System simulating to perfection
T he underlying workings of electronic payment systems involve automated messages, codes and communications. It is this web of data that Paragon Application Systems Inc. is focused on. The North Carolina-based company conducts maintenance, interfacing and troubleshooting of payment networks and ATMs around the world, using its expertise in financial messaging and the deployment of different network simulations.
"We're not a production system, we're a testing system," said Martha Engemen, Marketing Manager at Paragon. "We can simulate anything that happens in the production payment system."
In a number of ways, the company is involved in securing the integrity of the payment processing chain. Its services include identifying and pinpointing problems with communication, coding and other system errors; upgrading systems to comply with new mandates and other compatibility issues; system migrations; and conducting stress tests to gauge a system's capacity for supporting high transaction levels.
Paragon provides these services primarily through a suite of software products, sold both directly to financial services clients and through resale channels. The company also provides in-person and phone-based technical support as a complement to its software offerings.
"At the highest level, we help our customers manage change," said Jim Perry, Chief Marketing Officer at Paragon. "The payments industry is always evolving and changing, and customers have to maintain their systems to make sure they're compliant and efficient, and that they run 24 hours a day. So our software helps their quality control people make sure systems are reliable and meet the demands put on them every day.
"Our primary audience is developers, quality assessors and pre-certification people. It's all the work that happens before production. Once they're certified and verified and everything is ready for production, we're out of the scene at that point. But we're back on the scene for developers working on the next project for a later date or certification."
Most of Paragon's system tests involve the use of simulations, where the company essentially provides a stand-in for some real-world entity or device that allows the client to conduct troubleshooting and calibration tests in a testing vacuum outside of the client's real-world network, Perry said.
A common example relates to the periodic updates made to financial messaging by the card brands to ensure that networks stay up to date on the changing conditions of payment acceptance and settlement. The updates usually apply to all payment entities which connect to the card brand networks, and typically require changes to the way financial messages are processed, sent and received, according to Perry.
He explained that a company that installs an upgrade has to be sure of two things: that the upgrade works on the company's system, and that the upgrade doesn't compromise any existing functions. Businesses that partner with Paragon, or integrate its software into their systems, can make those determinations through a series of simulations conducted outside of real-world networks, Perry added. Such simulated environments allow the user to conduct testing without the constraints and variables inherent in live networks.
"The card associations change their message [machine-generated communications on the network] to support these updates and say, 'We want you to update your product to support that as well,'" Perry said. "So, first we make that change to our customer's [software]. Then we act like Visa or MasterCard for them, and now they can bounce transactions off of us to make sure the internal systems are running properly in a real-time environment."
According to Perry, the benefits of simulated testing over testing on a regular network can include substantial savings in time and money - largely because testing on a network necessitates time and costs around appointment scheduling and other logistical matters.
"It really depends," he said. "For a big merchant acquirer, there's a pretty attractive return on investment."
Paragon's clients include banks, merchant acquirers, credit unions, processors, card brands and merchant aggregators servicing e-commerce merchants, Perry said.
For example, aggregators that contract with a range of different merchants have the unique and unenviable task of ensuring that each merchant's system is compatible with the network to which they're connected; compatibility is necessary so that batches of aggregated data from various merchants can be sent off for processing over one network, Perry explained.
For aggregators, the work of ensuring that all of their different merchants are properly set up for network participation can be a painstaking chore requiring numerous phone calls, according to Engeman.
"Generally it's a trial-and-error process over a couple of months to make sure that everything is just right between your two [connecting systems]," she said. "You need to make sure of everything. You need to make sure the different messages are properly communicated, that the connection works properly, that the transaction data is not being exposed."
Paragon's software program allows merchants to certify their systems for use on the network through an automated computer process that cuts out the acquiring entity - meaning the merchant acquirer does not have to be involved in the testing process, and thus minimizes phone time with the merchant, Perry said. He added that the product also allows 100 merchants on a given network to test their systems at one time, whereas the typical process allows only 20.
"If you're managing 5,000 merchants down stream, it's pretty difficult to manage certification," Perry said. "Merchants are looking for a way to automate this without anyone else on the end of the line, and we provide that. When they see they've successfully run all the transaction data, all the acquirer has to do is get on the phone and approve a final certification. Everything else is already taken care of."
ATM and EMV-card tester
Another primary area of focus for Paragon is the ATM industry, where much of an ATM provider's work centers on the same kind of simulation testing Paragon conducts for back-end payment networks. Paragon offers an ATM simulator for banks and ATM sellers that allows for the testing of one feature or another without risking damage to a real machine.
"For example, you might have a printer jam [inside the ATM], and you don't want to simulate that with a real printer," Engeman said.
Perry said one of the biggest growth niche markets for Paragon is simulation testing for equipment based on the Europay/MasterCard/Visa (EMV) security standard. Testing on EMV-compliant machines brings a new level of complication to network encoding and programming, he added.
In addition to serving businesses in foreign countries that have adopted the EMV standard, Perry said Paragon has begun to provide EMV testing in the United States - for example, U.S. merchants near the northern border who want EMV-acceptance capacity for Canadian visitors or Americans traveling abroad who are increasingly requesting EMV-enabled cards for use during trips.
Paragon has helped businesses and banks conduct EMV card simulations. One example is a simulated EMV card it developed for testing an ATM mechanism that deactivates cards that have been reported stolen, Perry said. The action renders stolen EMV cards permanently useless, he explained. He called the solution a more cost-effective way to test the stolen card-blocker, as it doesn't waste actual EMV cards, which are expensive to produce.
Furthermore, the simulated EMV card gives users a unique chance to see the card's coding functions at work. "The EMV cards have got all these cryptograms and things in there and you can't see them on a traditional card - part of security," Engemen said. "We've created virtual cards that allow you to see into the card. So if you test it and it fails, you have to know why it failed."
"When you have a card and put it into an ATM, there are a lot of things happening," Perry added. "It's like a black box - you have no visibility to what might be causing a problem somewhere in your system.
"Our software lets you see the interaction between card and terminal generating certain keys and values."
Perry characterized Paragon personnel as "financial message experts," with expertise at the host, processor and device levels. The Paragon team also brings extensive experience with electronic funds transfer systems.
"We know as much about financial transaction processing as anybody, and typically more," he said.
"We get down to the bits and bytes of messages, and we know exactly how they work. ... We can simulate over 90 financial message formats - like when you swipe your credit card, there is a financial message that's sent out to the machine ... Numbers, letters. Different parts mean different things. We generate an appropriate response and send it back. If the request has an error, we'll tell them what it was. We'll also send the request to them."
"There's a wealth of experience here," Engemen added. "It's a private company that has grown internally, and we bring in people with a lot of experience in a lot of areas of message processing. And people tend to stay here."
The company's clients include seven of the top 10 international banks, three of the top four international card networks, three of the top five credit unions and most of the biggest international processors and acquirers, according to Perry. Overall the company has 525 clients spread out over 86 countries.
"Not bad for a 35-person company outside of Raleigh, North Carolina," Perry said.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.