This blog post will cover what payment gateway testing is, how to perform it and the following
What is a Payment Gateway?
Payment Gateway is a service that helps us to complete a monetary transaction online, it accepts credit cards, debit cards, net banking and other payment methods from the customer to perform a transaction.
Payment gateways services encrypt sensitive information like card numbers, CVV, passwords, pins, etc. These are integrated with the e-commerce platforms to make and receive payments.
With the rise in Digital payment in e-commerce platforms, we should provide customers with secure and user-friendly Payment Gateways that can stand high loads without any failure in their performance. Some of the common examples of payment gateways are Paypal, Paytm, Razor pay, Instamojo etc.
What is Payment Gateway testing?
Payment Gateway testing makes sure that the application gets seamlessly integrated with the payment gateway. Also, the customer should experience a smooth, hassle-free & secure transaction. A payment gateway acts as a bridge by information about the transaction between the merchant and the customer.
Payment gateway testing focuses on connectivity, security, encryption, performance, user experience etc. It also evaluates other components that take part in the online transaction and check whether they are safe and trustable with customer’s sensitive data.
Why Payment Gateway testing?
Payment gateway testing
- Ensures that the customer has a smooth experience while making the payment.
- Makes sure that the customer makes successful payments to the corresponding website.
- Inspects, checks and reduces the technical issues that the customer might face during payment.
- Evaluates whether the customer’s data is vulnerable to outside third parties.
- Avoids data glitches and protect our customers’ financial details from hackers.
- Protects the reputation and integrity of the company by identifying and fixing security incidents.
- Increases the customer’s trust and loyalty
- Enhances the speed, accuracy and security of the payment process.
What is the basic terminology used in Payment Gateway testing?
Merchant- A Merchant is a person or a company who sells a product or service, they can be the service provider, product seller, the eCommerce store, etc. They accept online payment for their business.
Acquiring bank- It is the Merchant’s bank, when the customer pays through the payment gateway, the amount gets credited to the acquiring bank.
Issuing bank- It is the Customer’s Bank when the merchant receives the payment, the amount gets deducted from the issuing bank.
Transaction- It is the payment made in the checkout of the payment gateway. It generates a unique ID, it’s called transaction ID.
Authorization- Payment gateway sends authorization requests to the customer’s account(issuing bank) to deduct the amount. An authorization request may get denied or approved by the issuing bank.
Authentication- It is the method by which the bank validates the identity of the customer making the payment, it can be CVV, OTP, PIN, Password etc.
What are the prerequisites required for payment gateway testing?
- Collect test data for dummy debit/credit card information.
- Gather information related to the payment gateway type we are going to test.
- Finalize the parameters for Performance testing for Payment gateway flow.
- Gather information about error codes that might occur in the Payment gateway, that way we will know whether the error is from our end or it’s related to the payment gateway.
- Setup a Sandbox environment to validate payment processors without actually paying the amount.
How to Test Payment Gateway Functionality?
Before getting into how to test the functionality of the Payment gateway, let’s look at how the Payment gateway transaction flow functions.
Step #1: Customer chooses a product or a service and gets the payment page.
Step #2: They enter their card details like number, CVV, expiry date etc. This information is securely passed to the payment gateway.
Step #3: The payment gateway encrypts the card details and performs fraud checks before it sends the data to the acquiring bank.
Step #4: The acquiring bank sends the information securely to the card schemes, it performs another fraud check and sends it to the Issuing bank.
Step #5: Issuing bank conducts another fraud screening and authorises the transaction. Approval/decline message gets sent to the Acquirer through card schemes.
Step #6: Payment gateway receives this accept/decline message which transmits the message to the merchant. If the payment gets approved, the Acquirer collects the payment from the Issuing bank and deposits funds to the merchant account.
Now that we know how a payment gateway functions let’s look at how it can be tested.
What types of testing is required on the payment gateway?
#1. Functional Testing
In Payment gateway, we perform functional testing for new or less established systems. It is vital as it ensures that the system is fully functional and its features are working as expected. It helps in verifying both the application and the gateway.
Further reading: Functional Testing Tutorial
#2. Security testing
Security testing ensures that the Payment gateway protects the data that it processes during payment. It secures the system from cyber attacks, hackers and other security vulnerabilities. We should make sure that we take care of sensitive information provided by the customer.
Further reading: Security Testing Tutorial
#3. Performance testing
In Payment gateway, performance testing makes sure that the application won’t fail if a great number of users submit payment simultaneously. This type of testing is crucial especially during huge sales or holiday seasons. It ensures that the system functions normally even when there’s a huge load.
Further reading: Performance Testing Tutorial
#4. Integration testing
Usually, an e-commerce platform or any other application that requires payment needs a payment gateway integrated into the system. Integration testing ensures that the payment gateway is seamlessly integrated with the merchant’s website. Here we test the order placement, payment processing, order confirmation, i.e the complete transaction flow functions as required.
Further reading: Integration Testing Tutorial
Sample Test cases for Payment gateway testing
Functionality based Test Cases for Payment gateway
- Check if you can, each payment option is selectable and text boxes are typeable as well.
- Verify whether the saved credit/debit card is available on the payment page.
- Check whether you can set a card as default.
- Check whether the customer receives the corresponding notification email and text after a successful/unsuccessful payment.
- Verify whether the payment gateway redirects back to the application after the completion of payment.
- Check if the amount, taxes, discount, store credits etc get calculated correctly.
- Check whether the system changes the currency and language format based on the user’s request.
- Check whether the payment doesn’t proceed when any mandatory field is empty.
- Check the system’s behaviour when the internet gets disconnected during payment.
- Check if any double payment happens
- Verify different combinations of valid and invalid data for Card number+Expiry date + CVV.
- Check whether each payment option gets directed to the respective payment flow.
Performance-based Testcases for Payment Gateway
- Check the performance of the payment gateway when several users are trying to complete a transaction at the same time.
- Check whether the processor responds quickly
- Check whether the time taken for the application to reach the payment gateway is as per the requirement.
- Verify whether the same amount gets credited to the customer during the refund, also check the time frame of the refund is as per the terms and conditions.
- Check whether the transaction details get updated in the database in the right format.
UI based Testcases for Payment gateway
- Verify whether the labels and boxes are visible
- Check if the card number gets masked while entering.
- Check whether the Payment gateway company logo/name is visible.
- Verify if all the payment options are visible.
- Verify whether the colour scheme matches the specifications.
- Check whether proper messaging appears when the payment is successful/failed.
- Check whether the promo code, gift card, coupon section is visible.
- Verify whether all the errors or mistakes entered by the customer gets highlighted in red.
Security-based test cases for Payment Gateway
- Check whether the card details get masked.
- Check whether the sensitive information gets encrypted.
- Check whether the application is safe from cross-site scripting, spoofing etc.
- Verify whether that online transaction happens on a secure channel like HTTPS.
- Verify all the fraud prevention/ security settings of the application.
- Verify whether the customer receives the OTP when initiating the transaction from their bank details.
- Also verify the same scenario with multiple cards linked to different phone numbers in the same account.
Payment Gateway checklist
- Check whether you have all the test data required for the payment gateway, various duplicate card details, Bank ids, gift cards etc.
- Gather test data for payment wallets.
- Check whether you have the documentation related to error codes.
- Verify all the functionality and settings based on payment thoroughly.
- Ensure all the pop-up messages are working fine.
- Verify fraud preventive measures are working fine.
- Check session expiry scenarios.
- Check the integration between the application and payment gateway.
- Check the behaviour of the payment gateway when interrupted.
List of Best Payment Gateways
- Amazon Pay
- Braintree – A Paypal Service
Payment is the most important step in the overall experience of the online customer. It contains all the sensitive information. Even a minor issue in the payment gateway can frustrate the customer and ruin the reputation of the Brand. So you should plan extensively, test exhaustively to a point where the application is flawless.