- 27 Jul 2023
- Print
- PDF
Testing and Certification
- Updated on 27 Jul 2023
- Print
- PDF
Overview
Testing and certification are essential for FinTech implementations for several reasons:
- Quality assurance: Testing ensures that the your product works as expected, and any bugs or issues are identified and resolved before release. Certification provides an independent validation of the quality and functionality of the product, giving users confidence in the product's performance.
- Security: Your products deal with sensitive user data, and security vulnerabilities could result in significant harm to users. Testing and certification help identify and address any security weaknesses in the product, ensuring that it is secure and compliant with relevant regulations and standards.
- Customer satisfaction: Your customers expect a high level of service and reliability. Testing and certification help ensure that the product meets customer expectations, reducing the risk of churn and enhancing customer loyalty.
Access
Please provide your I&O Specialist with access to the FinTech application 3-weeks prior to your desired launch date.
Testing
You can download our Test Pack here for test-cases:
Application Security
We will be testing the following functionality:
- Strong password requirements
- Alpha, numerical, case sensitive, & special characters
- At least 8-characters
- Password should not contain
- Customer’s name or SSNs
- Common word
- Phrases on common password lists
- Sequential/Repeating letters & numbers
- App should timeout in < 30 minutes
- 2FA available for customers
Personal Identifiable Information (PII)
- Customer should not be able to change DOB or SSN.
- Customer should be able to change address, but should be additional 2FA or requires providing evidence of the change (e.g. utility bill).
Compliance
Disclosures
- Customer is shown disclosures prior to account opening
- Customer cannot open accounts without agreeing to disclosures
KYC
- Customer sees KYC disclosure prior to collection of PII
Account Linking
Plaid
Testing
- Oauth flow - test to see if major banks and credit unions can be linked via instant match authentication.
- Microdeposit flow - test to see if the manual, microdeposit flow works. This may take up to 3 days to test depending on when the microdeposit arrives at the institution.
Finicity
Coming soon.
Payments
ACH
Disclosure and Authorization
- ACH Authorization Agreement is in place as a disclosure either in the initial disclosure list or in the ACH page
- ACH verification is happening via Plaid or Finicity
Testing
- Incoming ACH (x3)
- Outgoing ACH debit(x3)
- Outgoing ACH credit(x3)
- ACH return (x1)
Debit Cards
Disclosure
- Cardholder agreement is in place as a disclosure either in the initial disclosure list or when the card is issued.
Testing
- Virtual card e-purchase (x2)
- Physical card purchase(x2)
- Add card to digital wallet (if applicable)
- Apple wallet (x1)
- Google wallet(x1)
- ATM withdrawal (if applicable)
MRDC
Coming soon.
Validation
Synctera's Ground Control team will be scheduling a meeting to review the any compliance related items 2-weeks post-launch. We will be going over the results of KYC and/or KYB cases, fraud and AML issues, and dispute management.