Why I check my bank details VERY carefully! Updated 9th Feb

I think being a tester can be an occupational hazard. I spot problems without trying to – I don’t mean to come across as big-headed, it’s simply a statement of fact. I once read a printed book and found the only typo in it, and I wasn’t looking for it – it just leapt out at me!

Anyway, on Friday I happened to be doing some online banking – checking my account balances and noticed something odd. I selected one account, saw the balance, and underneath a Transactions header and the most recent transactions, and all looked ok. I then selected the other account via a drop down link at the top of the page and the balance refreshed correctly, but the transactions didnt. It looked odd and I did a double take, but there it was – the wrong transaction details against my account. So, being a tester, what did I do? I refreshed, tried another browser, and the issue still happened. It didnt matter which account I picked first, as the error was that the second account didn’t have the transactions updated.

There was only one thing for it and that was to phone the bank up and tell them (I will not name them, as I do not believe it is fair to do so here). To their credit, the lady I spoke to went over it a few times and reproduced the issue herself, giving me a reference number, asking me to access my accounts using a different link (which worked, but was a less obvious route to use to get there) and also asking me if there was anything else I had found :o). (There was actually, a minor text wrapping issue relating to a date, but we can leave that to one side).

I was pleased that it had been taken seriously, although this defect should never have been in production in the first place, and I hope that the bank in question check their regression tests thoroughly (I am available to advise in my spare time for a fee!!!).

You may be wondering why I was so bothered, as it doesn’t sound like a major issue, but there have been occasions (too many to be fair) where customers have seen details of other customers account or personal details. I did only see my account transactions, but I do not know enough about the defect to know whether it only relates to my own accounts or whether there is a wider problem which I had not encountered. For me, the fact that it is possible for there to be a security problem is enough to make me wary. It is worthwhile reading Troy Hunt’s blog http://www.troyhunt.com as he has a lot of good common sense advice on security matters. I firmly believe that we all have a duty to protect ourselves as much as we can, and that includes checking our bank details and letting them know if there is a problem. And that extends really to any organisation that contains personal information.

So, the message from this unexpected blog post is – check your online accounts carefully!!

****** Updated 9th Feb 2016 ******

So, a month has passed since I first flagged this issue with the bank – one of the big 4 UK ones I may add – and this hasn’t been fixed.

It may be that this is not a major security problem, and the only other account details displayed are my own, but I don;t actually know this, as the bank haven’t bothered to contact me to give me any updates on this.

Good customer service would be (in my opinion) to have contacted me to tell me what priority the issue actually was, seeing as I took the time to raise this with them.

And there lies the problem. I listened to a webinar this morning about the World Quality Report, and to my surprise, more people are viewing usability above security as an area that they need to focus on in 2016. I am almost speechless! If a site is insecure in ANY way, that is a major usability issue, as I certainly won’t want to use it and neither will anyone else as we will not trust the site with our details. It isn’t rocket science for goodness sake.

Message to businesses – if you find, or are told about a security issue, fix the thing – quickly. Give it a high priority, and have the courtesy to respond to whoever told you.

I think I might try using Twitter to see if a posting there will get a response – watch this space!!


Taking control and adding value.

Happy new year!

This is my first post of 2016, and as the new year is a good time to reflect on career aspirations, and deciding what should be different this year, that is the theme!

I don’t know why we wait until a specific time in the calendar to do things like re-assessing ourselves, and coming up with resolutions, but that’s what we do, so I will use this opportunity.

So, as you read this, you’ve been back at work for a few days after the break, and you feel one of three things: 1) you love your job (great!) and are feeling very happy, 2) you like your job but are not feeling very satisfied, 3) you don’t like your job and are thinking of moving on. Well, however you feel about your job, I believe it’s a great time to reflect on your career, where you are at the moment, what you want to achieve this year, define your goals and think about the conversations you want to be having in December 2016 as you look back over the year at what you have achieved.

Goals may be technical, i.e. wanting to learn a language to do more coding, learning security testing etc or role based i.e. moving up to the next role, or across to a new discipline (moving to a BA Developer role), but it doesn’t really matter what they are – just having goals is a step forward. Taking control of your career is vital – no-one else will do it for you!

But don’t forget that your goals need to align with your organisations goals. The most important thing it to be adding value. It is important from a company perspective of course, but as human beings, we all need to feel as though what we spend 7 or 8 hours doing every day has some value. So, you may be a tester, doing a great job, and suddenly you decide to learn PHP. Ok, it sounds good, but if no-one in the team is using it, and there are no plans to move ahead with it, the time you spend will not add value to the team. Of course, if your goal is to be a teacher, and you are a tester, you are in the wrong job anyway, but that’s an extreme example.

As testers (and I know I have said this before – see my article in November’s Tester Magazine http://issuu.com/31media/docs/test_magazine_november-2015-web) we should be adding value to our teams. Think about the makeup of your team, and see where the gaps are. Does everyone on the team consider the end user, or are they focussed on the technical story. Is the focus more on coding the automated tests rather than on defining a good set of scenarios? Are non-functional tests overlooked? If so, it may be due to a skills gap – a gap that YOU could plug.

So, as we start the year, think about your goals, where you can make yourself a better and more valuable member of your team, and what direction you want to go in. I know that’s what I’m going to be doing!