I tried improving QA in the payment industry
I built a software testing platform called VirtualTestCenter during what I consider an intense but brief experience in the banking industry. It was supposed to be a SaaS tailored to technology providers integrating with payment gateways, acquirers, processors and banks. It failed as a business, but I’m still proud of what I created.
Background
In 2012 a friend identified a technical bottleneck in the payment industry and asked me about how I would solve it. He explained that all software releases were being tested by hand, and it would take many days for a team of people to follow the test scripts and fully test a new release. This was expensive and required many test cycles to perfect the version. It was a black box test being performed on a waterfall development strategy.
The terminal application was very configurable, it had different layers of abstractions, and it would run on proprietary payment terminal hardware while having lots of external dependencies.
At the time, I had absolutely no experience in this industry, but I was excited to work on a new opportunity. I just didn’t know it would take a while to get there.
Prototype
These payment terminal applications were all written in C language and that made things easier. So I came up with the idea of implementing a compatibility SDK. This SDK would implement and mock all the different proprietary OS functions allowing the application to be ported to another host OS. It would expose peripherals through a standardized protocol or api (like a high level debugger). The application then could be run locally, uploaded to a test server or integrated with a CI pipeline.
Ooof, that was a megalomaniac QA manager’s dream. And it was a period that the awareness of the importance of software quality assurance and test automation was being raised and the tech industry in general was coming up with better testing tools. And this was years ahead of what was provided by terminal manufacturers.
Emulation was a concept already established at the time, but I found easier to just mock the entire SDK and recompile the application. There were some technical arguments against it, and other issues on how specific things would work, but I could not think of any blocking factors.
After getting access to the documentation and SDK of one of the most used terminals available at that time, I came up with this:
It was a very simple attempt at achieving what I was proposing. I created a project that would compile a DLL on windows having placeholders for all the target SDK functions, mocked the most important ones, added a simple websocket interface and implemented a web app that talked to it. I also implemented a simple payment application that could be compiled on both SDKs. It was a good enough proof of concept.
Apparently, I also worked on a more interactive prototype that I don’t even remember working on. I found this somewhere in my not so organized old projects archive.
This was probably never shown to anyone. Well, now you saw it.
Vision
My friend and soon to be co-founder started talking to some people in the industry to pitch this idea. We would persist trying to sell it for the next coming years. We talked and presented it several times to potential key clients. I will just save you some expectation, we never actually got to sell this idea. But we continued to show it around.
It took a while and by the end of 2015 we landed a local consultancy project to support UL TS, a global company. They had acquired Collis, a well-established provider of tools but were having trouble to deliver projects locally, here in Brazil. We then shifted focus, opened a consultancy business and put our project firefighter’s hat.
This gave us time to acquire more knowledge and gain a better market perspective. I had the opportunity to work with major market players and quickly learn all the relevant specs in the industry. Had a first-hand look at how systems were implemented, got to know their pain and came up with some more ideas. Smaller and more specific products were conceived from our consultancy period.
I just want to highlight that these systems were messy. Usually, there are several systems involved in, for example, processing your usual credit card payment. And at least here in Brazil, we are damn creative when it comes to financial products. If a transaction failed, good luck finding the debug message in one of the hundreds of log files generated in the mainframe or several other systems involved.
After two years, our contract came to an end and this experience helped us find a niche that in our heads, would allow us to gain industry space by providing competitive services.
I don’t want to focus too much on the business details here. It’s a long story maybe more suited to be told separately. I just want to mention that this initially worked. My co-founder managed to get us working with Stone, an acquirer that had a more tech oriented mindset. We became their accredited solution certification provider.
But the ultimate goal was to create a product that we could sell on its own as a subscription service. We would offer consultancy services, but our clients would have complete autonomy. This was at a time that this kind of service was always outsourced or absorbed by the banking institutions. It was the fintech boom, and many startups were stumbling upon the intricacies of the industry. We wanted to facilitate that.
Implementation
And VirtualTestCenter was born. The vision was to have a flexible product allowing us to eventually mock and test all the different systems of a bank. And differently from the tools available at the time, it had a holistic approach to testing. I’d like to compare it to being like a swiss-knife for the banking industry. The idea was to make everything more visible and organized.
I began focusing on features needed to monitor and validate the whole transaction life-cycle. My co-founder focused on preparing a standardized test base that could be adapted for each client when bootstrapping a project. We were entirely self-funded. Later, we hired other people to help creating and performing tests so my co-founder could focus more on business.
Looking at the commit history, I began working on it right after 2017 new year’s. By April we had a working version. Feature incomplete and bugs alright. But usable, especially since we would be the main users for now.
Our product allowed the user to create mock hosts. It could receive or inject transactions. With the possibility of parsing different kinds of protocol standards and message formats. We could create rules to define dynamic responses, or use a single test case to dictate the whole behavior. The user didn’t need any coding experience to personalize it.
This was already different from the tools available at the time in the sense it was centralized, more organized and less magic happened under the hood. With VTC (as we called it), it was clear what failed and where it failed.
It also had some basic test project management functionality to make it more shiny.
I coded everything in javascript. It was an SPA (single page application) and the back-end was based on Node.js. I did not use any framework. After evaluating the state of many frameworks at the time, I came to the conclusion they would just slow me down and I really disliked what I saw. So I coded a plain javascript SPA application. I think it was pretty elegant, although I would now change several concepts. The database was MongoDB. I was really tired of using SQL based relational databases and a flexible product required a flexible database. I was careful enough to create document validation to keep the database coherent. And hey, I was just one developer working on it. Don’t judge me.
The service portion of our business grew but many other features were still required to achieve the vision. Besides bug fixing and support work, I continued developing the tool itself.
The card simulator was the next big feature. It was, in fact, a smaller product in itself. This feature would allow us to completely test the payment side, and once finished, we would have the same technical capabilities of all the other competitors.
I didn’t want to develop proprietary hardware. It would cost a lot of time and money. So I decided that the fastest product iteration would be to use a Java Card. I created a “dumb” card applet to match APDU requests and generate user defined static responses. I also implemented dynamic responses matching banking specs, useful to test cryptograms.
There was a desktop application also written in Java. I called it Virtual Card Connector. When the test was active, the web app talked to the desktop connector on localhost, it in turn transformed the test structure into a BER-TLV card script and used a PC/SC device to load the test script file onto the applet data space. The script was interpreted by the card applet, a log was stored internally while interacting with the actual terminal. The log was then uploaded back to the web app through the card connector where the actual validation would occur. This was really fun to create.
We bought a pack of java cards that would allow us to test contact and contactless transactions. A card printer to personalize the cards. And hey, we sold a few kits! These kits were prepared to be used against our test base. We called it Virtual Pay. I know.. we abused the hell out of the V word.
I started working on this feature on November 2017, it was ready by January 2018. I even posted about it.
And here is a complete test execution using both card simulation and a pin pad (feature added later).
During 2018 I continued updating the product and working mostly on the technical side of things. I even worked on a new version with better UI. I didn’t bother trying to get screenshots though.
I wanted to shift my focus to take the lead in marketing the product. I made a simple website for it. My intention was to start generating content to bring awareness to the product. I also wanted to bring more people onboard. The idea was to market it globally.
Our website (click to expand)
The initial prototype idea was never implemented. The intention was to offer something similar to what the market had and if we landed certain projects, we would implement it further, allowing application testing to be truly automated on the platform. Despite our best efforts, it never happened.
By the time we had a very competitive product, I was burned out and quite honestly, was blindsided by what came next.
Business downfall
Our service offerings basically died during the second half of 2018. My co-founder was in charge of bringing in new businesses since he had a good rapport in the industry. We would discuss the situation and I personally felt like it was a normal business struggle. The nuances are complicated and I don’t want to get into it on this post.
But without capturing new businesses, our revenue plummeted. This greatly affected our ability to grow the product. We did have some local clients paying monthly for the platform, but it was not enough to sustain. We lost steam and by November 2018 it was clear things were not going well. We even tried pivoting the product but that was a mistake.
By March 2019 I was returning the keys of our office space. We decided to kill the business and part ways with the money we had left. The product continued being used by a few clients and was basically on life support.
I shifted my focus to another industry and back to an older product of mine that was still alive. I had a dev working with me to support this product throughout this entire period since it continued to generate revenue. He decided to leave right around the same time. It was a simple choice for me. And by 2020, covid hit.
After covid, my friend continued offering consultancy services for the industry and eventually would use our product here and there. But I’m no longer involved in this industry besides the eventual support.
Further work
Some time ago a client commissioned another tool to test pin pads according to a local protocol standard. I solved this in the same way as with the card. I created a Java desktop application to act as an interface between the web app and the hardware. I made this around February 2023.
Conclusion
It’s been a long time since I wanted to document my projects and just now I decided to write about it. I’m at a crossroads and writing about it gives me some perspective and closure. In fact, sometimes I wonder if this still has market potential.
My intent was to focus on the product development and some business related events. Maybe one day I can write more about the hard stuff. Creating a new business with a co-founder while being dropped head first in a new industry was a huge experience. I grew a lot professionally and as an individual. To be honest, some of it is still being assimilated.
Product development is not just technical ability. It requires an extra level of perception that in my opinion only life experiences can give. I can probably share some takeaways.
-
Identify gatekeepers for your industry niche. There could be resistance when offering a new product, a new idea or concept. Ask around, talk to people. Listen. Identify the blocking factors to sell your product or have it being accepted by the industry. We used to think that our product was the third world wonder. It would save a lot of money and improve the industry. But liability is more expensive than money. Narrow down companies and decision-making people. If it’s a corporate driven industry, consider partnerships. We took a naive approach and it made things harder.
-
Technical products are hard to sell. The more technical, the harder it gets. Adoption must have the less friction as possible. That could also affect how you charge for it and your whole business model. Bottom-up selling requires creating a big community and a lot of money. Top-down selling requires strong connections. Don’t underestimate the effort.
-
Don’t hide and restrict yourself. Always work first for the global market. Do not restrict yourself to the local industry. Develop a culture of early marketing. Learn to entertain and allow yourself to be entertained.
Looking back, it feels like I got caught in a flow state and it was like I held my breath for 4 straight years (or more). I learned how important it is to stay mindful and grounded. How important it is to take care of my mental and physical health no matter what’s going on around me.
Thanks for reading.