The client, a large European holding with a diversified portfolio of financial, investment, and internet businesses, including self-service cash kiosk network, electronic money system, online casino, and lottery, was working to develop a payment mechanism for internal needs and corporate services.
The initial idea transformed into a proprietary online payment platform for Central and Eastern Europe, the region where the market was rapidly developing.
The client hired a software development company to build the platform and decided to invite an independent testing provider in order to ensure the product’s quality.
The major goal was to guarantee top security of all payments and transactions and smooth, protected integration with multiple local banks.
a1qa demonstrated impressive security testing expertise and a successful track record of preparing different applications, e-commerce, and online payment systems for international financial security standardization, and was invited to deliver the project.
To make the online payment service a marketable commercial product, it was necessary to ensure its compliance with the international Payment Card Industry Data Security Standard (PCI DSS).
The goal for a1qa was to provide full-cycle testing for the newly developed online payment web platform and prove that it complied with PCI DSS requirements.
A joint team of experienced QA engineers, security testers, Java developers, and business analysts was engaged in the project.
The a1qa team performed comprehensive functionality testing activities to make sure the billing mechanism worked properly and was easy to use. Alongside with that, the experts had to validate the application’s security according to the following criteria:
a1qa ran all testing scenarios in time and provided a detailed report on each security requirement.
The company launched the most critical tests more than 20 times each to prove the stability of the system’s security and investigate all possible and potential data loss risks.
The PCI DSS auditors had no remarks about the system or any of its components.