emulator so that the QA
personnel can download them for application
validation
 Emulator specific training to the mobile QA
group
Validation of usability and security aspects of
banking app
Test Strategy built only upon Emulator
17
Recommendations
Technical




Early Life Cycle Validation
Good Device Sampling techniques
Limited Testing with Emulator
Mobile Automation




Network Testing Tools and landscape
Risk Based Testing Approach
End-to-End functional Flow
Identification of complex functionalities
of app before validation
Process
 Test strategy for different testing
methods
 Usability Test Strategy for real device
 Training specific to mobile OS and
Browsers
 Training specific to network, security
and usability testing
 Engage the Client/Business team
 Reviews for Test plan, Test suite
creation and Test execution
18
References
 Infosys project experience
 Infosys resources (www.infosys.com)
Q&A:
Sanjeeb_Singh@infosys.com,
yogita_s@infosys.com
20