How to test Payment Gateway functionality
Gather appropriate test data for the dummy credit card numbers and sand box accounts.
Gather payment gateway documents with error codes – useful it if any error came during testing to
identify whether it’s our application fault or payment gateway related error.
Understanding of the integration of the payment gateway with application.
Understand and test the parameters and sessions passed through payment gateway and application.
Understand and test the amount related information passed through query string or session or variables
in any form.
Check the format of the amount with currency format.
Check the language of the application and payment gateway language.
Test after successful payment all the necessary data retrieved to our application or not.
Check what happens if payment gateway goes down during the payment process.
Check what happens if payment process went successful but do not return to our application.
Check what happens if session goes time out during the payment process.
Check what happens in backend during the payment process is the session data stored in temporary table
or any id is generated or not?
Check what happens if payment process is fail.
Verify DB entries for the transaction whether they store credit card details and all or not.
Verify DB entries for the amount related fields in database for the fresh transaction, modified
transaction and canceled transaction.
Verify error page during payment gateway process.
Verify security passes for the transaction.
Payment Gateway Workflow
Payment Gateway Terminology
Acquirer/Acquiring Bank/Merchant Bank is a financial company/bank that will process credit/debit card transactions on behalf of
you from a customer visiting your site. As a merchant you've an account with Acquiring bank. CCAvenue/EBS/ICICI Payseal can be
taken as an acquirer bank.
API (Application Programming Interface): APIs provide users with pre-existing interfaces to program against which allows rapid and
standardized application development.
Application Service Provider (ASP) is a business which provides computer based services to its customers over network (especially
internet). Most commonly it is used with customers accessing services from a server using client browsers like Internet Explorer. An
example would be IRCTC server will be an ASP for you as a customer.
Authorization: The approval or guarantee of funds given by the Card Issuer to the Acquirer.
BIN (Bank Identification Number): The six-digit number assigned by Visa and MasterCard to identify a member (Issuer or Acquirer)
or processor for authorization, clearing or settlement processing.
Business to Business (B2B) is E-Commerce that happens among business is called B2B.
Business to consumer (B2C) is E-Commerce that occurs between consumers and business entities are called a B2C for example a
customer buying from your site.
Brick and mortar business are those ECommerce stores which have a physical store which is exactly opposite of an (internet) online
Batch Is the processing of all your transactions from merchant account and settlement which will show your total earnings or loss (in
case of chargebacks).
Card Issuer is financial institution that issues the payment card to the Cardholder.
Cardholder: Customer associated with the primary account number (or an additional authorized user) that requests a transaction
from a merchant.
CVV (Card Verification Value): Term for 3-digit code in signature panel to verify that the card is in the cardholder’s possession.
Card refers to a plastic card with some magnetic coded information from brands like Visa, MasterCard, American Express, Diner’s
Club, Discover and JCB and which allows one to use them at various ATM’s and online worldwide.
Card Association is the network of all banks (i.e., both payment gateways and issues banks) that process plastic cards of various
brands like VISA, MasterCard, Discover, American Express and others.
Credit Card Processor allows a payment gateway merchant to accept all sorts of cards for online money payment, including net
banking. It is a third party company used by your payment gateway( eg CCAvenue) which negotiates customer financial transactions
with banks and card associations(VISA, MasterCard etc.) and inform the merchant of payment success/failure through the payment
gateway used. Some providers can themselves be Card Processor like AlertPay or 2Checkout.
Capture operation further validates it and confirms the purchase of product and start of dispatch of product to the customer creating
billable transaction in Merchant's account. If after authorization, Capture is not done by merchant within specified period then the
transaction is reversed as if it had never occurred and the amount credited back to customer's credit/debit card account. Till the time
the transaction has not be Captured, the customer's transaction amount will not be reflected in her credit card account.
Discount Rate/Transaction Discount Rate (TDR) is total fees retained/charged by the payment gateway from the merchant for each
transaction. It can be fixed percentage or fixed amount. The largest component of TDR is the interchange fee.
E-commerce is buying and selling of products/services online using internet.
HTTP (Hypertext transfer protocol) is a networking protocol to transfer unsecured information, used especially between a web
server and client browser
Interchange fee is a term used in payment gateway industry and refers to fee charged by the issuing bank. For example if you use
your ICICI debit card at HDFC ATM then, ICICI will pay interchange fee to HDFC for using its ATM.
IVR (Interactive voice response) is a technology for computers to recognize human voice so as to process for example credit card
entered by a customer.
Merchant: Seller of products or services.
Merchant Agreement: Contract between a Merchant and Acquirer that outlines payment processing rights and responsibilities.
MID (Merchant Identification Number/Merchant ID): Unique number assigned by an Acquirer to identify a specific merchant.
MasterCard is a payment technology based company with head office in New York and which facilitates electronic funds transfers
from Credit/Debit/Prepaid cards across the world. Like Visa the financial institutions/acquirer banks need to abide by its rules like
Merchant Account is a type of account that allows receiving various types of payments - credit card/debit card/net banking/prepaid
card etc. from your customers. You’ll need to pay TDR over the received payments. You’ve visited this site as you’re looking for a
MOTO is a short form of Mail Order/Telephone Order credit card charging processing and occurs without physical presence of credit
card. In MOTO there are three ways you can charge your customer’s credit card: using Touch Tone, POS software and Virtual
Payment Gateway is an Ecommerce online transaction processing platform/interface which allows a merchant (you) to receive
payment online from customers using various types of cards and net banking facilities.
Point of Sale (POS), Point of Purchase (POP), and Checkout is location where transaction occurs.
POS Terminal is hardware and software used for Checkouts. For example you swipe-in your card in POS Terminal at any shop for
payment. POS Software is specialized software available on the merchant’s PC so that he/she can key-in and charge credit card of a
customer directly from his/her keyboard.
Payment Card Industry Data Security Standard (PCI DSS) is a security standard to handle customer and card data during
financial transaction of various credit/debit/prepaid and other cards. It aims to reduce credit card frauds. PCI DSS compliance is
must for all companies which store/process secured payment data like card information.
PIN (Personal Identification Number): A cardholder’s secret identification number that completes an online debit transaction.
Smart Card: A payment card with a built in chip to store information.
SSL (Secured Socket Layer) is a protocol which provides secured way to transmit data between two softwares on a network or
internet, without any risk of interception. You don’t need SSL but if the payment interfaces from for example PayPal, CCAvenue will
work only in SSL.
TID (Terminal Identification Number): Number that identifies a merchant to the front-end network. A unique number is assigned to
each POS terminal.
Refund is return of money paid to the customer by the merchant.
Reversal is done before settlement wherein the merchant undoes the transaction as if it never occurred.
VISA is a payment technology based company with head office in California and which facilitates electronic funds transfers from
Credit/Debit/Prepaid cards across the world. The financial institutions/acquirer banks need to abide by the Visa rules like
transaction security, not allowing charging surcharge when receiving payments via Visa card.