Bank Application Test Workflow and Cases

Banking Application Test Workflow –

1) Requirement Gathering
2) Requirement Review
3) Business Scenario Preparations
4) Functional Testing
5) Database Testing
6) Security Testing

1) Requirement Gathering -Involves the documentation of requirements either as

Functional Specifications or as Use Cases. Requirements are gathered as per customer
needs and documented by Banking Experts or Business Analyst.
Experts are involved in writing requirements on more than one subject as banking itself
has multiple sub-domains and one full-fledged banking application will be the
integration of all these domains.
For Example, A banking application may have separate modules for Transfers, Credit
Cards, Reports, Loan Accounts, Bill Payments, Trading etc.

2) Requirement Review - The deliverable of Requirement Gathering is reviewed by all the

stakeholders such as QA Engineers, Development leads and Peer Business Analysts. They
cross-check that neither existing business workflows nor new workflows are violated. All
the requirements are verified and validated. Follow up actions and requirement
document revisions are done based on the same.

3) Business Scenario Preparations - In this stage, QA Engineers derive Business Scenarios

from the requirement documents (Functions Specs or Use Cases); Business Scenarios are
derived in such a way that all Business Requirements are covered. Business Scenarios
are high-level scenarios without any detailed steps. Further, these Business Scenarios
are reviewed by Business Analysts to ensure all of the Business Requirements are met. It
is easier for BAs to review high-level scenarios rather than reviewing low-level detailed
Test Cases.
For example, a customer opening a Fixed deposit on the digital banking interface can be
a business scenario. Similarly, we can have different business scenarios related to net
banking account creation, online deposits, online transfers, etc.

4) Functional Testing - Functional testing is performed and the usual software testing
activities are performed such as:

Test Case Preparation: Test Cases are derived from Business Scenarios, one Business
Scenario leads to several positive test cases and negative test cases. Generally, tools
used during this stage are Microsoft Excel, Test Director or Quality Center.
Test Case Review: Reviews by peer QA Engineers
 Test Case Execution: Execution could be either manual or automatic involving tools like
QC, QTP, etc.
The functional testing of a banking application is quite different from ordinary software
testing. Since these applications operate with customer’s money and sensitive financial
data, they are required to be tested thoroughly. No important business scenario should
be left to be covered. Also, the QA resource who is testing the application should have
the basic knowledge of banking domain.

5) Database Testing - Banking Application involves complex transaction which is performed

both at UI level and Database level, Therefore, Database testing is as important as
functional testing. The database is complicated & an entirely separate layer in the
application and thus its testing is carried out by database specialists. It uses techniques
like:
 Data loading
 Database Migration
 Testing DB Schema and Datatypes
 Rules Testing
 Testing Stored Procedures and Functions
 Testing Triggers
 Data Integrity

The major purpose of database testing is to ensure that:

 Application is able to store and retrieve data from the database without any loss
of data.
 Completed transactions should be committed and aborted transactions are
reverted back to avoid any mismatch in data stored.
 Only authorized applications and users are allowed to access the database and
the underlying tables.
There are primarily three ways of database testing:
 Structural Testing
 Functional Testing
 Non-Functional Testing

6) Security Testing - Security Testing is usually the last stage in the testing cycle. A
prerequisite to commencing security testing is the completion of functional and non-
functional testing. Security testing is one of the major stages in the entire Application
testing cycle as this stage ensures that application complies with Federal and Industry
standards.
Due to the nature of the data they carry, banking apps are very sensitive and are a prime
target for hackers & fraudulent activities. Security testing makes sure that the
application does not have any such web vulnerability that can expose sensitive data to
an intruder or an attacker. It also assures that the application complies with standards
like OWASP.
 In this stage, the major task is the whole application scan which is carried out using tools
like IBM AppScan or HP WebInspect (these are the most popular tools).
Once the Scan is completed, the Scan Report is published. Over this report, False
Positives are filtered out and the rest of the vulnerabilities are reported to Development
team so that they start fixing the issues depending on the severity of each issue.
Penetration testing is also done at this step to reveal the propagation of errors. Rigorous
security testing should be done across platforms, networks, and OS.
Some Other Manual tools for Security Testing used are Paros Proxy, Http Watch, Burp
Suite, and Fortify.

Sample Test Cases for Banking Application -

1) Test cases for new Branch

 Create a new branch with valid and invalid test data.
 Create a new branch without data.
 Create a new branch with existing branch data.
 Verify the reset and cancel options.
 Update branch details with valid and invalid test data.
 Update branch details with existing branch test data.
 Verify if the new branch can be saved.
 Verify the cancel option is working.
 Verify the branch deletion with and without dependencies.
 Verify if branch search option is working.

2) Test Cases for New Role

 Create a new role with valid and invalid test data.
 Create a new role without data.
 Verify new role can be created with existing test data.
 Verify the role description and role types.
 Verify the cancel and reset option is working.
 Verify the role deletion process with and without dependency.
 Verify the links in role details page.
 Verify the admin login without test data.
 Verify all home links for the admin role.
 Verify the admin can change the password with valid and invalid test data.
 Verify the admin log out successfully.

3) Test cases for customer and banker

 Verify if all visitor and customer links are working properly.
 Verify the customer login with valid and invalid test data.
 Verify the customer login without any data.
 Verify the banker login without any data.
 Verify the banker login with valid or invalid test data.
 Verify the customer or banker can log out successfully.
4) Test cases for New users
 Verify if the new user can be created with valid and invalid test data.
 Create a new user with existing branch test data
 Verify if cancel and reset option is working properly.
 Update user details with valid and invalid test data.
 Verify the deletion of the new user.
 check if the new user can be verified.
 Verify mandatory input parameters.
 Verify optional input parameters.
 Verify if a user can be created without optional parameters.

5) Test cases for the creation of a new account

 Create a new account with valid and invalid user data.
 Verify if user details can be updated.
 Verify if a new user can be saved.
 Create a new account with the existing user's data.
 Verify the user can deposit amount in the newly created account (and update the
balance).
 Verify the user can withdraw an amount from the new account (after deposit and
update the balance).
 In the case of salary, account verify the company name and other details are
provided by the user.
 Verify if the primary account number is provided in case of secondary account.
 Verify user details provided in cases of the current account.
 Verify the provided proofs for joint account in case of a joint account.
 Verify whether able to maintain zero balance in salary account.
 Verify whether able to maintain zero balance or minimum balance for the non-salary
account.
 Verify the new user can log out successfully.

6) Test Cases For Net Banking Application

 Check if the user is able to open the bank site.
 Check if all the links in the site are working.
 Verify if the user is able to create a new account.
 Check if the user is able to login with valid and invalid username and password.
 Verify if either of the username or password is blank while login, the user should not
be allowed to login and an alert message is shown.
 Check if the user is allowed to change password.
 If invalid user or password is entered proper error message is shown.
 User with an invalid password should not be allowed to log in.
 Verify that after repeated attempts to log in with an incorrect password, the user
should be shown an error message and blocked.
 Check if the user is able to perform some basic transactions.
 Verify that the user is able to add a beneficiary with valid and invalid details.
 Verify if the user can delete the beneficiary.
 Verify that the user is able to make transactions to the newly added beneficiary.
 After transaction verify if the accounts of both user and beneficiary are updated.
 Check if the user is able to enter amount in decimal number.
 Verify if the user is not able to enter negative numbers in the amount field.
 Verify if the user is allowed to do transactions with or without minimum balance.
 Verify if the user can do new RD.
 Verify that proper message is shown in case of transaction done with insufficient
balance.
 Check if the user is asked for confirmation before any transaction is done.
 Verify if acknowledgment receipt is provided on each successful transaction.
 Verify if the user is able to transfer money to multiple accounts.
 Verify if the user can cancel the transaction.
 Verify that account details reflect financial transactions done also.
 Verify that the time-out feature is implemented.
 Verify that in case of session time out a user should log in again.
 Verify that proper session time out is done in case any inactivity.
 Verify that while doing transaction user is taken to secure mode.
 Verify if the user can log out successfully.
 Verify search and reset option.