Today, every product and service that the organizations provide, need to have online access to it and it is also applicable to any banking organization. Banks have multiple products and services for millions of customers. To provide them, banks have arranged various physical branches where customers can go and avail of the services.
As digitization increases in every domain, many of the bank customers prefer doing every possible transaction or accessing any service at home on their laptops and mobile phones rather than going to the branch. This trend forces the banks to have an application, both desktops, and mobile, for their customers. With banking/BFSI applications, customers can transfer the money online, view their account balances, etc. at home, without going anywhere.
Banking applications deal with money and that is why testing banking applications thoroughly is a critical process. Moreover, every such application has several users who are doing concurrent transactions. So, testing the functions of the application is not enough; testing the database as well as nonfunctional characteristics such as security, compatibility, performance is also crucial. In this tutorial, we will understand the testing process of a banking application along with various testing phases.
Services Provided by Banking Application
For customers, the following are various services provided by banking applications-
- Retail banking
- Corporate banking
- Investment banking
- Mutual funds
- Internet banking
- Trade Finance
- Capital Markets
Features of a typical Banking Application
Before we discuss the testing process, let’s first look at some of the vital features of any banking application-
- Sign in and Sign up feature for the users of the application
- View account details such as account number, branch name, account balance for various accounts such as savings, current, demat, etc.
- Transfer Money between accounts
- View transaction history
- Pay Third-party bills such as mobile bills, utility bills
- Pay credit card bills
- ATM locator
- Pay Loan installments
- Manage various banking products such as Fixed Deposit, Recurring Deposit
- Alerts and notifications
Apart from these features, there are many other important features that any banking application would provide. Testing each feature is critical as it has a huge number of sub-features in it. For example, In the money transfer feature, the user will have options of adding an account as a beneficiary, setting a transfer limit, etc.
Moreover, the application may provide an easy and short process for transferring money to the same bank’s account, another option can be of quick transfer where with minimal details money can be transferred.
A typical process of testing a banking application can have the following steps-
The testing process starts from the first phase of SDLC i.e. requirements gathering. Usually, in agile projects, along with business analysts, the testing team is also involved in the requirements gathering process, and in traditional projects like a waterfall, the testing team comes in the picture later once the requirements have been collected.
For finance-related, banking projects, it is required that the testers have adequate domain knowledge. Testers should be able to think from both the stakeholders and end-users’ point of view. This phase is dedicated to helping analysts in gathering requirements, understanding and reviewing the requirements, gaining as much domain knowledge as possible by the research, and/or taking help from the SMEs.
In this next phase, once the requirements are understood, the testing team proceeds with the detailed planning of the testing process. Here, a test plan is created that includes the scope of the testing, roles, and responsibilities, test deliverables, testing levels, testing tools, test environments, etc.
Test Scenario and Test Case Creation
Here, based on the requirements document, test scenarios, and test cases are created. The testing team should be careful in covering each scenario. Not only functional but also security, performance, and other nonfunctional characteristics should be covered in the test scenarios and test cases.
Once test cases are created; the testing team conducts the functional testing to make sure the features are implemented as per the requirements.
- Check whether keeping mandatory fields empty shows error messages. (e.g. while transferring the money, ‘Amount’ should be mandatory and cannot be kept empty)
- Check whether all the fields accept valid values and after entering an invalid value system shows error messages. (e.g. ‘Account Number’ field should not accept special characters)
- Check whether all the fields have a valid character limit. (e.g. ‘Account Number’ field should accept values between 9 to 18 characters)
- Check whether all the links in the application are clickable and lands on the desired page.
- Check whether all the buttons are clickable and work in the desired manner.
- Check whether all the calculations are performed in the desired manner (e.g. after debit or credit transaction, the account balance should reflect the correct amount).
- Check the scrolling functionality of the application.
- Check the application working in flight mode.
- Check the application working during the ongoing transaction when a phone call, SMS, or any other notifications are received. (for mobile applications).
- Check the application installation, uninstallation, and update processes.
Database testing includes testing the front-end layer, business logic layer, and the database. In this type of testing, queries are executed and data flow in different tables is observed. The testing team responsible for the database testing should have in-depth knowledge of the database.
- Check whether the data is logically organized in the database.
- Check each field’s data type and see whether it is as per the desired specification.
- Check whether field length on the front-end side and in the database is the same.
- Check the values of the computed field. (e.g. DoB and Age)
- Check whether the naming conventions used in the database are uniform. (e.g. Names of tables, columns, stored procedures, indexes)
- Check whether data values are stored in the correct columns and tables.
- Check whether each table has a primary key and foreign key constraints.
- Check for any redundant and duplicate data.
- Insert null values in the columns that should not accept null values.
- Check whether data fetched from the front end when the user takes any action (e.g. when the user clicks on the ‘Submit’ button of the form) is correctly stored in the database.
- Check whether the database is access is restricted to authorized users only.
- Check whether in the event of failure data is rolled back or not.
- Check application working when the database server is down.
- Check whether database backup is taken regularly.
- Check database performance when multiple users use the application at the same time (e.g. multiple users try to transfer money simultaneously).
For a banking application, this is one of the most important steps. In security testing, the goal is to check the system’s ability to fight against the attacks. Also, it is checked that only authorized and authenticated users are allowed to access the application and their data is secured.
- Check whether the application has a proper process of authenticating the users on the platform. (e.g. apart from User Id and Password, users can be asked to enter the CAPTCHA)
- Check whether multiple invalid logins are allowed.
- Check whether ‘Forgot Password’ and ‘Forgot User ID’ features have proper mechanisms to recover the password and User ID.
- Check whether the password policies are strong.
- Check whether user IDs and passwords are encrypted.
- Check whether the application has a secure protocol e.g. HTTPS.
- Check whether sensitive information is displayed encrypted at the client-side.
- Check whether input validations are performed at the server-side.
- Check whether passwords are stored in cookies or not.
- Check whether information stored in cookies is in encrypted form.
- Check whether proper session timeout mechanisms are placed. (e.g. after a few minutes of inactivity, the user should be logged out automatically)
- Check application working when the user clears the cache. (e.g. user should be logged out)
- Check whether the URLs have sensitive information.
- Check whether the application for SQL, XML, HTTP header, HTTP parameter, XPath, regular expression injections.
- Check whether the ‘Back’ icon of the browser is disabled for certain pages. (usually, in banking applications, ‘Back’ icon click is not allowed).
Any banking application will have a broad spectrum of users, from tech-savvy people to non-tech friendly people. It is necessary to check the application working from all the users’ perspective and see if the application is user friendly for all types of users.
- Check whether the user is able to navigate through the application smoothly.
- Check whether buttons and links have uniform fonts, color, and size.
- Check whether the whole application has uniform fonts, text size, and color combination.
- Check whether important and critical, messages and buttons are visible clearly on the page. (e.g. In the transaction process, any important message should be displayed clearly with the bigger fonts and dark colors, if possible).
- Check whether critical information is displayed without any grammatical errors and is easy to understand (e.g. timings of NEFT and RTGS transactions should be displayed clearly with AM and PM suffixes).
- Check whether critical processes of the application have smooth and easily understandable steps. (e.g. For deposit accounts, there can be a separate menu item where users can manage all the deposit accounts).
- Check whether each page has a title.
- Check whether all the links and buttons have text that is easy to understand.
- Check whether error messages of the fields are easy to understand.
- Check whether all the important fields have placeholders and tooltips.
The goal of performance testing is to check application performance under severe load and stress.
- Check application performance when multiple users are logged in at the same time and uses different functionalities.
- Check application performance when multiple users are logged in at the same time and uses the same functionality. (e.g. all the users try to transfer the money)
- Check application performance when the device battery is low.
- Check application performance when the device battery is high.
- Check application performance when the device is charging.
- Check the application performance when a user tries to use the same function multiple times in a defined period (e.g. user tries to transfer money from the same account to different accounts within an hour).
- Check application performance when network connectivity is low. (e.g. during an ongoing transaction if the network has a sudden fluctuation)
- Check application performance when network connectivity is zero. (e.g. during an ongoing transaction if there is no network)
- Check application performance when the network keeps fluctuating between low and high speed.
- Check application performance during a sudden crash.
User Acceptance Testing
In this step, the client or end-users of the system (usually, representatives of the client) test the system to get an assurance that the application will run smoothly as per desired behavior in the real-world scenarios.
Apart from the above-mentioned phases, there are many other important phases included in the testing process of a bank application such as regression testing, compatibility testing, etc.
- Bank applications have multiple users in the range of millions. Simulating such a high number of users may create a challenge for the testing team. Testing teams can go for automation tools used for performance testing.
- As there are multiple users, all the users will be using different devices, connections, and operating systems. Testing on each combination of devices, OS, and connections is a complex, time-consuming process.
- Testing bank applications needs extra care and time as it deals with money and sensitive information.
- Checking from all the security perspectives and covering all the security testing scenarios is very critical.
- Another important challenge is to test the application for rollback mechanisms if there is a failure in the system.
- Bank applications allow utility payments and many other third-party integrations. Testing them will be a challenge for the testing team as each integration is different.
Banking applications are in demand even in developing countries as nowadays people prefer online services and avoid physically going to the branch. Moreover, in this fast-paced life, people will always choose fast online transactions for any service or product they are purchasing. There are many other reasons why banking applications are gaining popularity.
Given the sensitive and complex nature of these applications, it is critical to test them thoroughly. As mentioned in the above sections, there are various phases of testing them. Of course, many challenges are faced during the testing process, but it becomes the responsibility of the testing team to find as many bugs as possible to achieve the highest quality.
Kuldeep is the founder and lead author of ArtOfTesting. He is skilled in test automation, performance testing, big data, and CI-CD. He brings his decade of experience to his current role where he is dedicated to educating the QA professionals. You can find him on LinkedIn.