Third Party Application Presentation v1.1

CBT : Third Party External Application Requirements & Risk
Presented By: Grahame Rogan, Steve Wilinsky, Jamie Harrop (BES)
Trinity Road, Halifax
10th September 2010 - 3:30pm – 4:30pm
Version 1.1
Version Control
1.1 – Latest Version
1.0 – Presented to Banking & Savings Management, 27th August 2010
1
CBT : Third Party Applications
Contents
p.3: Introduction & History
p.4: The Investigation
p.5 – p.9: The Risk (Applications that can’t be stubbed)
p.10: Other Applications With No Risk (All Groups Say Can be Stubbed)
p.11 Issues & Concerns
2
Introduction & History
• Initial CBT IT Environment team edict was to provide a CBT Test Environment where
external 3rd Party applications were ‘stubbed out’.
• BES Team challenged this ‘edict’ and were given an action to investigate.
• BES Team ran challenge sessions in July/August 2010 with all Capability Teams (38
areas in total) as to whether the 3rd party applications were required or could be
stubbed out (i.e. use manufactured data)
• Status is presented in this paper.
3
The Investigation
3rd Party Applications

Requested 13 Applications Requested
See Slides 5 - 9
Can’t be Stubbed?
Can be Stubbed?
10 Applications Requested
See Slide 10
4
The Risk - Applications That Can’t be Stubbed
Third Party Application CBT Users Can be Stubbed?

Debit Cards NO
Adeptra Debit Fraud NO
Baseline/Non-Baseline? CR Raised & Business Process? CBT IT Build Status? CBT Test Cycle
Baseline No CR Needed AMBER 3
RATIONALE: Fraud: This is needed to test Fraud Debit card transactions
RISK: Baseline Build: Assumption – This application will be built, so no apparent risk
Call Credit (Lloyds) Credit Risk NO
Non-Baseline Raised 16.7.10 - ASM No Status N/A
“If neither a stubbed nor an actual connection are available in CBT, there would be no signoff of testing from Credit Risk Business.
CRA data is critical to credit decisioning and without adequately testing the strategies and scorecards using "live" bureau data we
RATIONALE: have no way of testing acquisition which would impact new to bank applications as well as lifecycle where we pull bureau.”
Real bureau data is required to ensure new strategies and rules have a correct spread of accept and decline decisions.
RISK: “LTSB may sell products to inappropriate customers.”
Call Credit (HBOS) Credit Risk Discussion in Progress
Non-Baseline Not Yet Raised No Status N/A
RATIONALE: CRA data is critical to credit decisioning and without adequately testing the strategies and scorecards using "live" bureau data we
have no way of testing acquisition which would impact new to bank applications as well as lifecycle where we pull bureau.”
5
The Risk
EQUIFAX (HBOS) Credit Risk Discussion in Progress

Collections & Recoveries YES
Credit Risk NO
Experian - Detect Fraud YES
Residual Sales YES
Baseline No CR Required AMBER 3
Credit Risk - “If neither a stubbed nor an actual connection are available in CBT, there would be no signoff of testing from Credit Risk
Business. CRA data is critical to credit decisioning and without adequately testing the strategies and scorecards using "live" bureau
RATIONALE: data we have no way of testing acquisition which would impact new to bank applications as well as lifecycle where we pull bureau.”
Real bureau data is required to ensure new strategies and rules have a correct spread of accept and decline decisions.
Credit Risk - “LTSB may sell products to inappropriate customers.”
RISK:
Baseline Build: Assumption – This application will be built, so no apparent risk

Experian (HBOS) Credit Risk Discussion in Progress
6
The Risk

First Data Card Banking Ops YES
Payments Collections & Recoveries NO
Non-Baseline Raised 02.08.10 - NFP.0505 No Status N/A
Collections & Recoveries - “Ultimately the DCP system is how C&R receive a lot of their payments. Without it C&R would not
RATIONALE: have much of a chance to reclaim funds owed to the bank!!”
Collections & Recoveries – “If the DCP system were to fail in Live, customers would be told they’ll have to call back at an
RISK: unspecified time to see if it might be working. (This obviously will affect overall customer satisfaction & advocacy which will affect
our collection and recovery rates).”
Gemalto (HBOS) Debit Cards NO
Non-Baseline Raised 02.08.10 - R.69.01, R.69.02 No Status N/A
“Visa Certification is a "regulatory" requirement, which requires 3rd party involvement (i.e. Visa & Gemalto) to verify E2E test results.
RATIONALE: Failure to complete this testing will have a massive impact on the bank, as described below.”
“Failure to certify with Visa will result in existing HBOS cards being refused by Visa systems. Failure to prove the end to end process
RISK: will result in the Customer Item not being released. This would mean orders for the newly designed HBOS card stock could not be
ordered, with no opportunity to have sufficient stock in place to satisfy card production volumes post migration”

Gemalto (Lloyds) Debit Cards NO
Non-Baseline Raised 02.08.10 - R.69.01, R.69.02 No Status N/A
“Visa Certification is a "regulatory" requirement, which requires 3rd party involvement (i.e. Visa & Gemalto) to verify E2E test results.
RATIONALE: Failure to complete this testing this will have a massive impact on the bank, as described below.”
“Failure to certify with Visa will result in existing HBOS cards being refused by Visa systems. Failure to prove the end to end process
RISK: will result in the Customer Item not being released. This would mean orders for the newly designed HBOS card stock could not be
ordered, with no opportunity to have sufficient stock in place to satisfy card production volumes post migration”
7
The Risk
Hunter 2 Fraud NO
Non-Baseline Raised 16.07.10 - UKRB.368 No Status N/A
RATIONALE: “Required to test new Acquisitions Fraud and the new live strategies”
RISK:

Credit Cards NO
VISA & RSA Debit Cards NO
Non-Baseline Raised 02.08.10 - VISA Certification No Status N/A
Debit Cards - “Visa Certification is a "regulatory" requirement, which requires 3rd party involvement (i.e. Visa) to verify E2E test
RATIONALE: results. Failure to complete this testing this will have a massive impact on the bank, as described below.”
Debit Cards - “Failure to certify with Visa will result in existing HBOS cards being refused by Visa systems. This would mean orders
RISK: for the newly designed HBOS card stock could not be ordered, with no opportunity to have sufficient stock in place to satisfy card
production volumes post migration”
8
The Risk
BASEL NO
Banking Ops NO
Credit Cards YES
Vision+ Digital Banking YES
Letters & Statements YES
Ops Recs YES
Payments YES
Baseline No CR Required AMBER 2
BASEL – “Data is required from the Management Information module but we don’t need to run Vision+ itself. We do need data sent
from Vision+ to GDW and to BADA as part of the month end process. We would also expect new business to be run on Vision+ as
a CBP but the impact of not having this is medium to low. Impact of no Vision+ data is High as it would have an adverse affect on
BADA and RWA calculations.”
RATIONALE:
Banking Ops – “I would suggest that VisionPlus and VROL are instrumental to CBT testing and the ‘functioning’ of Banking Ops
due to the nature of some of the Critical Business Processes that require them, such as ‘Credit Card dispute
investigation/processing’, ‘Processing Chargeback’s’ and ‘Credit Card cancellations – (i.e. for deceased customers)’. For CBT, the
focus will be on ensuring that these processes hang together with migrated HBOS data (and regression around LTSB data)”
BASEL – “Without data from Vision Plus, the validity of tests for BADA and RWA is compromised / incomplete. The process and
results would cease to be representative of the production scenario, which is contra to the fundamental objective of CBT.”
RISK:
Baseline Build: Assumption – This application will be built, so no apparent risk

Banking Ops NO
VROL (VISA Online) Fraud NO
Non-Baseline Raised 25.06.10 - UKRB.382 No Status N/A
Banking Ops – “I would suggest that VisionPlus and VROL are instrumental to CBT testing and the ‘functioning’ of Banking Ops due
to the nature of some of the Critical Business Processes that require them, such as ‘Credit Card dispute investigation/processing’,
RATIONALE: ‘Processing Chargeback’s’ and ‘Credit Card cancellations – (i.e. for deceased customers)’. For CBT, the focus will be on ensuring that
these processes hang together with migrated HBOS data (and regression around LTSB data)”
RISK:
9
Other Apps That All Groups Say Can be Stubbed
Can be Baseline/Non- CR Raised & Business CBT IT Build CBT Test

Third Party Application CBT Users
Stubbed? Baseline? Process? Status? Cycle
B.I.Star Banking Ops YES Non-Baseline Not Yet Raised No Status N/A
Electronic Fund Transfer Banking Ops YES Non-Baseline Not Yet Raised No Status N/A
Experian – Bureau Credit

Collections & Recoveries YES Baseline No CR Required AMBER 2
Call

Experian – CIFAS Baseline No CR Required AMBER 2
Fraud YES
LRA - Identrust Banking Ops YES Non-Baseline Not Yet Raised No Status N/A
Mastercom – Mastercard
Banking Ops YES Non-Baseline Not Yet Raised No Status N/A
Online
Banking Ops YES

ToDDaSo Baseline No CR Required AMBER 2
Payments YES
Banking Ops YES

URBIS Baseline No CR Required AMBER 2
Payments YES
VISA EAS Debit Cards YES Non-Baseline Not Yet Raised No Status N/A
Worldcheck Payments YES Non-Baseline Not Yet Raised No Status N/A
10
Assumptions & Issues
Assumptions
• All Third Party Applications discussed within this presentation are external. i.e. Data leaves the LBG network
• Any Third Party Application within the CBT IT Baseline List will be built and not stubbed, unless the business
have confirmed a stub is acceptable.
Issues
• The processes have not been finalised for CBT so additional Third Party Applications may be identified.
11

Third Party Application Presentation v1.1

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Third Party Application Presentation v1.1

Uploaded by

Copyright:

Available Formats

CBT : Third Party External Application Requirements & Risk

Presented By: Grahame Rogan, Steve Wilinsky, Jamie Harrop (BES)

Trinity Road, Halifax

10th September 2010 - 3:30pm – 4:30pm

p.3: Introduction & History

p.4: The Investigation

p.5 – p.9: The Risk (Applications that can’t be stubbed)

p.11 Issues & Concerns

• Status is presented in this paper.

3rd Party Applications

Third Party Application CBT Users Can be Stubbed?

RATIONALE: Fraud: This is needed to test Fraud Debit card transactions

Third Party Application CBT Users Can be Stubbed?

Call Credit (Lloyds) Credit Risk NO

RISK: “LTSB may sell products to inappropriate customers.”

Third Party Application CBT Users Can be Stubbed?

Call Credit (HBOS) Credit Risk Discussion in Progress

RISK: “LTSB may sell products to inappropriate customers.”

Third Party Application CBT Users Can be Stubbed?

EQUIFAX (HBOS) Credit Risk Discussion in Progress

RISK: “LTSB may sell products to inappropriate customers.”

Third Party Application CBT Users Can be Stubbed?

Third Party Application CBT Users Can be Stubbed?

RISK: “LTSB may sell products to inappropriate customers.”

Third Party Application CBT Users Can be Stubbed?

Third Party Application CBT Users Can be Stubbed?

Gemalto (HBOS) Debit Cards NO

Third Party Application CBT Users Can be Stubbed?

Third Party Application CBT Users Can be Stubbed?

Third Party Application CBT Users Can be Stubbed?

Third Party Application CBT Users Can be Stubbed?

Can be Baseline/Non- CR Raised & Business CBT IT Build CBT Test

Experian – Bureau Credit

Collections & Recoveries YES

Banking Ops YES

Banking Ops YES

Worldcheck Payments YES Non-Baseline Not Yet Raised No Status N/A

You might also like