Open Banking testing: the CRIF Global Technologies’ API test automation project with PSD2 security
Maria Francesca Emiliani, Test Factory Manager - CRIF Global Technologies, and Sara Mucci, Business Analyst - CRIF RealTime Ltd., spoke at the event “The quality of software and mobile apps in finance” as part of the 2021 Digital Roadshow.
During their presentation, they explained how CRIF Global Technologies used an agile approach based on the introduction of a Test Automation expert from the very beginning and on DevOps tools supplemented with ad-hoc code quality and security controls. In this way, the automation developed alongside the code, and the defects were fixed right from the start. This has led also to better code quality, with more commented and cleaner code from a technical perspective. Moreover, they explained how CRIF Real Time was one of the first to connect APIs for access to accounts following the introduction of PSD2. This connection involves both adherence to software quality and security standards and management challenges, given the uncertainty of operating in an area that is new to financial services. From a business perspective, the product has gained a lot of benefits, so that the speed at which the application is released is much higher than before, having less regression testing requiring manual checks.
“A key decision was to introduce a Test Automation expert into the team from the outset to acquire business knowledge and create independence, as well as giving the team a sense of product usability. The use of quality and security controls, through expert reviews and tools such as Fortify, CAST and penetration testing, allowed us to achieve a linear and annotated code. What’s more, we saw the production of fewer lines of code, easier to maintain, and we built a virtuous cycle of controls, quality, security, and serviceability,” explained Emiliani.
Watch the full presentation