Thursday, May 12, 2016

Service Applications in SharePoint 2013

Abstract
This paper explores SharePoint 2013 Service applications in depth along with accounts recommended to configure them to reduce chances of security vulnerabilities. The target audiences for this paper are SharePoint administrators and auditors unlike the previous paper in this series which covered overall Security Framework in SharePoint 2013. To secure the SharePoint environment, administrator must be aware of infrastructure; system & software configurations and define robust patch deployment strategies. This paper will explore here some of the most important configuration aspects at farm level to avoid security breaches.
Keywords: SharePoint Server 2013, Security, Service Applications, Service Accounts, Monitoring, Health Analyzer, SharePoint Administration



Service Applications in SharePoint 2013
Hemant Kumar
This paper gives an overview of all the available service applications in SharePoint 2013 which a SharePoint administrator and auditor must be aware of and covers most important things to be followed to keep environment secure in this context. This paper may be considered in continuation of “Security in SharePoint 2013” by Kumar (2016), where he addressed general audiences who are the stakeholders at any level in hierarchy in an organization, consuming SharePoint 2013. In contradiction to previous one, this paper is helpful only for limited audiences who have knowledge in SharePoint and Windows Server administration. Under SharePoint 2013, service applications are shared amongst all the front end web applications and more often ignored for security issues and practices to be followed, since they are not visible to day-to-day users and owners in the front end web application. Only when something goes wrong, these areas are revisited, but after potential business loss. To avoid disastrous situations and to keep system secure, the author explores mostly ignored topics in SharePoint farm administration here. It is most important to mention here that, with the topics mentioned here in this paper only, achieving certain level of compliance certifications may not be possible. This study may be helpful to avoid only few of vulnerabilities in the system at first place. This covers only a small part of the whole picture; things like network defense/attacks, firewall, possible ways to attack the system etc. are not covered here.



SharePoint 2013: Service Applications
Before author explores biggest mistake administrator does while farm configuration, which leads to major security breaches, names and purpose of each Service application must be understood.
SharePoint Server 20013 allows unique functionalities, for example search to be packaged as a readymade service, which may be deployed on same server or different server in the farm. This also means sharing the same service deployed amongst multiple front end SharePoint web applications is possible, and in some cases even outside the SharePoint farm. But configuring these services in the right manner is mandatory to avoid security breaches and healthy life span of main SharePoint web application whose features are dependent on the services consumed. Here author covers the most important and mostly used SharePoint Services.
Secure Store Service
As mentioned by Kumar (2016), this service may be considered in most layman term as an impersonation layer. Suppose there is particular module which may be executed by a specific user, but sharing credentials of this user amongst the group or to any other user is not possible for security reasons. A target application may be defined in Secure Store Service, to serve such sceneries in SharePoint. Audit logging of actions performed using Secure Store Service is disabled by default, enabling it may help track unauthorized information flow.
Good thing about Secure Store Service is that, it stores credentials of target user encrypted in a separate database, which may be even made more secured by deploying on separate server. Also, credentials fields supported are generic, user name, password, personal identification number, key, windows username, windows password, certificate and certificate password. Bad thing is, if Secure Store Service is hacked, and there are multiple sources of secured information configured to be accessed through this framework, the whole SharePoint farm is most unsecured place to think of.
Search Service
As mentioned by Kumar (2016), this service may be used to even crawl the external content along with SharePoint website sin the SharePoint Farm. This module is responsible for crawling information source, prepare and maintain indexes based on crawled information, search queries analytics and usage, search administration.
Administrator need to make sure, all the content in the target application being crawled is accessible to account with which crawling is being done, but it does not mean giving full permission on the target. Read permissions are sufficient. Sometimes, search services are configured to exist on front end server, where content source web application resides and Windows server prohibits accessing website on the same server by crawlers. Most prevalent solution is to “DisableLoopbackCheck” on front end server level. But as per Kumar (2011), this is not the secure way of implementing search in SharePoint. Another security concern with SharePoint Search Service crawler is that, it relies on custom headers to identify that target web application is SharePoint based. If administrator removes these headers as explained by Kumar (2013), search crawlers are not able to crawl fine grained objects like list item in SharePoint target, and if he doesn’t removes these headers, hackers can easily identify that target is SharePoint based.
User Profile Service
User profile service is used to keep data related to people in an organization. This may have been coming from Active Directory (AD) in parts or some other custom sources. SharePoint features like setting up audiences, my site for end users and social features are directly dependent on this service.
User profile database, synchronization database and social tagging database are created when this service is configured. A healthy and fully functional User Profile Service is dependent on Managed Metadata Service, Search Service and Business Connectivity Service to deliver full range of social features in SharePoint 2013.
Managed Metadata Service
This SharePoint service is responsible for sharing managed keywords and term sets across the multiple site collections across the boundaries. One of the most important use of defining taxonomies and term sets at single place is better and more organized search results. This makes information more meaningful to the end user.
Business Data Connectivity Service
As mentioned by Kumar (2016), content types are the ways to define information in consistent way across the SharePoint site collection. This service is used to define external Content Types to consume data from external line of business. The way this service is configured, is highly dependent on what type of existing or future external to SharePoint solutions and organization consumes and what will be the business flow.
Word Automation Services
This service is responsible for server side conversions of Word documents. This service is able to cater both synchronous and asynchronous operations on documents in SharePoint 2013. For asynchronous operations, this service is dependent on SharePoint Timer Jobs.
User Profile Synchronization Service
This service supplements User Profile Service described above, to facilitate user information import from other systems. These systems may be Active Directory Domain Service, SAP, SQL Server or else.
Machine Translation Service
This service is used to automatically translate content in SharePoint with help of Microsoft Online Translator Tool. This is the most helpful feature in multilingual scenarios in SharePoint 2013.
Work Management Service
This service is responsible for task aggregation at central location. My site and new feed experience are the examples. Be it Exchange, Project Server or to-do and tasks in SharePoint, with help of Search Service and User Profile Service, and user may get everything at one place.
Visio Graphics Service
Visio diagrams may be rendered in SharePoint 2013, with help of this service. This service is dependent on State Service for its normal operation.
State Service
This service is responsible for storing temporary data across related requests over http. Many services and functionalities like Visio Graphics Services, SharePoint Health Reports and many more won’t work without this being configured.
Microsoft SharePoint Foundation Sandboxed Code Service
Traditional custom solutions and webParts used to run under w3wp process earlier, with help of these new service; administrators may actually limit the resources per application basis and they run under a different process altogether to give better security and isolation. The new model available is based on this service.
Access Database Service 2010 and Access Services
In SharePoint 2013, under new app model, for each Access app created a new SQL DB is generated by Access Services. This is a very fast and user friendly way for user to create and publish relational database and content in a web user friendly way. Access Services are responsible for creating and customizing Access apps. Access Database Service 2010 is provided for backward compatibility.
App Management & Microsoft SharePoint Foundation Subscription Settings Service
Providing this feature and service in SharePoint 2013 is a step towards Google Play store and Apple Play Store like mythology from Microsoft in SharePoint, where publishing and buying apps online is facilitated. App Management Service works in conjunction with Microsoft SharePoint Foundation Subscription Settings Service is the backend engine to support this feature
Central Administration Service
Stopping this service on all servers in farm sufficient to screw up a SharePoint 2013 whole farm, an administrator without knowledge in PowerShell may be stuck without this service running.
Claims to Windows Token Service
As the name suggests it’s a part of Windows Identity Foundation on the server. This service is responsible for impersonations required for accessing backend resources by SharePoint and other products.
Distributed Cache Service
This service is required by many services to operate or give better performance for others, few examples of features depending on this services are OneNote, security trimming, news feeds, social features, page load performance and so on.
Document Conversions Launcher and Document Conversions Load Balancer Service
Document Conversions Launcher Service schedules and initiates the document conversions. When SharePoint Foundation passes a document conversion request to the document conversion launcher service, the service must call the appropriate document converter. The load balancing of incoming requests is taken care of by Document Conversions Load Balancer Service.
Excel Calculation Service
Excel calculation Service in SharePoint 2013 may be taken as more of business intelligence tool to share and render workbooks as a web page content directly.
Lotus Notes Connector Service
Since for Lotus notes the platform of development and terminology is different, to support big name sin market, Microsoft altogether built a connector in SharePoint 2013 for functionalities like crawl the content inside Lotus notes.
Microsoft SharePoint Foundation Incoming E-Mail Service
Suppose end user wants to use SharePoint as a dropbox where he could email content and get it follow the further publishing work flow, yes it is possible with help of this service only.
Microsoft SharePoint Foundation Web Application Service
This service provides connect between SharePoint and IIS. Without this service running, not even a web application could be created.
Microsoft SharePoint Foundation Workflow Timer Service
This service is responsible for timed events and workflows related to list and documents in the site collections.
PerformancePoint Service
This service is responsible for monitoring and related data analysis including rich dashboards and tools to consume this information.
PowerPoint Conversion Service
This service is responsible for server side conversions of PowerPoint slides to different formats.
Request Management Service
This service is only configured through PowerShell, and is responsible for request routing based on the type of request, to the right server in the farm.
Farm Level Accounts
The most common flaw in SharePoint Service application configuration observed is using single account for all the operations. Think of the situation, this single account is compromised.
SQL Server Service Account
This is the account is used for setting up Windows Services (named MSSQLSERVER, SQLSERVERAGENT) running on SQL server. Request Manager is functionality in SharePoint Server 2013 that enables administrators to manage incoming requests and determine how SharePoint Server 2013 routes these requests. If this account is not configured correctly, backup and restores from external resources are affected. This is preferred to be domain account, but not a requirement.
Setup User Account
This is the account is used for initial setups and initial configuration wizards execution. This account must be in administrative group on all the servers and part of securityadmin & dbcreator server roles on SQL box. If the administrator plans to run PowerShell scripts which directly affects this is supposed to be db_owner on the target.  This must be a domain account.
Server Farm Account
This is important to understand that, the moment a server is added to SharePoint farm, this account gets additional privileges over the server resources. This account is responsible to configure and mange server farms in future, acts as application pool identity on IIS for central administrative web application and configured to run SharePoint Foundation Workflow Timer Service right from the beginning. The importance and of this account in security may be estimated by the fact that this account is having dbcreator, securityadmin and db_owner roles on all SQL server where all the database and underlying configuration of SharePoint exist. If credentials of this account are leaked, nothing is left to protect anymore. This must be a domain user account.
Service Application Accounts
Above mentioned three accounts are required before even starting deploying SharePoint on a fresh environment. The most common mistake, as described previously in this paper, administrator does is, they don’t go further and setup additional accounts mentioned below: Here the author explores service accounts in terms of application pools and account for unattended services. Say, administrator is having single server to run all the services, single server may have multiple Application Pools on the same server, or in case, multiple servers are provided, each group of services under same application pool may be shifted, or even divided. The purpose is to get basic idea, which services may reside together and share resources without breaching security and which one requires domain account for normal operations to be achieved.
Service Application Account for Application Pool 1
Unless there is a specific security reason, justified per business needs, a single application pool in IIS may host end point for Access Services, Word Automation Services, Usage and Health Data Collection Service, Secure Store Service, Business Data Connectivity service, User Profile Service and Visio Graphics Service. Being under same Application Identity pool means these services are sharing resources. The account being used to run this category may be a local account. They are grouped together here because they don’t mandate the use of a domain account and they may reside together. But administrator is allowed to use a unique domain account if need be.
Service Application Account for Application Pool 2
Excel Services, Managed Metadata Service, PerformancePoint Service and Search Service endpoints may reside together on a single application pool identity, but that must be running with a domain account. Unless, there is a need due to business rules or performance constraint, these services may share single application pool in IIS.
Service Application Account for Application Pool 3
Security Token Service, Application Discovery and Load Balancer Service endpoints may reside together on a single application pool identity. This account must be the Farm Service Account and the SharePoint Products Configuration Wizard automatically creates this application pool. This need not be a domain account.
Unattended Service Account 1
Under Excel Services, this account is must to perform actions like refreshing worksheet data when authentication type specified is none or non-Window credentials are input. This must be a domain user account.
Unattended Service Account 2
Under PerformancePoint Services, this account is used to authenticate with data sources. This must be a domain user account.
Unattended Service Account 3
Under Visio Graphics Services, this account is used to refresh data from non-SharePoint data sources. This need not be a domain user account but this decision is dependent upon which type of data source application uses.
Content Access Account for Search
This account is used by SharePoint Search to crawl content from different sources. The source may be an external content or inside the local farm. This account has read permission on all the content to crawled, no matter what type of account it may be. But as mentioned by Catrinescu (2013), this should be a domain user account. This must not be part of farm administrator group. This issue is caught very common in security audits.
Search Service Account
Please note, this account is different from Content Access Account for Search and Service Application Account for Application Pool 2 described above. This is used to run actual Search Service Engine. This must be a domain user account. This must not be part of farm administrator group. This issue is caught very common in security audits.
User Profile Synchronization Account
Please note, this account is different from Service Application Account for Application Pool 1 which is used to run web application end point hosting User Profile Service. Unlike the App pool 1 account; this must be a domain user account as per Catrinescu (2013). Also, it should have “log on locally” permission on the computer running the instance of the User Profile Synchronization Service.
User Profile Connection Account
Please note, this account is different from Service Application Account for Application Pool 1 which is used to run web application end point hosting User Profile Service and User Profile Synchronization Account which is used run Synchronization Service. This must be a domain user account as per Catrinescu (2013). There may be the case, for each connection established with remote directory service; there is a different connection account. This account must have replicate directory changes permission on the domains under consideration.
App Management Service Account
Type of this account depends on SharePoint Catalog and SharePoint Store being consumed to install apps in local farm. This account is responsible for App management in SharePoint.
PowerPoint Conversion Account
This account is responsible for Microsoft PowerPoint presentations conversion to different formats using PowerPoint conversion service engine. There is no specific requirement for this to be domain account unless required by organization specific architecture.
Machine Translation Account
This account is responsible for automatic translations in SharePoint. There is no specific requirement for this to be domain account unless required by organization specific architecture.
Distributed Cache Account
This account is used to run Distributed cache service responsible for catering in-memory to various features like authentication, security trimming by other services e.g. search results, page load performance, newsfeed and so on. There is no specific requirement for this to be domain account unless required by organization specific architecture.
Work Management Account
All the task aggregations by work management service are performed using this account sources being SharePoint products, Microsoft Exchange Server, Microsoft Project Server and so on. The type of account used greatly depends upon the sources consumed.
Access Services 2013 Account
This account is responsible for views, edits and all kind of interactions with Access 2013 database in browser using SharePoint 2013. There is no specific requirement for this to be domain account unless required by organization specific architecture.
SharePoint Health Analyzer
While auditing any SharePoint 2013 environment for security and other issues, this may be the best place to start with. The reports available under this section in central administration are based on 63 automated rules defined by Microsoft. All the rules may be disabled, if done so by administrator, this must be reported in audits and cross questioned with administrators.  For example, the default rule, “Accounts used by application pools or service identities are in the local machine Administrators group” as per Microsoft (2013), available under “SharePoint Health Analyzer rules reference”, if disabled may open gateways to attack.
Under Central administration, administrator may visit Monitoring > Health Analyzer > Review problems and solutions, to figure out what is going wrong. Since this data comes from a SharePoint List present in Central administration, even he can enable email alerts on item created in this SharePoint List, if paid monitoring tools are not available.
Definitely, this Health Analyzer does not cover everything, but help to detect a lot more than what administrator could achieve manually.
Conclusions and Future Study
This paper covers only SharePoint Service Applications, accounts categories recommended to be used in configuring these service applications & application pools in IIS and brief overview of Health Analyzer. But this does not cover all the vulnerabilities that might be present in the system. For example, there might be many Windows Services and components running on the servers in farm, (with current features required by the organization,) may not be required, and so must be stopped to reduce the attack vectors. SQL Server may be exposed on default ports and many firewall rules may not have been even thought of by the administrator.  And so on.
All in all, this paper covers much, but to secure the SharePoint environment as a whole, one more research on the whole infrastructure is highly recommended.



References
Catrinescu, V. (2013, January 07). SharePoint 2013 Service Accounts Best Practices. Retrieved May 08, 2016, from https://absolute-sharepoint.com/2013/01/sharepoint-2013-service-accounts-best-practices-explained.html
Cleary, L. (2016, May 02). Penetration Testing SharePoint. Retrieved May 08, 2016, from https://www.pluralsight.com/courses/penetration-testing-sharepoint
Collins, J. (2016, April 14). SharePoint Environment Auditing. Retrieved May 08, 2016, from https://www.pluralsight.com/courses/sharepoint-environment-auditing
Ehrenberg, J. (2015, April 01). SharePoint Health Analyzer rules reference (SharePoint 2013). Retrieved May 08, 2016, from https://jimehrenberg.wordpress.com/2015/04/01/sharepoint-health-analyzer-rules-reference-sharepoint-2013/
Fakos, A., & Philipp, J. (2013, November 28). Getting a handle on SharePoint security complexity. Retrieved May 08, 2016, from https://www.owasp.org/images/0/09/OWASP_BeNeLux-SharePoint-Comprehensive_Security_model_v1.0.pdf
Kumar, H. (2011, June 14). SharePoint disable loopback check | Specify Host Names. Retrieved May 08, 2016, from https://hemantrohtak.blogspot.com/2011/06/sharepoint-disable-loopback-check.html
Kumar, H. (2013, January 07). SharePoint 2010 Enterprise Search | SharePoint Crawl Exceptional Behaviour. Retrieved May 08, 2016, from https://hemantrohtak.blogspot.com/2013/01/sharepoint-2010-enterprise-search.html
Kumar, H. (2016, March 11). Security in SharePoint 2013. Retrieved May 08, 2016, from https://hemantrohtak.blogspot.com/2016/03/security-in-sharepoint-2013.html
Lozzi, D. (2013, April 03). Overview of SharePoint 2013’s Services. Retrieved May 08, 2016, from https://davidlozzi.com/2013/04/03/overview-of-sharepoint-2013s-services/
Matthews, P. (2015, January 21). Setting up Word Automation Service for SharePoint 2013. Retrieved May 08, 2016, from https://cann0nf0dder.wordpress.com/2015/01/21/setting-up-word-automation-service-for-sharepoint-2013/
Microsoft. (2013, December 18). SharePoint Health Analyzer rules reference (SharePoint 2013). Retrieved May 08, 2016, from https://technet.microsoft.com/en-us/library/ff686816.aspx
Microsoft. (2013, December 18). Overview of managed metadata service applications in SharePoint Server 2013. Retrieved May 08, 2016, from https://technet.microsoft.com/en-us/library/ee424403.aspx
Microsoft. (2013, December 18). Manage service applications in SharePoint 2013. Retrieved May 08, 2016, from https://technet.microsoft.com/en-us/library/ee704544.aspx
Microsoft. (2014, March 11). Share service applications across farms in SharePoint 2013. Retrieved May 08, 2016, from https://technet.microsoft.com/en-us/library/ff621100.aspx

Microsoft. (2014, August 26). Plan for administrative and service accounts in SharePoint 2013. Retrieved May 08, 2016, from https://technet.microsoft.com/en-us/library/cc263445.aspx

Tuesday, May 10, 2016

Tax Deduction at Source – Usability Test Report

Abstract
This submission constitutes usability test report for the interface: Form26QB form submission tool provided by Income Tax Department of India. This form is filled up to submit Tax Deduction at Source (TDS) when a buyer is involved in property purchase of more than 50,00,000 Indian Rupee (INR).

Keywords: Usability Test Report, Form26QB, Tax Deduction at Source

Usability Test Report for Tax Deduction at Source Form Submission
As a general rule, most of the people involved in property purchase are happy with this online system, but a Usability Test for this interface was required as per author.
Section I: Introduction
Interface Description
When a home buyer goes for a reputed registered property purchase in India, as per Indian government regulation, 1% of the total purchase amount must be paid as tax deduction at source (TDS) to Taxation Department of India. The property sellers do not include this TDS in quoted price of the property and as per widely accepted terminology; buyer himself is responsible to pay this tax to Indian Government.
Until recently, it was a tedious job to visit bank branches and pay this tax manually over the counters. But now, Indian Tax Department has introduced the facility to pay this via an online system. This online Form 26QB submission is much better than visiting bank branches out of busy schedule, but need a usability analysis badly, the author feels.
Interface Goals
Form26QB submission contains mandatory details about buyer and seller of the property. After this form submission, end user is directed to online payment system of the bank and the final receipt generated by online payment system of bank is used as a proof which may be submitted to the property sellers and Income Tax Department.
Scope of this usability test is up to the point, where user has filled up Form26QB. This filled up form can either be printed for manual submission in the bank, or the end user may continue to submit the payment online.
Research Questions
Over all, below mentioned areas were to be felt with eyes of participants:
§     How much comfortable participant looks like with home page layout and structure? Was he seeking some help to understand very much taxation specific terms?
§     How much difficult was it for user to figure out, where to go after home page?
§     What is the user’s first reaction when he looks at enormous input fields in one go on the form?
§     How much comfortable the user seems to be when the PAN number validation pop up come on each blur of the input box?
§     Did the user wanted verification of both parties’ names immediately after entering PAN number or he seemed comfortable to wait till confirmation screen?
§     Was the reconfirm of PAN number too annoying for the participant?
§     Session time out is set as five minutes and one minute is given for user confirmation in popup, how much participant is able to get comfortable with this design?
§     The address is divided into logical entities, does the user like it? Is he OK with the max length of the input fields here?
§     Did the participant felt happy about the way amount paid is input?
§     Did the participant made a mistake while calculating TDS based on % ? Was he able to understand what Interest and fee structure is?
§     Was the user able to correlate date of payment with date of tax deduction?
§     In case of errors was the error message sufficient to fix wrong input?

Section II: Methodology
Think Aloud Method
As facilitator, author had to make sure candidates involved in this usability test know exactly what they were doing, and keep them moving. He made sure to verbalize their thoughts, means encouraging the candidates think aloud and make the running narration of what was going on in their mind – what they were trying to do, what they were looking at and what they wanted to do next.
Test Plan
Equipment/software. A Dell Laptop with inbuilt microphones and Blueberry FlashBack software installed was used to record the responses.
Recruitment. None of the participants was given any kind of incentives for this usability test. Total five candidates had to be reached. One refused due to unavailability (Dxxxxx Mxxxx). Another was dropped after starting the session, because he had used this interface heavily in the past, so he seemed very much comfortable with everything (Kxxxx Sxxxxx). Contact details of the three participants are included as a part of Recording Consent Form in Appendix A.
Location. All the candidates were recorded at their own home. Since there were no incentives involved, none of them was ready to travel. So the observer visited their home whenever they got available.
Time. All the three participants were available on the weekend of 30 April 2016 and 01 May 2016. Duration of this test for each participant varied between 50 minutes and 80 minutes, of this recorded session varied between 32 minutes and 47 minutes. This also included other interactions like demographic questionnaire, probing, wrapping up and additional cross questioning.
Tasks
Scenario. You purchased an apartment from the builder, Ixxxxxx Sxxxxxxxxxx Ltd, Gurgaon, Haryana, India on 28 April 2012 on installments. Recently Income tax Department of India mandates you to pay 1% Tax Deduction at Source, since total value of your apartment at the time of purchase was  53,36,400 INR which is more than 50,00,000 INR. Today morning, you paid 2,65,531 INR as an installment towards your apartment to the builder. Now, your next job is to pay Income tax Department of India, 1% of the installment value.
 Your task is to use online interface available as bookmark in your browser and fill Form26QB. Please note, this tool allows you to visit bank website in same flow and pay online, your task ends when your reach the point where you have to click to visit bank website. At that point save the form filled as a pdf for future reference.
Additional information required to fill this form is on the back of this card.
Below mentioned are the inputs required to fill the form:
§  Tax Applicable: Other than Companies
§  Date of Payment ( To decide Assessment and Financial Year): Today
§  Your Permanent Account Number: Axxxxxxxxx ( Sole buyer)
§  Permanent Account No. seller: Axxxxxxxxx (Sole seller)
§  Your Address: xxxx/xx xxx xxxxxxx xxxxxx, xxxxxx -124001, Haryana, India
§  Address of seller: Ixxxxxx Sxxxxxxxxxx Ltd., X-xx, xxxxx xx-xxxxxxxxxxxxxxxxxxx xxxx, New Delhi – 110044
§  Your Email Id: xxxxxxxx@xxxxx.xxx
§  Email Id of seller : XXXX@xxxxxxxxxxxxxxxxx.xxx
§  Your Mobile Number: +91-XXXXXXXXXX
§  Mobile Number of seller: +91-XXXXXXXXXX
§  Type of Property: Apartment
§  Address of Property: Ixxxxxx Exxxxx, Apartment No. XXXX, Sector XXX, Gurgaon- 122011, Haryana, India
§  Rate of Tax deduction at Source: 1%
§  Current Installment in Indian Currency: 265531
§  Total registered value of the apartment at the time of booking in Indian currency: 5336400
§  Mode of Tax payment: Online
§  Bank name via which you will be paying : State Bank of India
Pilot Test
The Pilot Test greatly helped to improve the task sheet for final usability test sessions. This was not an actual test but listeners (others than actual three participants,) gave valuable feedback on how to interact with actual participants. With previous version of task sheet submitted in test plan, the first pilot listener was not able to understand, if there were more than one buyers or sellers. Also, the total assumed value of the property was pointed out to be very low. She also mentioned that, contact details should be included in Consent Form itself.
The second pilot listener pointed that the recording should start in the beginning of the session itself, but since I had to follow the script, so I ignored this observation and started recording while taking sign on the form, during first actual participant’s session. But first participant also, mentioned this later, after the session.
The third pilot listener mentioned that observer should ask for overall feedback and summary from the participants before ending the session. This was not part of original script in usability plan submitted earlier.
Results
Overview
Overall, the participants enjoyed the usability test session. They didn’t expect it to be so entertaining and stress free, as the third participant mentioned specifically. Overall, more advanced users, who spend more time on the web didn’t like much the interface, but the new bees mentioned this interface as a good one.
Participant 1
The first participant Vxxxx Dxxxx, was not aware of TDS system in India, but he was getting it confused with regular tax on income. He paid Income Tax on the extra income in past, and he thought TDS and Income Tax is the same thing. He had been involved in buying and selling of residential properties in past, but value of these assets were less than 50,00,000 INR. So, he never used the interface under consideration in past on actuals. Since he never used this interface in the past, he qualified to be a participant in this usability test.
Below mentioned are the observations from Vxxxx:
§  Home page is less informative than he expected it to be. He wanted some visuals like images on the home page.
§  Financial year and assessment year drop downs were disabled. He wanted to be taken to date of payment input field once he tried to edit these disabled dropdowns.
§  He was getting puzzled b/w the terms payer/buyer/transferee all over the form. He wanted the form to use same term all across.
§  He tried to copy paste PAN number in confirmation box from main input form. If the input was not exactly 10 digits, it gave an ugly popup, he seemed to be getting annoyed with that kind of popups.
§  Participant was extremely unhappy with timeout message box coming every five minutes. He mentioned that form should record him being active and filling fields, so that timeout is reset. At another place he mentioned that timeout should be reasonably longer for the user to input such a large page in one go. It also suggested that he would have liked a wizard kind of structure with next buttons.
§  User was getting annoyed with character limits of some input fields like the one in address area. He wanted at least a message about character limits, if nothing less.
§  Even though information in task card specifically mentioned, he is the sole buyer and the builder is sole seller, he overlooked this information and wanted the input fields named "whether more than one buyer" and “whether more than one seller" to be non-mandatory as an escape route.
§  Also, the task sheet mentioned date of agreement specifically, but participant missed this information and tried to play around with this input field. Just to see what will happen, he also tried putting a future date. The form didn’t alert about future date immediately, but on submit he got an error.
§  The task sheet specifically mentioned asset value, but participant assumed it to be 52,00,000 INR, which didn’t affect output of the test, but he made a good point that, if property value is in 7 digits, installment value input field should not allow entering 8th digit.
§  He mentioned that when installment value is being filled, it should on the fly display what is the outcome of inputs on combined label, since installment value was being recorded in separate input boxes for lakhs, thousands, hundreds, tens and ones.
§  He was not happy that total amount paid/credited is asked again in Tax deposit details head. He wanted to say that it should be prefilled based on inputs in amount paid/credited head filled already by him.
§  He gave suggestion that rate at which TDS is calculated should not be input field, since end user has not the rights to decide this rate; this value is decided by Income Tax Department of India.
§   The tax amount should be calculated by form based on inputs, he mentioned. He feared that users may do calculation mistake and it made form more tedious.
§  While filling date of tax deduction, user mentioned that these fields are not very informative.
§  While clicking submit, user got the message that date of agreement cannot be future date. User wanted to be taken to field directly along with this message. He didn't want to search for that field in clumsy form.
§  Information in popup should show information sign along with it, if it is a warning it should also include warning sign in the popup, he mentioned.
§  User was not happy that acknowledgement number is there is in popup and he couldn’t copy it from there.
§  User didn't understand what does minor head code term means (in the final submitted form) nor was he able to understand information marked in red on the top very much comfortably, the language may be simplified for normal users, he mentioned.
§  User mentioned that UI should be improved; it was very raw kind of screen.
§  User mentioned that page was too long to fill.
§  User was not happy with popups coming again and again.
§  User mentioned that, there has to be something where he can save this information for future use online and bring it up later if required, including payment while next installment comes for the apartment.
§  He rated this site 5 on the scale of 10.
Participant 2
The second participant Dxxxxxx Bxxx, turned out to be very patient participant. Despite so many hiccups he continued. Even though he was not able to submit form successfully, but he gave much valuable inputs on extreme scenarios which real users would have been facing too.
Below mentioned are the observations from Dxxxxxx:
§  Unlike Vxxxx, Dxxxxxx didn't find home page of the website very convincing as a Government website. He mentioned the need of a logo or some disclaimers or similar stuff. He seemed concerned about authenticity of the website and was reluctant to fill information if it would have been his own personal details.
§  The system allowed instructing browser that, do not show such popups in future. And the site uses to show important validation messages in popup. The result was at many important places throughout the form, he would not get validation messages.
§  He mentioned that mobile number of buyer should be allowed to be more than 10 digits. Form assumed that user is always in India and mobile number will always be 10 digits. He mentioned what if buyer is sitting abroad and wants to include ISD code along with contact number.
§  Like Vxxxx, he was also not happy with character limit of the input fields, specifically in Address areas.
§  Authenticity of session timeout message was found to be questionable by me. The first time session timeout message came when he was filling PAN numbers. He clicked cancel at that time on timeout popup, still form continued to accept inputs, rather than throwing him out of the form. As a patient observer, I didn't disturb the user and let continue.
§  Now, when he was filling address of seller - second row, this session timeout confirmation came again. So, I got the impression that, even if he clicked cancel first time, his session didn't timeout. This time he clicked OK submit.
§  While filling email id of seller, user mentioned that ideally website should take care of upper and lower inputs by itself; this conversion is easy in code. He wanted to point out towards message he got earlier while filling PAN number. 
§  While filling city of the property purchased, user mentioned that name of this city had changed recently, it raised a good point of address validation while filling it. Even user filled city as per task sheet and city is located in state Haryana. Form allowed selecting state as Delhi. Later user observed it himself and fixed it.
§  User was confusing date of agreement with date of payment while filling Date of agreement field.
§  User did mistake in calculating 1% of the installment amount. Had the Basic Tax field been auto populated, this user error could have been avoided.
§  The interest and fee is payable if the TDS is not paid to Government within one month of actual payment. Rather than giving this simple message to the end user, website confused Dxxxxxx with section 234E and Rule 31A(4A) kind of terms which are difficult to understand. So he just skipped it and continued letting it to be zero. Had he been doing late payment, he would have never known, he is doing late payment of TDS, so he owed something more to Income Tax Department of India. He thought Interest and fee fields are redundant.
§  When he clicked on submit I found that he had entered wrong PAN number, but since he had prevented default popup messages of browser in past, he didn't get exact error message, so he was stuck and verifying information in each input field one by one. Mode of error message delivery was not good on submit.
§  He mentioned (while he was verifying fields one by one), if the name of buyer and seller is populated based on PAN number, while filling form itself, it would have been helpful and would have made him more confident.
§  Even after fixing error in PAN number he was not being taken to confirmation page. He again got session continue confirmation message at this time and he did the right thing. But still Proceed was not working.
§  Since proceed was not working he started playing around with Date of Tax deduction field for no reason. He switched Mode of Payment and bank name was lost. So he assumed that he didn't selected bank name, that's why he was not able to submit. Bank name should have been retained, just in case user switches the radio button and come back to previous selection. If the mode of payment doesn't require Bank Name, this field should have been hidden rather than resetting the value.
§  He tried giving very old date as date of agreement, but it didn't help. After many verification of inputs, he thought he entered wrong captcha, the moment he hit refresh captcha, to my surprise he was taken to error_session.asp which said session had expired, even though he was hitting sessions continue submit diligently all the time. He was totally confused what happened and had a mix of guilty feeling and anger that he will have to fill all the information again.
§  This participant was under impression that before coming to this site to fill this form, user must do diligent ground work to avoid errors and he gave a rating of 6.5 out of 10 to this website.
Participant 3
The third participant Cxxxx Sxxxxxxxx, felt not so confident at the start of session, but she was able to submit Form26QB using this interface successfully.
Below mentioned are the observations from Cxxxx:
§  She didn't like colors used on the home page and layout of navigations. She pointed; terms used on home page are too much technical to understand.
§  Like other two participants, she also got confused with disabled dropdowns for Financial Year and Assessment Year. The message in red didn't help her but she continued further.
§  Transferee/Transferor were difficult terms for her as compared to buyer/seller on the main form spread across everywhere.
§  Category of buyer/seller were input boxes but disabled. She was trying to edit these values. This could have been labels to avoid confusion or at least different style sheet could have been applied similar to Financial Year to mark it as disabled input boxes.
§  Since there was Full Name of buyer/seller input label mentioned with *, she thought if she clicks in front of it, she may be able to enter something here. Either this head should not have been marked as mandatory by * or removed altogether to avoid confusion.
§  After trying to click full names, probably by mistake she hit back button, rather than giving a confirmation message before going to back page it simply went to home page of website and she lost the information filled till now. So, she started filling the form again now.
§  Like other two participants, she was also not happy with session expiration design. She specifically mentioned why so early?
§  As Dxxxxxx also mentioned, she was not able to enter ISD code of mobile number.
§  Like other two participants, she also got stuck while filling seller's address due to max length limit of input fields.
§  Under Amount Paid/Credited, for  Crores/Lakhs/Thousands/Hundreds/Tens/Ones, both dropdowns and textboxes were given on the form, she thought she can use any, but she later figured out textboxes are disabled. There should have been labels instead of disabled input boxes here. She also mentioned that dividing whole installment amount in pieces like this is also a pain at first place.
§  Like other two participants, she was wondering why to enter installment amount again under Tax Deposit details header.
§  Under TDS % input box, she was not able to type % sign, she kept wondering why.
§  While filling TDS actual amount after 1% calculation, she got session timeout message, but since this input field was not fully filled, on blur of this input field, validation error came, and for validation message this site uses default browser popups, so she got confused which one to click first. This gives a suggestion that, session timeout should not have come when she was active also that, default browser popups are wrong choice to show validation message by developer.
§  Like other participants, red information message regarding Interest and fee field under Tax Deposit details header, was not sufficient for her to understand what it means.
§  On the end of page, there was information, what user do and what  should not, e.g. the characters prohibited, she was almost laughing, why this information is here now. I guess, she wanted this information earlier before starting filling the form.
§  At the end of session she gave suggestion that, at least address fields may have been auto filled after typing few characters. For example, if she type few characters of city, form should have been smart to start giving Google like autocomplete suggestions.
§  She specifically mentioned at the end of session, she found site as very user friendly, with not much difficultly, she was able to correlate information/task cards well with the form. She gave a rating of 9 out 10 to this interface.
Summary
All in all, end user needs lots of homework to fill TDS using the interface provided, but this is definitely better than giving a visit to the bank, filling form manually and waiting in long queues. Definitely, with usability perspective there are lots of improvement areas as suggested by the participants.
Recommendations
All the feedbacks and observations in result section above must be fixed, but three things which must be done right away are mentioned below:
§  Session timeout must be increased. There are major flaws in this session timeout logic but, at minimum right away, with no development efforts, with just the configuration changes, timeout may be increased.
§  Do not use browser default popups for error messages. This change might be low effort change but gives maximum results. And that is why it is part of top three recommendations to be implemented today itself without any delay.
§  When the user clicks on Form26QB, he should be taken to an information page, where he should be made knowledgeable about what all he needs to fill in this form. And then click on next to the form. This is low effort change and can be implemented right away. This resolves many Usability issues reported by the participants where they were not aware of the terms and how form behaves. Probably, on this introduction page, putting a video will also be very helpful. For example, after going through even a single recorded session mentioned in Appendix D, end user may fill TDS just in five minutes.
Apart from above mentioned low risk, low effort, high gain in usability changes, observations mentioned in the Result sectioned must be planned for future releases and deployments.
Conclusion
With the help of diligent participants, observer was able to record a good number of usability issues in the interface. Definitely more sessions like this will be helpful for the ongoing development, observer hopes that Income Tax Department of India will take above mentioned issues on top priority. Observer agrees that no interface is perfect in this world and Usability Test sessions like this are important, not only in the interface under consideration but everywhere else too.



References
Income Tax Department of India. (n.d.). E-TAX Payment System. Retrieved April 17, 2016, from https://onlineservices.tin.egov-nsdl.com/etaxnew/tdsnontds.jsp
Krug, S. (2010). Rocket surgery made easy the do-it-yourself guide to finding and fixing usability problems. Berkeley, CA: New Riders. 

Appendix A
Recording Consent Forms


Image Removed
Figure 1. Recording Consent Form signed by Participant 1: Vxxxx Dxxxx

Image Removed

Figure 2. Recording Consent Form signed by Participant 2: Dxxxxxx Bxxx.


Image Removed
Figure 3. Recording Consent Form signed by Participant 3: Cxxxx Sxxxxxxxxx.

Appendix B
Usability Test Script
Modified from Rocket Surgery Made Easy
© 2010 Steve Krug
o        Web browser should be open to Google or some other “neutral” page.
Hi, ___________. My name is Hemant Kumar, and I’m going to be walking you through this session today.
Before we begin, I have some information for you, and I’m going to read it to make sure that I cover everything.
You probably already have a good idea of why we asked you here, but let me go over it again briefly. We’re asking people to try using a Web site that has been developed by Income Tax Department of India and we want to see whether it works as intended. The session should take about an hour.
The first thing I want to make clear right away is that we’re testing the site, not you. You can’t do anything wrong here. In fact, this is probably the one place today where you don’t have to worry about making mistakes.
As you use the site, I’m going to ask you as much as possible to try to think out loud: to say what you’re looking at, what you’re trying to do, and what you’re thinking. This will be a big help to us.
Also, please don’t worry that you’re going to hurt our feelings. We’re doing this to give valuable improvement suggestions for the site, so we need to hear your honest reactions.
If you have any questions as we go along, just ask them. I may not be able to answer them right away, since we’re interested in how people do when they don’t have someone sitting next to them to help. But if you still have any questions when we’re done I’ll try to answer them then. And if you need to take a break at any point, just let me know.
We have the ability to use internal microphone of this laptop to record your voice. With your permission, we’re going to record what happens on the screen and our conversation. The recording will only be used to help us figure out how to improve the site, and it won’t be seen by anyone except the people of Income Tax Department of India and Students/Staff members of Fxxx Hxxx University. And it helps me, because I don’t have to take as many notes.
If you would, I’m going to ask you to sign a simple permission form for us. It just says that we have your permission to record you, and that the recording will only be seen by limited audience as I just explained.
o   Give them a recording permission form and a pen
o   While they sign it, START the SCREEN RECORDER
Do you have any questions so far?
OK. Before we look at the site, I’d like to ask you just a few quick questions. (This includes Demographic Questions also.)
§  First, what’s your occupation? What do you do all day?
§  Now, roughly how many hours a week altogether—just a ballpark estimate— would you say you spend using the Internet, including Web browsing and email, at work and at home?
§  And what’s the split between email and browsing—a rough percentage?
§  What kinds of sites are you looking at when you browse the Web?
§  Do you have any favorite Web sites?
§  Have you ever been involved in buying and selling of residential properties in India value of which was more than 50,00,000 INR ? ( This form is submitted on purchase of every immovable property , value exceeding 50,00,000 INR; but end user might not be able to understand meaning of word immovable, so better is restrict to live example of residential property for the candidate to understand, what is being asked.)
§  Did you ever visit a bank to submit Tax Deduction at Source (TDS) when you purchased this property?
§  Are you aware that Indian Tax Department now gives the facility to submit TDS online? Have you ever used this system?
OK, great. We’re done with the questions, and we can start looking at things.
o        Click on the bookmark for the site’s Home page.
First, I’m going to ask you to look at this page and tell me what you make of it: what strikes you about it, whose site you think it is, what you can do here, and what it’s for. Just look around and do a little narrative.
You can scroll if you want to, but don’t click on anything yet.
o        Allow this to continue for three or four minutes, at most.
Thanks. Now I’m going to ask you to try doing some specific tasks. I’m going to read each one out loud and give you a printed copy.
And again, as much as possible, it will help us if you can try to think out loud as you go along.
o        Hand the participant the task sheet, and read it aloud.
o        Allow the user to proceed until you don’t feel like it’s producing any value or the user becomes very frustrated.
Thanks, that was very helpful.
§  Would you like to summarize your experience with this interface?
§  On the scale of 10 how much do you want to rate this website ?
§  Do you have any questions for me, now that we’re done?
o        Stop the screen recorder and save the file.
o        Thank them and escort them out.

Appendix C
Scenario card
Figure 4. Scenario card, front side.
 Figure 5. Scenario card, back side.

Appendix D
Links to Video Recordings
Participant1 (Vxxxx Dxxxx):
Participant 2 (Dxxxxxx Bxxx):
Participant 3 (Cxxxx Sxxxxxxxxx):