Skip to main content

Negative Testing Delivers Positive Results for the Payment Industry

Steve Gilde August 21, 2024
person-testing-code-on-laptop
Negative Testing Delivers Positive Results for the Payment Industry
7:55

We have talked before about the complexity of the ISO 8583 messaging standard. Even after nearly 40 years and countless modifications, it remains the primary vehicle for the global exchange of messages and data to facilitate retail payment transactions. 

There has been an amazing transformation of a standard that began back in 1987 when most credit card transactions were still being processed using manual imprinters (sometimes known otherwise as zip zap machines or knuckle busters). Electronic POS terminals were just starting to gain widespread adoption. 

The Internet was still in its infancy. There were no EMV cards, contactless transactions, e-commerce, smartphones, or digital wallets. These are all things that we take for granted today and for the most part cannot live without. 

The flexibility of ISO 8583 has allowed card brands, networks, and processors to address the significant changes that have taken place across the payment industry and adapt the specifications to meet their specific requirements. Unfortunately, this has led to many different interpretations and implementations of the standard, making it time-consuming and expensive for industry participants to stay in sync with their partners and peers. 

For more than 30 years, Paragon Application Systems has been serving the financial services community by providing payment testing solutions like Web FASTest that help ease the burden of compliance with rapidly evolving standards like ISO 8583. We have a team dedicated to reviewing the technical bulletins and specification changes that are published for all of the various versions of ISO 8583 and then making the appropriate modifications in our simulators. 

We understand the important responsibility we have to help our clients test and validate that they can correctly format, send, and receive messages to and from their network partners so that every consumer payment transaction is processed, quickly, correctly, and securely. 

 

How Negative Testing Helps Protect Payment Systems  

While it is certainly important that every payment industry participant takes the steps necessary to process their ISO 8583 messages correctly, not every message exchange takes place exactly as planned. With billions of global transactions being processed across millions of endpoints, it is inevitable that some messages will be formatted incorrectly or contain invalid data. 

So in addition to helping clients be positive that they can process messages and transactions correctly, we also provide bit-level editing capabilities that enable users to perform extensive negative testing. 

Negative testing involves deliberately injecting invalid, incorrect, or missing data into your systems to proactively identify and address potential processing issues or system bottlenecks before they cause applications and systems to fail.  

Some specific examples of negative testing scenarios include: 

  • Invalid message or transaction types: Sending/receiving incorrect message types. 

  • Invalid amounts: Negative amounts, excessively large amounts, decimal errors. 

  • Missing or invalid data: Mandatory fields left blank or filled with incorrect information. 

  • Network outages or delays: Simulating network failures or slow response times.
     
  • Test fraudulent card numbers: Using known compromised or fraudulent card data. 

 

Comprehensive use of negative testing scenarios helps to: 

  • Strengthen Error Handling: Negative testing helps ensure that your payment processing systems can gracefully handle incorrect, unexpected, or missing data. 

  • Identify security vulnerabilities: Negative testing can help uncover certain scenarios that would allow hackers or other bad actors to compromise your systems. 

  • Improve system reliability and availability: Negative testing helps ensure that your systems operate at peak efficiency and can handle unexpected incidents without failing. 

 

Negative Testing Is Also Important for ATMs 

Given the complicated nature of both ATM application software and physical hardware components, negative testing with ATMs is also necessary, but can be difficult and expensive. There are many, almost legendary examples of ATM technicians attempting to simulate ATM device failures with everything from screwdrivers to letter openers, to coat hangers – mostly with catastrophic results that require expensive and time-consuming repairs to the ATM. 

Virtualization technology makes negative testing for ATM fault conditions, network anomalies, and other error scenarios much easier. For example, the Paragon VirtualATM platform allows testers to easily simulate a wide variety of ATM fault conditions without the risk of damaging the ATM or any of its physical components.  

The Paragon VirtualATM simulator includes a significant number of pre-configured and ready out-of-the-box fault conditions, as well as the flexibility for users to configure their own unique fault scenarios, helping to ensure that device failures and error conditions are always handled correctly. 

Some specific examples of negative ATM testing scenarios include: 

  • Card reader failures: Card jams, card not read, or other failures.
     
  • PIN pad failures: Simulating PIN pad errors and bad PIN entries. 

  • Dispenser failures: Cash jams, cash-out conditions, or mis-dispenses. 

  • Receipt printer failures: Paper jams, printer errors, or missing receipts. 

MythBuster: Negative Testing is Not About Breaking Things 

It is important to understand that negative testing is not about breaking your applications or systems. The goal of negative testing is to identify, understand, and address potential issues before they can impact the reliability or availability of your payment processing environment.  

Both positive and negative testing are critically important to ensure your applications and systems operate correctly, with peak efficiency under both normal and abnormal conditions. 

 

Faster, Better Payment Testing 

At Paragon, we understand the critical role that testing plays in operating and maintaining any modern payment system. No matter if you are an issuer, acquirer, network, processor, merchant, or ATM fleet owner, the payment industry and associated message standards like ISO 8583 will continue to evolve to support inevitable changes in consumer behavior and technology, as well as fraud prevention and information security. 

Our tools and simulators are designed to give clients total control over their payment testing operations, facilitating the most efficient and comprehensive testing possible for both positive and negative scenarios.

The use of modern payment testing tools and a comprehensive approach to testing will help ensure that your payment systems are efficient, secure, and resilient to the real-world challenges all organizations face in the complex business environment we operate in today. 

Interested in learning more about upgrading and simplifying your payment testing capabilities? Request a consultation with our team of payment industry testing experts today. 

Request a Consultation

Related posts

Payments Testing - August 1, 2024
Outage Outrage: Lessons from the CrowdStrike Failure
Steve Gilde Author at Paragon
Payments Testing - July 24, 2024
Checkmate: How Retailers Can Manage the Digital Payments Puzzle
Steve Gilde Author at Paragon
Payments Testing - July 10, 2024
Beyond the Beep: The Evolution of Self-Checkout
Steve Gilde Author at Paragon