Overview

  • Quality assurance: Testing ensures that the your product works as expected, and any bugs or issues are identified and resolved before release. Certification provides an independent validation of the quality and functionality of the product, giving users confidence in the product’s performance.
  • Security: Your products deal with sensitive user data, and security vulnerabilities could result in significant harm to users. Testing and certification help identify and address any security weaknesses in the product, ensuring that it is secure and compliant with relevant regulations and standards.
  • Customer satisfaction: Your customers expect a high level of service and reliability. Testing and certification help ensure that the product meets customer expectations, reducing the risk of churn and enhancing customer loyalty.

Access

Please provide your I&O Specialist with access to the FinTech application 3-weeks prior to your desired launch date. 

Testing

Synctera CertificationYour I&O Specialist will review the FinTech application with the below conditions in mind. We hope to review the results with you to ensure the full end-to-end flow for your end-customers is amazing!
You can download our Test Pack here for test-cases: FinTech Test Pack v1.xlsx

Application Security 

We will be testing the following functionality:
  • Strong password requirements
  • Alpha, numerical, case sensitive, & special characters
  • At least 8-characters
  • Password should not contain
  • Customer’s name or SSNs
  • Common word
  • Phrases on common password lists
  • Sequential/Repeating letters & numbers
  • App should timeout in < 30 minutes
  • 2FA available for customers

Personal Identifiable Information (PII)

  • Customer should not be able to change DOB or SSN.
  • Customer should be able to change address, but should be additional 2FA or requires providing evidence of the change (e.g. utility bill).

Compliance 

Disclosures

  • Customer is shown disclosures prior to account opening
  • Customer cannot open accounts without agreeing to disclosures

KYC

  • Customer sees KYC disclosure prior to collection of PII

Account Linking

Plaid

Testing
  • Oauth flow - test to see if major banks and credit unions can be linked via instant match authentication.
  • Microdeposit flow - test to see if the manual, microdeposit flow works. This may take up to 3 days to test depending on when the microdeposit arrives at the institution.

Finicity

Coming soon.

Payments 

ACH

Disclosure and Authorization
  • ACH Authorization Agreement is in place as a disclosure either in the initial disclosure list or in the ACH page
  • ACH verification is happening via Plaid or Finicity
Testing
  • Incoming ACH (x3)
  • Outgoing ACH debit(x3)
  • Outgoing ACH credit(x3)
  • ACH return (x1)

Debit Cards

Disclosure 
  • Cardholder agreement is in place as a disclosure either in the initial disclosure list or when the card is issued.
Testing
  • Virtual card e-purchase (x2)
  • Physical card purchase(x2)
  • Add card to digital wallet (if applicable)
  • Apple wallet (x1)
  • Google wallet(x1)
  • ATM withdrawal (if applicable)

MRDC

Coming soon.

Validation

Synctera’s Ground Control team will be scheduling a meeting to review the any compliance related items 2-weeks post-launch. We will be going over the results of KYC and/or KYB cases, fraud and AML issues, and dispute management.