Understanding How to Test Payment Gateways:
What are various payment processing companies?
Recommended IPTV Service Providers
- IPTVGREAT – Rating 4.8/5 ( 600+ Reviews )
- IPTVRESALE – Rating 5/5 ( 200+ Reviews )
- IPTVGANG – Rating 4.7/5 ( 1200+ Reviews )
- IPTVUNLOCK – Rating 5/5 ( 65 Reviews )
- IPTVFOLLOW -Rating 5/5 ( 48 Reviews )
- IPTVTOPS – Rating 5/5 ( 43 Reviews )
Per Wikipedia, a payment processing company is an entity (often a third-party) chosen by a seller to manage transactions from different avenues such as credit cards and debit cards for acquiring financial institutions. This processor verifies the received information by routing them to the appropriate card issuer or card association. They also enforce measures to prevent fraudulent transactions.
Popular Payment Gateways include Authorize.net, PayPal, Braintree, Bluepay, Citrus Payments, and so on.
You can find abundant resources on the internet and libraries about payment gateways and their associated terminology.
In this step-by-step guide, I have attempted to decipher some of that information and share my own experiences.
Suggested reading:Examining Investment Banking Applications
During my maiden project, I was uncertain about the effective testing of a payment gateway. Nevertheless, I gradually mastered it and successfully incorporated PayPal, Braintree, and Authorize.net into our eCommerce platforms.
We will delve into common terminologies, comprehend the complete transaction process, and discuss beneficial tips and best practices.
What This Guide Covers:
- Terminology in Payment Gateways
- Distinction between Payment Gateway and Payment Processors
- Process of Transaction
- Why is Testing Payment Gateways Necessary?
- Types of Testing Required
- Useful Tips
- Test Cases and Checklist for Payment Gateway Testing
- Example of Setting up Sandbox: Braintree Payments
- Summing Up
Terminology in Payment Gateways
Let’s examine some of the terminology used in this guide:
1) Merchant – This term refers to an individual or business that offers goods or services for sale. For example, Flipkart, Amazon, eBay represent merchants.
2) Credit Card – A plastic card enabling the holder to purchase goods or services on credit. It contains a 16-digit card number, an expiry date, a hologram, a magnetic strip, a panel for the signature, and a Card Verification Value (CVV) number.
Front image of a Credit Card:
Back image of a Credit Card:
(Source: about.com)
3) Acquiring Bank – This is a financial institution that manages and facilitates the acceptance and processing of debit and/or credit card transactions in the bank account of the seller.
4) Issuing Bank – This is the financial institution that issues debit or credit cards to the customers. The issuing bank either approves or denies transactions based on the standing of the cardholder’s account and subsequently conveys this information to the acquiring bank.
For instance, a purchasing transaction will be denied if the card’s expiry date is incorrect or the cost of purchase surpasses the credit limit of the card.
5) Transaction – This involves the complete process in which the funds for a customer’s transaction reach the seller.
6) Authorization – This request is initiated when a customer makes a purchase. Authorization is granted by the issuing bank of the customer, validating the validity of the cardholder and their capacity to pay and the presence of sufficient funds. Post authorization, the funds are held and the balance is deducted from the credit limit of the customer but not yet moved to the seller’s account.
7) Capture – This is the step where the seller collects relevant payment details from the customer and sends a settlement/capture request to the processor. The processor uses this detail to transfer funds from the account of the customer’s card to the account of the seller.
Additional Reading:Banking Application Testing
Distinction between Payment Gateway and Payment Processors
There is plenty of content available online debating whether a payment gateway and a payment processor are discrete units with separate functionalities.
Based on my projects, I noticed that terms “Payment Processor” and “Payment Gateway” are often used interchangeably with no clear difference. Sellers usually refer to Payment Gateways as payment processing companies since they manage all payments.
Payment processors perceive themselves as payment gateways because they execute and finalize secure payment transactions.
Process of Transaction
The following diagram encapsulates the complete flow beginning from a customer initiating an order to the order being either processed successfully or rejected:
If a customer opts to cancel the order, the following process ensues:
The distinction between a void and a return is based on whether a transaction is captured or not.
A payment that is yet unsettled can be voided, resulting in crediting the retained funds back to the cardholder’s account. If a transaction is already settled or captured, a refund process is initiated. A refund transfers funds from the seller’s account back to the account of the cardholder.
Recommended Reading: Top 12 Virtual Credit and Debit Card in the USA
Why is Testing Payment Gateways Necessary?
If we were to shop in a physical store, we would pay in cash or swipe our debit or credit card through a machine during checkout to finalize the transaction.
Similarly, during online transactions, we ought to ensure that a similar system is in place that approves or declines a transaction instantly.
From the perspective of the customer, the online payment processing system on an eCommerce platform should be error-free. Customers should be able to click on the ‘Pay Now’ button and witness a payment success or decline notification within a few seconds.
From the viewpoint of the seller, it is vital to ensure that the complete payment cycle, which includes receiving transactions from the online shop, capture and authorization, refunds, and voiding, functions impeccably. If any of these elements do not operate as expected, it can create trouble for the seller.
Testing permits sellers to familiarize themselves with the flow of the chosen payment processor and assess if it is the ideal fit for their application and business.
Types of Testing Required
Based on the choice of payment processor and product/application requirements, the following types of testing may be required:
- Functional Testing: This testing is needed for newer, less established payment gateways to confirm that the application operates accurately in managing orders, calculations, taxes, etc. More established payment processors may not necessitate this type of testing.
- Integration Testing: When integrating with a payment gateway, integration testing becomes pivotal. Testers need to ascertain that the integration of the website/online store/application works smoothly with the selected payment gateway. This involves testing the whole transaction flow:
- Initiating an order
- Checking if funds are received in the account of the seller
- Making sure there is a successful refund or voiding of transactions
- Performance Testing: It is necessary to test the website/online shop/application for performance. The payment processor should not fail when there are many users trying to finalize transactions at the same time.
- Security Testing: During a transaction, customers disclose sensitive details such as numbers of their credit cards and CVV numbers. It is crucial to ascertain that all such sensitive information is transmitted securely and encrypted.
Useful Tips
Here are some beneficial tips for testers based on my personal experience:
#1) Investigate if the payment gateway provides a free sandbox environment intended for exploratory, trial purposes. The presence of a sandbox is beneficial and offers the flexibility to adjust the tool and examine it in-depth.
#2) Ensure thorough testing of transactions from beginning to end. We encountered numerous bugs related to data capture and flow from the application to the payment gateway. Specific bugs included:
- Incorrect capture of the name information of the customer (buyer)
- Incorrect capture of the expiry date of the customer’s credit card, leading to transaction rejections
- Duplicate transactions appearing in the payment processor
#3) Understand the limitations of payment gateway sandboxes.
For example, the sandbox of Authorize.net allows only one currency for each sandbox. If you have to test multiple currencies, separate sandboxes will have to be configured. Moreover, you cannot test how the system performs when the live account of Authorize.net processes transactions with multiple currencies.
#4) Display suitable error messages when a payment fails in the course of a transaction. Technical error messages like “Object not set to an instance” or “404 error” can bewilder customers and impact user experience. Instead, display a general message that encourages users to reach out to customer support.
#5) Let the client (owner of the application business) know in advance about the setup time required to create a live payment processor account. The time needed to set up the account can vary from a few days to weeks depending on the chosen payment processor. This allows enough time to set up the live account prior to making the application and payment processor integration live.
Checklist and Test Cases for Payment Gateway Testing
Like any other application, testing payment processors requires proper test planning.
The following checklist can be beneficial for testers and act as a reference:
1) Configure the sandbox for the payment processor.
2) Gather dummy credit card numbers for testing different types of cards. For instance, you can find fake credit card information for the Braintree payment processor on their website.
3) Check the behavior of the application when a transaction is successful.
4) Verify if the application displays a confirmation message and is returned to it by the payment gateway after a successful transaction.
5) If the transaction is successful, verify that the customer is sent a