Don't use cards belonging to your colleagues or family when you test. Here's why.
Lately, I’ve been speaking to a number of leaders in Product launching alternative payment methods [APMs] in their application and asking colleagues and family to test it. This tends to be a bad idea, or a result of a messy go-live workflow. So I’ve been asking people in the space whether they’ve faced any issues with the approach.
And sure enough, they reported plenty of ways it had gone wrong:
- One product manager I spoke to (at a major high street bank) had been banned by the employer from asking colleagues to help with testing, citing that it asked team members to work outside their scope as employee.
- A second told me that his daughter had her card blocked after she helped to undertake various penny testing at his request. (Why ask his daughter? Because his own card had already gotten blocked.)
- Nearly all the product managers I spoke to expressed discomfort about it and found it awkward and operationally challenging. If nothing else, it seems like a bad idea.
If you are doing this, don't worry – plenty of others have done it before. But it seemed appropriate to outline what the issues are, to help identify the risks.
Recap: why are people testing like this in the first place?
First, alternative payment methods (APMs).
You can’t have missed the growth in APMs over the last few years. From the consumer side, people are more comfortable than ever with using digital products to move and manage money. 50% of global online payments are made using digital wallets, and Buy-Now Pay-Later (BNPL) have found similar success.
On the supplier side, continued investment in FinTech is generating a lot of APM activity, including plenty of APM integrations into established products. This means APM launches are as common as they’ve ever been.
But as these APMs are being integrated, it creates a high test burden for a Product Manager:
- The APM has to be tested across a wide cross-section of matching payment instruments and accounts
- Testing is essential (for compliance and other reasons); this could delay rollout
- Visibility is very poor because of multi-system integrations, including on questions of how fees are applied
- The team cannot automate the testing (for various technical reasons associated with anti-fraud technology)
- The PM team (or responsible team) is unlikely to have the necessary payment instruments themselves
(I know – I am a salesperson writing a post with a clear implied answer. Book a meeting here if the challenge describes you.)
This is the context that friend-and-family card testing comes into. So often, they take to Slack or email, and they begin to ask around the company to find someone with the right payment instrument to test something quickly for them.
The problems with friends and family card testing
So why is it such a bad idea? I gave examples in the intro, but the areas that different product managers I’ve spoken to have expressed concern in follow three main areas: legal, hygiene, and efficiency concerns.
Let’s take them one by one.
Is this a legal issue?
We can’t give legal advice and this is not written by a lawyer. (You probably have somebody in-house well placed to advise on this – use them). But here are the general concern areas I’ve heard when speaking to product managers:
- Laws related to data. GDPR and other legal data protection frameworks make this kind of test extremely difficult. We can give an example: when you get payment test media from GAT, we blur the sensitive media including credit card details from pictures of the user journey which customers sometimes request. If you don’t have established workflows, you’re very likely to ingest sensitive data by accident.
- Laws related to employment. As orgs increase in headcount, the risk of being sued by one of your own (ex) employees becomes higher. If you employ a person to deliver marketing materials, if they’re asked by a colleague in product to use their personal card for a test on an APM rollout, could that be used against the business? What if their card was blocked after? What if their personal data was exposed? What if that data was personally sensitive, like their salary or social security number?
- Niche industry laws. Without going into specifics, it’s worth noting that this is a heavily regulated industry, meaning that there are many traps and specificities you’ll need to comply with beyond the two obvious categories I mentioned. Finding your way through the maze can take a long time, and it’s worth getting a paid tester rather than relying on a colleague doing a favour as you specify and think through the tests.
Issues around hygiene
But let’s waive the above. I’m going to deploy the term "hygienic” here, by which I mean ensuring a clean, organized, reliable process that does not take on unnecessary risk unrelated to compliance. Here are some ways in which product managers I speak to worry about hygiene:
- You can sometimes trigger fraud or other systems with this. Using the same card repeatedly is very suspicious, and the chance of the suspicious flag being raised by an automated system you can’t account for is high.
- It feels unprofessional. You’re asking a colleague as a favour to use their personal card details, which are probably tied back to their primary assets like their home. It may have no impact on that, but the blurring of personal and professional details may not sit well with them at all, and feels unprofessional.
Even without those issues, is this the fastest way to do the job?
But even if you were prepared to waive the legal and hygiene concerns, it’s still not the best way to test APMs:
- You’ll get a narrow and biased set of results. Perhaps the strongest argument I’ve encountered is that even where Product Managers disregard the above and reach out internally to test a payment flow, they’re still generally unlikely to achieve the exact targeting they’re after. If you need someone to fulfill multiple distinct criteria, it takes a lot of people to find someone with the right mix of payment instruments. That’s why the “crowd” model is so powerful. You also have people who are specialised in payment testing building up a larger than normal number of payment instruments and combinations.
- Productivity losses elsewhere. People in marketing are good at marketing, people in sales are good at sales. They are not software testers, and in addition to doing the testing slowly, they’re going to be pulled away from the work they’re specialised in and doing for your business. It’s no wonder senior management doesn’t like it!
So there it is, lots of reasons that it's a bad idea to use friends and family cards when you're testing an APM rollout or something else. If that's you, let's talk – we can identify how we can get professionals delivering the testing instead.
Get in touch with me!
Curious about this article? Let's book a chat and talk about the issues directly.
How to write a test strategy document for your testing