Towards test automation for certification tests in the banking domain

Abstract

Software systems in the banking domain are business-critical applications that provide financial services. These systems are subject to rigorous certification tests, which are performed manually, and take weeks to complete. In this paper, we suggest that automation of the certificate tests are possible and it will save a considerable amount of time. A certification testing operation which can take a few weeks can be reduced to a few seconds. Firstly, we review the existing test activities to identify the ones that can be automated and introduce a prototype tool for automating some of the tests used for certification. We focus on rules that are verified by analyzing the banking infrastructure. Our tool takes the network topology of the banking infrastructure as input and verifies a subset of these rules. The tool can be extended with additional rules in order to reduce the effort for certification tests. In addition to this tool, we introduce softwaredefined network-based tests to automatically verify compliance with the rules by checking the firewall constraints and host connections. In particular, we focus on a security certification standard named Payment Card Industry Data Security Standard. This certification aims to reduce the risk of data breaches in cardholder data by ensuring industry standard practices for payment card transactions. Our tool offers effort reduction in auditing through automation. It supports continuous auditing and network security enhancement processes.