Practice Site · QA Lab
Banking Practice App.
Practise high-risk banking-style workflows in a safe training app. Test login, MFA simulation, account dashboards, balances, transfers, payees, transaction history, statements, notifications and session-timeout behaviour.
Intermediate to Advanced1–2 hoursDomain workflowAutomation friendlyManualAPISecurity basicsWorkflow
Scenarios
26
Seeded bugs
10
Best for
Risk-based testing · Domain QA · Security basics
Test data
✓ Included
Answer guide
✓ Included
On this page18 sections
// WHAT YOU'LL PRACTISE
- Login and account lockout testing
- MFA simulation testing
- Account dashboard validation
- Balance and transaction testing
- Internal transfer testing
- Saved payee testing
- Statement download validation
- Session timeout testing
- Authorization checks
- Notification testing
- Audit trail validation
// WHO THIS IS FOR
QA engineers practising regulated workflow testingManual testers learning high-risk business flowsAPI testers practising account and transaction endpointsAutomation testers building secure workflow testsInterview candidates preparing fintech / banking examples
// APP MODULES
LoginMFA simulationAccount dashboardAccount balanceTransaction historyTransfersSaved payeesStatementsProfile detailsSession timeoutNotificationsAudit events
// TEST DATA
Ready-to-use data for positive, negative and boundary scenarios.
Personas
Retail customerLocked userMFA-enabled user
Accounts
Your own accountAnother customer's account ID
Transfer amounts
Within balanceAbove balanceInvalid amount
Payees
Valid sort codeInvalid sort code
// PRACTICE MISSIONS
Small, focused tasks to warm up before the full lab.
60 mins
Create a banking risk test plan
Risk-based testing, transfer testing, auth testing
→ Test plan, risk matrix30 mins
Test the balance after a transfer
Financial data accuracy, negative testing
→ Bug report on balance mismatch25 mins
Test authorization between accounts
Authorization testing, ID tampering
→ Security bug report// TEST SCENARIOS
Authentication
- Log in with a valid banking user.
- Attempt login with an invalid password.
- Verify the account locks after repeated failed attempts.
- Verify the lockout message is clear.
- Complete MFA simulation successfully.
- Enter an invalid MFA code.
- Verify logout clears the session.
Accounts and transactions
- Verify the dashboard shows the correct accounts.
- Verify the account balance matches the transaction history.
- Filter transactions by date.
- Search a transaction description.
- Verify the transaction details page.
- Download a monthly statement.
Transfers and payees
- Add a new payee.
- Edit a saved payee nickname.
- Transfer between your own accounts.
- Transfer to a saved payee.
- Attempt a transfer above the available balance.
- Attempt a transfer with an invalid amount.
- Verify the confirmation page.
- Verify the transaction appears in history.
- Verify the balance updates correctly.
Security and session
- Verify a user cannot access another user's account ID.
- Verify the session expires after inactivity.
- Verify the back button does not reveal data after logout.
- Verify sensitive values are masked where appropriate.
// MATRICES
Risk-based test matrix
| Workflow | Key risk | Priority |
|---|---|---|
| Transfer | Money moves but the balance is wrong | Critical |
| Authorization | Open another customer's account by ID | Critical |
| Transfer limit | Over-balance transfer accepted server-side | High |
| Idempotency | Retry creates a duplicate transfer | High |
| Session | Account data still visible after logout | High |
| Statement | Closing balance doesn't reconcile with the UI | Medium |
// SEEDED BUGS
This app seeds 10 bugs. Try to find them first, then reveal the answer guide to check your findings — each row links to its Common Bugs category.
| Bug | Example | Skill | Common Bugs |
|---|---|---|---|
| Balance not updated | A transaction appears but the balance stays old | Financial data testing | Data bugs → |
| Unauthorized access | A user can open another account ID | Authorization testing | Permission bugs → |
| Transfer limit bypass | The UI blocks it but the API allows the transfer | Client / server validation | API bugs → |
| Duplicate transfer | Refresh submits the payment twice | Idempotency testing | Payment bugs → |
| Statement mismatch | The PDF balance differs from the UI | Document validation | Data bugs → |
| Session bug | The back button shows data after logout | Session testing | Authentication bugs → |
| Payee validation bug | An invalid sort code is accepted | Form validation | UI bugs → |
| Lockout bug | Failed attempts are not counted correctly | Auth testing | Authentication bugs → |
| Transaction filter bug | The date filter excludes same-day records | Date / time testing | Time & date bugs → |
| Notification bug | The transfer confirmation email is not generated | Notification testing | Notification bugs → |
Transfer is recorded but the balance is never decrementedSeverity: CriticalPriority: High
Steps to reproduce
- Open the Everyday Current account and note the balance
- Make a £100 transfer to a saved payee
- Return to the account and re-check the balance and history
Expected: The debit appears AND the balance drops by £100.
Actual: The debit appears but the balance is unchanged.
// REGRESSION CHECKLIST
The checks that would catch every seeded bug — reveal once you've done your own pass.
- Balance decrements after a transfer
- A transfer above the available balance is rejected server-side
- Retrying a transfer does not create a duplicate
- A user cannot open another customer's account by ID
- Logout clears all cached account data
- Statement closing balance reconciles with the UI
// MANUAL & AUTOMATION TASKS
Manual testing tasks
- Create test cases for login, MFA and lockout.
- Test the transfer happy path and negative flows.
- Validate balance updates after a transfer.
- Check account authorization boundaries.
- Test transaction filters and statement downloads.
- Report bugs with the high-risk impact clearly explained.
Automation tasks
- Automate login and logout.
- Automate a transfer between accounts.
- Automate the insufficient-funds scenario.
- Automate transaction-history validation.
- Automate an authorization check for another account ID.
- Automate the session-expiry scenario where practical.
// INTERVIEW MODE
Reflection questions to rehearse how you'd talk through testing this app.
How would you apply risk-based testing to a transfer flow?
Which banking workflows carry the highest risk, and why?
How do you test authorization boundaries between accounts?
How would you test for duplicate transfers on retry?
What would you check in an audit trail for a failed transfer?
// WHAT YOU'LL PRODUCE
Risk-based test planBug reportsWorkflow tests
// SUGGESTED TOOLS
// AUTOMATION STARTERS
Fork a ready-made framework to automate this app — each sample ships with setup, CI and reporting.
// DOWNLOADS
// PORTFOLIO WRITE-UP
Use this as a starting point for your CV, LinkedIn or portfolio — swap in the tools and findings that are actually yours.
I tested a banking-style practice app covering login, MFA simulation, account dashboard, transactions, transfers, payees, statements and session timeout. I focused on high-risk workflows, authorization boundaries, data accuracy and duplicate transaction prevention.
// NEXT RECOMMENDED APP
Domain workflow
Continue →Insurance Claims Practice App
Practise multi-step forms, claim creation, document upload, workflow status transitions, notifications and role-based testing in a workflow-heavy app.