New Payments Platform Australia (NPPA) has a set of mandatory requirements for all organisations participating as a New Payments Platform (NPP) service provider, whether involved in clearing, settlement, or an overlay service. Industry testing and certification is one of such mandatory requirement, put in place as a benchmark to ensure that prospective NPP service providers have a resilient and secure solution which can operate 24/7 and handle NPP traffic in real-time without impacting anyone else already on the network.
Additionally, if the prospective NPP service provider is looking to offer any of the existing overlay services, such as the three initial convenient services offered by BPAY called Osko, they will have to go through an additional set of certification requirements for overlay service providers. These certification requirements are to ensure participants meet the SLA requirements, the user interface meets the prescribed standards from a branding perspective, and more.
Below is what needs to be proven for each set of certifications:
NPPA industry certification:
- Systems are resilient and can recover from various failure situations without impacting other participants.
- Functionally stable.
- Can handle volume and respond with the stipulated response times.
- Systems can handle failure notifications from other participants.
- Systems can control traffic sent to BI or any particular participant if needed.
- Systems are capable of processing payments within the prescribed SLAs.
- User interfaces adhere to the prescribed standards and branding requirements.
Note: The above list is only indicative and does not cover all the certification requirements. For an exact set of test scenarios that participants need to successfully prove, please reach out to NPPA and the overlay service provider.
Industry test scenarios are to be executed within a participant’s environment by utilising PAG Emulator (provided by Swift) or by virtualising services prior to attempting to execute with another participant. This is to ensure that systems plugged into BI are functionally stable and capable of performing basic checks and validations, and do not cause any harm to other participant’s environment.
Once the systems are proven within the participant’s environment, further testing can be done by engaging relevant participants to exchange payments with each other in a controlled fashion.
Recommendations for successful certification
- Continuous focus on industry testing. When designing and developing an NPP solution, all SLAs, volumes and resiliency requirements need to be taken care off as a priority. Throughout the development phase, constant validation and checks needs to be performed to ensure industry test requirements are met.
- Service virtualizsation. NPP adopts the ISO 20022 messaging standard, which means these messages can be virtualized even before the solution is built. The rules around how to respond when a particular request is received are defined clearly in the industry documentation, hence the entire request – response combination/flow can be setup in any standard service virtualization tool. We recommend early engagement with the service virtualization team to develop these mock responses, even before the actual solution is built, so that a constant validation of solution is possible without having to connect to the basic infrastructure (NPP).
- Core test team. Setup a core test team that fully understands the ISO 20022 messaging standards and NPP business processes. The most important thing is to ensure this team is inducted into the program right at the beginning, which allows them to plan the service virtualization and other testing needs in advance.
If you are considering implementing NPP or other payment platforms, Planit can help ensure that it is both stable and secure. Visit out Testing Services page to find out how we can assist with performance, automation, and security testing, and much more.