Tips for Testing Financial Authorization Systems

1
Tips for Testing Financial Authorization
Systems Melvyn Feuerman Citibank - CGTI
Testing Automation
02/08/05 Mel.Feuerman_at_citicorp.com
2

• Tips for testing Financial Authorization Systems.
• Use Version Control for all phases of testing
• Build Software Robots to prototype missing links
  in the transaction chain..
• Focus on Critical Exception Testing
• Case Study ATM/POS Authorization System

3
Case Study Financial Authorization System
The Client , Server and Host C are links in a
transaction chain..
4

• Common problems
• Testing with the wrong version of the Software
• Software Defects on one platform delays all
  development
• Connections down between platforms/external
  networks
• Exception conditions/delays between not tested.

Delays often lead to finger pointing instead
of project teamwork!!
5
Tip 1 Use Software Version Control in all
phases of testing

• Tracks module changes /authorize fixes
• Provides damage control for fallback
• Recreate a problem before testing the fix
• Propagate fixes to all releases of software

Version Control provides fences between
development and production
6

Use Version Control to setup three fences
between Development and Production
7
Using Version Control for Host C
Fence 1 Software Version Control
Fence 2 Software Version Control
Fence 3 Software Version Control
Host C IST Library
Host C Production Library
Host C UAT Library
Host C Development Library
8
Always Test fixes under Version Control!
9
Tip 2Build software Robots to Prototype
missing links in the Transaction Chain

10

Determine the missing links in the transaction
chain then build a Robot
(1) Client A needs a response from Server B
(2) Host C needs a request from Server B (3)
Server B needs both Client A and Host C
11
IBM Teleprocessing Network Simulator (TPNS)

1. Simulate clients, servers and hosts
2. Supported protocols include SNA and TCP/IP
3. VBASIC like syntax

12
Test of Client A with a TPNS responder for
Server B
13
Test of Host C with a TPNS requestor for Server
B
Host C Database Card Act
Balance xyz 2375
1000.00
Test of Host C Function HOSTC
(Account, Amount) Pars Request from Server B
Host C Database (Account, Amount)
Return to Server B ( Return_Code)

atmtxs msgutbl /Card TXCODE AMT PIN /
(XYZ, Getcash, 100.00 , ABCD) (XYZ,
Getcash, 200.00, ABCD) endutbl robotsrvb
msgtxt do i 0 to utblmax(atmtxs) request
utbl(atmtxs,i) type request
transmit end endtxt
14
Tip 3Focus on Critical Exception Testing

1. Execute high risk tests first..
2. Use Robots for timeout/reversal testing

15
Test of Get Cash
What is missing from this test
16

Timeouts between platforms are difficult to
reproduce with real devices
(2) Server B Send Request Wait 45
seconds
(1) ATM Request 30.00 Wait 60
seconds For a response
(3) Host C

• Customer
• Withdrawal
• Act 2375
• Amt 30.00

Use Robots to test ATM, Server B and Host C
timeout/reversal functionality
17
Test of Client ATM Timeout/Reversal Processing
ROBOTSRVB MSGTXT wait until ONIN
do forever Suspend 61 RC APPROVE
type RC transmit end Endtxt
Test of a Client ATM reversal Send Withdrawal for
50.00 Set Timer to 60 second If
no response within 60 seconds send a 50.0
reversal
Send Reversal of 50.00
18
ReviewTips for testing an Authorization System

• Manage Change with Library Version Control
• Reproduce a defect before testing the fix
• Use Software Robots to prototype missing links
• Execute high risk tests first