Banking/Fintech Strategy
Why different
- Money — error = real financial loss.
- Regulatory — SBV, PCI-DSS, AML/KYC.
- Trust — single bug erode brand.
- Compliance audit — evidence trail required.
- 24/7 availability — downtime costly.
SBV regulations VN
- Information security inspection annual.
- Pentest mandatory.
- Incident report < 2h.
- Customer data localization.
- 2FA mandatory cho transaction.
- Transaction logging immutable.
Test priorities
- Money flow correctness — debit, credit, balance.
- Authentication — KYC, biometric, OTP.
- Security — pen test, encryption.
- Availability — 99.95%+.
- Audit trail — every action logged.
- Compliance reporting — automated.
Critical test scenarios
- Transfer success → both account balance update.
- Transfer fail → rollback both side.
- Concurrent transfer same account → race condition.
- High-value transaction → additional verification.
- Card fraud detection.
- AML scenario detection.
- Reconciliation: end-of-day balance match all transactions.
Performance
- Concurrent user spikes (paycheck day, Tet).
- Transaction latency p99 < 2s.
- Throughput target 1000+ TPS.
Disaster recovery
- DR drill quarterly.
- RTO < 1h, RPO < 5 min.
- Failover seamless.
Tools fintech-specific
- Vinpay / NAPAS gateway sandbox.
- Card simulator — test EMV chip.
- AML rule engine simulator.
VN players
- VPBank, MBBank, Techcombank (digital first).
- VietinBank, BIDV, Vietcombank (traditional).
- MoMo, ZaloPay, Viettel Pay (e-wallet).
- TIMA, Tinhvan (fintech lender).
QA org
- Senior QA / SDET majority.
- AppSec embedded.
- Compliance officer adjacent.
- Strong post-mortem culture.
Career path
Banking QA salary higher than e-com QA at same level (10-20%).