Left-Hand Column Image: News Section

Industry Insights

View All Articles

Downloads

View as PDF PDF Document

Beyond Cards and Terminals: Considerations for Testing Host-to-Host EMV Processing

  • Including fraud testing
    Your organization may also want to develop fraudulent transactions to incorporate into your test plan. Some examples of these transactions are:

    • An expired or stolen card
    • An invalid CVV or CSC value
    • An EMV field with valid EMV data from a valid EMV card, but sent from a terminal that is not EMV capable
  • Including adequate negative testing
    When you are creating your test plan, don’t forget to include negative testing. While it is necessary and worthwhile to run tests that ensure your host correctly processes properly formatted, valid EMV messages, it is also critically important to include negative testing. Negative testing ensures your host system can correctly handle EMV messages that are not formatted correctly or that contain invalid values. For example, test scenarios might include the following:
    • Improperly formatted messages
    • Invalid tag or token values
    • Invalid cryptogram values
    • A variety of card values (such as changing the 9F10’s Issuer Application Data [IAD] value to ensure that an Issuer host system is using the correct cryptogram version and key)
  • Verifying system capacity with stress testing
    Implementing online EMV will likely increases system overhead and transaction volumes. To ensure your system is capable of handling the additional processing, you will likely want to include stress testing in your EMV test plan. Stress testing can provide valuable data about system performance and capacity, as well as ensure your system can handle both synchronous and asynchronous chip card traffic from all your ports. You may also want to include disaster recovery testing as part of your overall test strategy.
  • Verifying changes to your batch system
    While this article has focused on the changes to the online system, there are also a number of changes that must be made to your batch system related to your EMV implementation. Your testing must address these back-end processes, such as:
    • Changes related to offline EMV transaction processing
    • Additional requirements for dispute reporting
    • Additional Chargeback reasons
    • Additional Reason Codes for First Presentments
    • Updates required for fraud reporting

Using Automated Test Tools

Using test tools to simulate cards, devices, and the various participants in the EMV transaction flow (Issuers, Acquirers, Gateways—even your own host system) can ease many of the challenges of testing EMV. Simulators can provide “soft cards” (unlimited virtual chip cards) and virtual terminals that can be used by any tester at any time. Moreover, tests can be designed using simulators that might otherwise damage physical cards and terminals—such as blocked cards, device faults, and so forth. As a switch participant, you can conduct your own pre-certification testing, running your entire certification test script in a simulated environment before scheduling costly “live” switch certification test time. By using a simulated environment to ensure you have tested key areas in your system, you can reap many benefits.

  • A shorter implementation (as a result of faster, easier test setup)
  • Reduced testing costs and increased product quality (as a result of testing more scenarios faster than before)
  • A solid set of regression tests that you can reuse as your implementation continues to change and grow

 

Page 9 of 10 < Previous    Page 1 2 3 4 5 6 7 8 9 10     Next >

Copyright © 1996-2010, Paragon Application Systems