FAQs & Webinar Recording - Pre-Certification webinar
Testing and validation to acquirer protocols are often considered only at the end of developing a new product or service in the payments industry. Accessibility, flexibility and availability of acquirer platforms, logs, time-slots and technical support are often the sources of significant delays or technical modifications, which can drastically postpone delivery and quality.
In UL's webinar on Pre-Certification we dived into how you can mitigate the technical impacts for terminal and host readiness by integrating UL's SecureHorizon as a Self-Provisioning platform for protocol and test capabilities throughout your development and testing processes. Below you will find an overview on the most Frequently Asked on UL's SecureHorizon.
How does a non-compliance issue during the acquirer certification process impact the product development process and launch?
Non-certification related business requirements such as loyalty, discounts, gratuity, cashback, incremental authorizations, recurring payments, etc. need to be tested throughout the year and need to be checked with acquirers’ systems to make sure transactions are processed properly. Testing of these requirements can involve a lot of back and forth and debugging assistance from the acquirer who doesn’t necessarily have the time and resources to do that in a reasonable timeframe.
This will impact the customer product launch and eventually will bring the product back to the development cycle in order to fix the issue(s). That is why running pre-certification exercise early enough during the development process will help prevent this from happening.
My bank a very specific protocol – what’s the average time to implement any bank specific implementation based on your existing customers?
From our experience this very much depends on the complexity of the protocol. As we know ISO8583 is only a standard and this has been adapted for the different protocols so there might be data specific differences that can take some time to implement. To create a standard ISO8583 protocol parser is quick and can be created in 2 days, but the differences can take a couple of weeks to perfect, as experienced with our pilot customers. Also, there are some terminal specifics that differ between the protocols that might complicate the implementation and cause longer implementation effort.
I already have a UL Brand Test Tool, how is SecureHorizon different?
The UL Brand Test Tool is used for brand certification and is a desktop solution. The Brand Test Tool implements three kind of validations when performing brand certification:
- Card-terminal validations (transactions happening between the card simulator of the BTT and the card interface of the terminal),
- User validations (what it is happening at the POS screen or receipts being printed)
- Terminal-host validations (interaction of the terminal acquirer infrastructure with the network).
SecureHorizon is a web-based platform providing a sandbox for pre-certification (brand certification readiness).
- Secure Horizon can support terminal-host validations with the advantage of simulating acquirer hosts protocols, something BTT cannot do.
- Offers the possibility to customize and create your own test cases, which can supersede or modify the ones defined by the schemes, so this can be useful for your own QA or regression test cycles.
- To validate Brand certification readiness with SecureHorizon, they will need the specific Brand test cases to be developed (either we can provide or they will need to develop their own).
When developing a payment system on a COTS device that does not have Ethernet, can I use Secure Horizon to help me with this?
Yes, as long as the COTS device can connect to an IP address generated by SecureHorizon.
At which stages of the product development process can self-testing most help pre-certification efforts and ensure terminal readiness?
Self-testing should be done from the start of development to prove terminal readiness. The SecureHorizon platform is designed to test Host messages received from the terminal and return relevant responses. It is important to stress this is only for online host messages and the BTT tool will be used for Terminal to Card validations.
How does the SecureHorizon testing platform save time in product testing during product development?
It saves time in product testing by providing a 24/7 testing sandbox you can use to perform acquirer/processor host message validation and spot potential errors implemented in your SUTs.
No need to wait for a testing window or debugging assistance from acquirers. Besides, it provides automated online host validation logs which is something that majority of the host platforms do not do.
How can customized versions of protocols be handled on the SecureHorizon platform?
You can create a new or customized protocol from the ISO 8583 template available on all accounts. You can duplicate protocols and change their names to handle various versions of a same protocol.
How is the data stored and managed for SecureHorizon? Who owns the data, and what assessments have UL done to ensure that this data is secure?
The customer remains the data owner. Data is stored on AWS servers. We have done pen tests of the platform to ensure its security.
For more information on SecureHorizon, please contact us.