2019 Payments Testing Forecast

Welcome to 2019. I hope that you had a great break over the holidays and are ready to tackle what is sure to be an exciting new year.

In our final post in December, we talked about several topics that were key areas of focus for Paragon customers and prospects in 2018:

• Automation
• Integration
• Flexibility and Control
• Security

Well, despite all of the talk about technology trends like Artificial Intelligence, Augmented Reality and Quantum Computing, as far as payments testing is concerned, I think in 2019 we will continue to see a focus on the same key areas. So, the same as before, only different.

What I mean is that instead of automation, integration, control, and security being considered new ideas or trends as they relate to payment testing, they are simply becoming part of the “new normal.”

Modernizing the Norm

There is no doubt that the retail payments ecosystem will continue to grow and evolve rapidly. Consumers have very clearly embraced electronic payments of all shapes and sizes, with no end to our demand for alternative payment options in sight. This means more devices, more connections, more regulations, more complexity. 

Meeting this seemingly insatiable demand for payment choice and ensuring that every consumer payment experience is perfect every time, requires that we recognize and embrace this new normal in order to remain relevant and competitive.

Business as usual approaches to payments testing simply cannot keep up with the pace or scope of change:

• Manual processes are too slow, cost too much and do not provide comprehensive test coverage. They also introduce unnecessary risk to the testing equation.
• Automation is a critical requirement to improve delivery times, increase efficiency and accuracy, as well as improve test coverage.
• Payment testing must be integrated with other enterprise systems such as Application Lifecycle Management tools, Agile development processes, DevOps, etc.
• Development, Testing and QA resources are spread all over the globe and need modern and efficient tools to provide adequate controls while facilitating communication and collaboration.

Legal and Regulatory Challenges

On top of all the changes in consumer behavior, technology, and business models, legal and regulatory pressures will also help to shape, as well as challenge, the payments industry.   In their 2018 World Payments Report, Capgemini identifies more than 40 Key Regulatory and Industry Initiatives (KRIIs) from around from the globe that directly affects the payments industry. These initiatives fall into several broad categories, including:

• Risk reduction
• Standardization
• Competition and transparency
• Innovation

And while most of the KRIIs are initially driven from a local or regional perspective, many of these ideas, such as Faster Payments, resonate on a global level and ultimately see widespread adoption. Unfortunately, this also means that in some cases, the KRIIs can overlap or even clash with one another, causing both confusion and conflict. The ultimate consequence here is the requirement for ongoing analysis and management of the legal and regulatory changes and how they affect any specific organization.

Of course, compliance is not optional for banks and other regulated financial service providers, it is simply a cost of doing business in the payments industry. As we have seen from many recent incidents, for organizations that are either unable or unwilling to meet legal, regulatory and industry mandates the cost of non-compliance can be substantially higher, resulting in significant fines and/or penalties, as wells as long-term brand damage and lost shareholder value.

As you would expect, all mandated changes must be exhaustively tested to ensure compliance. As we have previously discussed, manual testing methods are too slow, inaccurate and do no not provide the control or audit capabilities required to stay current with the pace of change today. Companies that choose to rely on manual testing methods and processes will find it harder and harder to stay current with industry requirements, putting their business at a competitive disadvantage and accruing increased risk.

And as the industry continues to grow and evolve, I believe that most Fintechs and other payment system disruptors will eventually be required to comply with many of the same rules as the banks and other regulated companies. This will help level the playing field level for all parties, but compliance will remain a business overhead that must be managed effectively. 

Pending Technology Upgrades

Changing gears just slightly, we do have a few examples of “technology compliance” that will have a major impact on the payments industry this year.  First, is the industry-wide effort to upgrade all full-service ATMs from Windows 7 to Window 10.  For anyone who has not been paying attention, Windows 7 is still the primary operating system for full-function ATMs and Microsoft is planning to end support for the OS in January of 2020. This should come as no surprise to anyone who works with ATMs. Microsoft made the final end of support announcement for Windows 7 back in 2015 and gave the world 5 years to prepare. We are now down to the final 12 months, much less if you take out the 2019 peak holiday season. Most financial services providers who drive ATMs have policies in place that do not allow them to run unsupported software and for good reason. (Remember what happened to computers running out of date or unsupported versions of Windows when they were attacked by the WannaCry ransomware virus.

We are now in the home stretch, with just 12 months remaining for the entire ATM industry to convert. Under the best of circumstances, this conversion will be a major effort for most organizations, requiring significant amounts of planning, development, and testing. Unfortunately, I think that a combination of circumstances will make it difficult for many to have their Windows 10 migration completed by January 2020, causing ripple effects across the entire payment industry:

• As a “compliance” project, the Windows 10 migration effort is going to drain money and resources from other projects across the organization
• Many ATM drivers have yet to start, or have just started, their migration projects and there is a very specific and limited amount of time still available
• There are only so many skilled ATM technicians available to make necessary changes at and on the ATM devices themselves (take a number please)
• Given everything else that is currently going on within the payments industry and across the broader marketplace right now, when we hit crunch time later in the year, I think that it will be difficult to recruit any extra help

Many within the ATM industry are expecting (hoping) that this is the last time that we need to go through a Windows upgrade, but there is still a lot of work to be done.

And let’s not forget that later in 2019 we will also start the final 12-month countdown toward the liability shift for EMV transactions at automated fuel dispensers (AFDs). Further to my comments above about ATMs, upgrading/migrating existing fuel dispensers for EMV has been much more complicated, time consuming and costly than anyone could have imagined. Even this deep into the 5-year extension granted by the card schemes for AFD compliance (since October 2015), there are still issues with the availability of EMV-compliant hardware and software components, as well as skilled field technicians.

These are just a few of the major changes taking place in the coming weeks and months. If you have access to the technical documentation from any of the major card brands, you know about numerous other initiatives like 3D Secure, 2.0, contactless cards, 8 digit BINS, and key block processing. The list goes on and the pace of change continues to increase.

TL;DR - A Summation

To summarize my thoughts on payments testing in 2019:

• Consumers continue to be in control and are driving the entire payments industry. They like all forms of electronic payments, will use them anytime, anywhere and continually want more options. With that said, they are also becoming increasingly sophisticated and less forgiving of any organization that does not deliver a perfect payment “experience” every time. Competition for high-value customers will become even more fierce.
• A few major projects, like the Windows 10 migration for ATMs, are going to suck up significant amounts of time and resource, putting pressure on everyone within the payments industry and competing with the other 200 or so other “regular” projects you have in your queue.
• AI, AR, Autonomous Things, Quantum Computing and other new technology may get some press time and see some R&D dollars, but they won’t be ready for prime time this year.

The industry needs to embrace and get comfortable with the “new normal.” Organizations that cannot operate at the speed of change will get left behind. Here are a few final suggestions:

• Simplify. Eliminate inefficient, redundant and high-risk legacy systems in favor of robust and high-performance testing platforms that will give you the flexibility and control you need to be successfully in today’s dynamic environment.
• Automate. Manual testing is too slow, too expensive, does not provide broad enough test coverage and introduces too much risk into your testing processes.   
• Integrate. Use available APIs to connect internal and external systems together to promote communication and collaboration.
• Protect. Factor security into every aspect of your testing infrastructure.
• Test. Focus on expanding your test coverage and understanding how all the elements of your payment systems work together at scale.

So, there you have my thoughts on 2019. No additional predictions on the Super Bowl, the Rugby World Cup, the Cricket World Cup or Brexit.  

Please feel free to let me know your thoughts on what’s coming this year and how we can help your organization.