Case Study

3DS 2.0 Testing Platform improves solution reliability
and lowers risk for Global IT Services Provider

RS_Case_Study_Test2Pay_3DS2

Background

With the proliferation of online payments, new security threats are surfacing on a daily basis. Since card-present transaction security has improved significantly with the implementation of chip-based transaction authentication measures, fraudsters are now targeting card-not-present environments. Recognizing the need to standardize next generation payment security for card-not-present transactions, EMVCo has released the next version of the three-domain-secure specification [3DS 2.0] to extend its support to new payment channels such as tablets and smartphones, while reducing friction and improving user experience.

RS Software has developed a unique 3DS2.0 Test Simulator platform based on the 3DS 2.0 standard which enables our customers to test different components of the entire 3DS 2.0 ecosystem such as Access Control Server (ACS), Directory Server (DS), 3DS Requestor, and 3DS Client using the service virtualization technique.

RS Software has successfully implemented the simulator for a leading Japan-based payment service provider for their new ACS system currently being developed following the EMVCo 3DS 2.0 specification.

RS Solution

RS Software leveraged its pool of professionals experienced in EMV Technology, payment security and microservice architecture to build a platform for 3DS 2.0. This platform exposes all the components as defined by EMVCo to create a simulated environment. Thus, the simulator created by RS significantly differs from other simulators that are available in the market.

The RS simulator for 3DS 2.0 helps customers to achieve the following testing goals:

a. Test for Connectivity: Link Testing

b. Encoding and Encryption

c. Test For 3DS Client – through browser and device simulation

d. End to End (E2E) Message Flow

e. Acceptance Testing

f. Regression Testing g. Pre-certification / Compliance Testing

Overall Solution

RS Software’s in-depth expertise on payment security and 3DSecure that were utilized on this engagement stems from the following experiences:

  • RS has worked with the world’s leading global payment network to develop 3D Secure 1.0
  • We worked with multiple payment institutions to develop hosted payment solutions based on microservice architecture; through these engagements we have developed proficiency in payment security and transaction risk evaluation
  • Our proprietary RS Test2Pay™ product framework was created for the simulation of payment services as per the EMVCo specification

As an outcome of the above assets, RS Software has created a technology framework for 3DS 2.0 environment simulation which can simulate all 3DS 2.0 components as defined by EMVCo as well as act as a Sandbox to help development of interfacing components.

Key Solution Highlights

1. General

  • a. Architected to support high volume of transactions
  • b. Built on a multi-tenant model to support multiple users simultaneously
  • c. Designed to test multiple instances of the 3DS 2.0 component with a single test instance of the simulator
  • d. Capable of driving large batches of transactions to test system throughput to desired TPS [e.g. 100 TPS]
  • e. Components can be configured to modify message data element content at the user level

2. User Management

  • a. Role based authentication
  • b. Manage user (add / update )

3. Test Setup

  • a. Manage Test Cards
  • b. Manage simulated Test Devices (iOS / Android / Windows)
  • c. Configure message elements for testing
  • d. Configure AUT (Application Under Test) details
  • e. Export / Import User Configuration

4. Test Management with an integrated 3DS Test Scenario repository

  • a. Manage (Add / Update / Delete) Test Scenarios
  • b. Execute Test Scenarios (single and multiple)
  • c. Test Result history
  • d. Export / Import of Test Scenarios

5. Test Execution

  • a. Execution of adhoc scenarios
  • b. Execution of pre-defined scenarios
  • c. Display of test results at the message level in an integrated JSON editor for better understanding
  • d. Download test results

6. Automated Execution

  • a. Execute Multiple Test Scenarios
  • b. Execute Load Testing

The base product was customized for our customer to address:

  • 1. Customer environment related changes
  • 2. Customer implementation of ‘Message Encryption’ and ‘Key Pair Generation’
  • 3. Device Data generation requirement (outside simulator automation)

The entire deployment service provided to the customer includes:

  • 1. Setting up production environment (Linux) – This does not include hardware configuration and software requirement provided in advance to our customer
  • 2. Deployment of 3DS 2.0 Test Simulator in production environment
  • 3. Integration of 3DS 2.0 Test Simulator with customer ACS system
  • 4. Post deployment support

Given below is the scope of this particular deployment of the Simulator with respect to EMVCo 3DS 2.0 specifications:

RS_Case_Study_Test2Pay_3DS2

Value Delivered

  • More than 10,000 test data created by RS
  • More than 40,000 scenarios executed by the customer
  • The customer was more than a month behind schedule. After introduction of the simulator, the go-live and development activity were completed on time
  • Integration issues (not conforming with EMVCo specification) while interacting with other components of 3DS 2.0 were identified early in the life cycle
  • Multiple testing phases (and hence multiple development teams) were planned in parallel; this helped the customer to start working on 3DS 2.1 while going through the certification process of 3DS 2.0

About RS Software

rslogo copy

RS Software’s exclusive focus on payments and proven track record has made it the brand of choice for leading payments providers seeking to improve time to market for solutions that can generate additional revenues and save money. We have repeatedly delivered end-to-end solutions that include ongoing testing, enhancements and support to keep our clients current with the dynamic landscape in the payments industry