26 April 2016

Modern test methods for EBICS systems in Germany, France and Switzerland

Complex systems require complex test procedures. However, this does not mean that setup and operation of the test system itself needs to be complicated. This applies in particular to EBICS server systems. With the right tools they can even be checked relatively simple for proper functioning down to the last detail. All what is needed is a clever black-box test that adheres meticulously to the EBICS standard.

Meet the requirements

The requirements to electronic banking for corporate clients or in clearing are enormous. Transfers in the billions are made daily. The accounting systems of enterprises depend to be supplied continuously with current sales figures and account information.

For credit institutions, quality assurance in this sensitive area has become a duty long ago. This applies on the one hand for ongoing operations, on the other hand as a starting point after a server update.

User interface of the BL Test System

Test properly

The ideal method to be used is black-box testing. The test machine checks the compliance of the system to be tested against the standard. That is, the test system acts to the EBICS server like a normal EBICS client and checks the compliance with the EBICS specification in detail. For the EBICS server the requests look the same as those of the customers.

For the tests to be meaningful, they must cover the whole spectrum of the service. In the area of payments via EBICS, this includes in particular the key management (initializing, locking, key exchange), the sending and retrieving of files and the functions of the Electronic Distributed Signature (EDS). Also essential are holistic tests that include the server-side processing in the checks. Thus, also checking the customer protocol generally belongs to a complete test, no matter if the format is PTK, HAC or PSR.

Draft test cases

Many test scenarios check the behavior of the EBICS server with regard to a specific part of the standard, for example the reaction to exceeding the daily limit of SEPA transfers. The SEPA file needed for this must match various criteria in the content in addition to having the correct format, to be able to perform the limit check on the server side at all. Besides the checksums for example, also a valid originator account and a suitable execution date must be selected. After sending the file and waiting for a short delay, the protocol must be retrieved and checked for the correct status.

Automatic test processes

Even simple limit tests are associated with high efforts for the file creation. Additionally there are the costs for retrieving the protocol and the correct evaluation regarding the expected result. In an economically reasonable process, these tasks must be completely covered by the test system.

For this purpose, generators are needed on the one hand to create payment files according to specific criteria. On the other hand, protocol files matching the send order must be retrieved and evaluated automatically. Only this way the tests are meaningful, repeatable and especially can be accomplished at all in a cost efficient way with regard to the effort.

Reliable monitoring without personnel expenses

After recording all test cases, the applications demonstrate their capabilities to full extend. Whether started via push button or as a permanent monitoring, they put the EBICS system through its paces — logging and reporting included. If the test system detects an error in monitoring mode, the administrators know about it by email within seconds.

Compared to extremely time-consuming, manual test procedures, which often engage personnel for weeks, the automated process can be 100% reproduced.

Testsuite for international EBICS

The Testsuite of Business-Logics specialized on EBICS servers consists of two components: the BL Test System for functional testing and the BL Load Test System for checking the overall performance of the server. Both components support the EBICS standards for Germany, France and Switzerland.

For interested customers a demo version is available upon request from the manufacturer.