A Compelling Guide On Payment Gateway Testing + Test Case Examples
Today, with a continuously growing number of consumers, e-commerce platforms should be ready to provide secure and user-friendly payment gateways that can stand high loads without failures in performance. Thus, before implementing online payments, businesses must get assured that their e-commerce platforms can be seamlessly integrated with a gateway and provide an excellent user experience.
When it comes to payment gateway development or modernization, and its further implementation, testing plays a significant role. Before going live, it helps verify a lot of important aspects affecting the software functionality, security, and performance. All these things highly influence your customer satisfaction with the level of service your company provides.
In this article, you will learn what a payment gateway is, how it works, why it should be tested before interacting with end-users and getting real payments. Besides, there are ten examples of test scenarios and a summary of Stripe’s guideline on payment gateway testing. At the end of the article, you will have an overall picture of the payment gateway testing.
What Is a Payment Gateway?
A payment gateway is a software app that service providers use to process payments for online purchases made on the merchant’s website. The gateway looks like an interface serving an intermediary between a merchant and an acquiring bank. Traditionally, payment gateways process payments made with credit cards, but modern applications are built to work with electronic transfers, debit cards, bonuses, etc.
Sensitive card details are encrypted to ensure online payment security. When a customer makes purchases on the website through a payment gateway, the latter performs many tasks to processes the payment. Once a customer selects “pay” or “checkout,” the merchant’s website redirects him to the payment page for entering the card details.
It’s crucial that the merchant is completely compliant with security standards as payment gateways gather and store sensitive data like the card and payment details on their servers. Once all information is collected, it is then sent to the acquiring bank for approval. After it is approved, the bank sends a confirmation back to the merchant’s side and the customer.
To illustrate how it works, below is PayPal immediate payment flow.
Image source: PayPal
Many merchants use payment gateways as this is the most popular way to process payments easily. Only large companies have capabilities to connect work with acquiring banks directly. This payment solution is cost-effective as the fees are quite affordable. Modern gateways are not limited to payment processing but also offer other useful functionalities like customized reporting. As mentioned, the latest solutions provide options for working with different types of cards.
Traditionally, payment gateways have the following structure:
Payment method. This information is displayed on a merchant’s website, e-store, or a mobile app. Usually, this data contains the company’s name, the sum of purchase, and payment comments. After confirmation, the client is transferred to the payment gateway.
Payment page. Here, the client sees the main details of his purchase and is able to cancel the order, authorize, or choose any other option from the menu.
Status page. This page is located on the merchant’s side. The client is redirected here if the payment passed successfully or failed to pass.
Payment result page. This page is also located on the merchant’s side and is triggered by the payment gateway bot to show the results of payment.
Before we define payment gateway testing, it is crucial to understand that each service provider can have different transaction flows. For example, Stripe, one of the top online payments service provider, has the following flow for the standard online payment scenario:
Image source: Stripe
According to payment intents, Stripe offers other APIs, such as setting up later payments, saving a card during payment, placing a hold on a card, 3D secure authentication, ignoring bank authentication, etc.
Like any other software, payment gateways should be tested to ensure that they meet both merchants’ and customers’ needs and expectations. Each API, each scenario, each feature, like those provided by Stripe, should be checked for performance, security, functionality, and integration.
From a consumer’s perspective, online payment is expected to be easy and user-friendly. The transaction takes a few seconds, the payment page is generated quickly, the user is notified of the successful payment or other.
From the merchant’s perspective, a complete transaction flow must work excellently to meet users’ expectations for quick and seamless online purchase. All jobs done by the payment gateway must function appropriately that’s why it is critical to perform testing.
Testing allows merchants to get assured that their software works as required, not only when the application is being implemented, but even when they already have it working in place. In the latter case, testing can help a merchant to check if the implemented solution works correctly and whether there are ways to improve it.
Need payment gateway testing? Check out our e-commerce testing services.
Major Aspects of Payment Gateway Testing Transaction Flow
So, you are to test an e-store having a payment gateway. Testing a transaction flow should show that payments are passed successfully and orders are confirmed. Before testing, a comprehensive test strategy and plan should be developed. While preparing for software testing and during the execution, consider the checklists below.
Security testing is aimed to ensure that all data processed in the application is protected from different vulnerabilities like cyber attacks, encrypted, and is transmitted securely. Here are some example aspects that are included in security testing:
- The gateway is secure from spoofing, cross-site scripting attacks, and SQL injections.
- The application contains authorization management and user roles.
- At each transaction step, all the required SSL certificates are implemented.
Performance testing is used to check if the application won’t fail if a great number of users submit payments simultaneously. For example, a test engineer can test whether the gateway can handle the load of 100 purchases in 1 second without system failures. Other examples are as follows:
- The gateway works properly during load times.
- The application can work in different environments.
- For appropriate work, the gateway has enough space and memory.
Integration testing is all about verifying that a payment gateway is seamlessly integrated with a merchant’s website or application. Test engineers test here a complete transaction flow to ensure that placing an order, payment processing and verification are functioning as required. Here are some things to test:
- The gateway requests and provides the right data.
- The right format for currency is set up.
- The transaction flow and processing time are correct.
Functional testing is performed mainly for newly developed gateways. They are tested against the predefined functional requirements, i.e. testers check if the app is working as expected. The following aspects should be considered:
- The gateway calculates all fees correctly.
- Users and merchants are notified of the passed transaction via email.
- Under the user’s request, the system changes currency and language formats.
During the gateway testing, it is also crucial to test it for data quality, data capture, and data flow. Among the most frequent bugs related to data are customer’s data and payment details captured incorrectly, duplicate transactions displayed in the processor, credit card data captured incorrectly, etc.
The gateway should be also tested for user-friendly interface and user experience. For example, if for any reason the transaction fails, the user should get an instant notification containing a short and clear message about the failure.
You might be interested in setting up an ideal QA process for startups. Check our guide!
What You Need to Start Testing Payment Gateways
Before testing any software product, you should be well prepared and have all data required for every type of testing you plan to perform. Below is a helpful list of things you will need:
- Payment gateway documentation that can be found either on service providers’ websites or provided by custom developers
- Error codes list
- Processor sandbox
- Test data with all required test card numbers
- A list of payment methods
- A good understanding of all terms related to payment gateway
- Essential knowledge of how a transaction flow works
- Any database information and/or access to it
- A testing plan and strategy
- Stakeholders from the merchant’s side to be involved in testing
Test Cases for Payment Gateway
Before using a gateway for real payments, it should be tested by test engineers using a certain number of test scenarios and test cases. First off, let’s define both to understand the difference.
A test scenario is any feature or functionality to be tested; it can consist of multiple test cases. A test case is a sequence of actions performed to check if the functionality works as required. Below, you can see a list of possible test scenarios.
- Verify that all mandatory fields on the payment page are valid. Payment processing shouldn’t proceed if any mandatory data is missing.
- Test the gateway using a valid credit card having valid security code and expiry date.
- Test the gateway using an invalid credit card having valid security code and valid expiry date.
- Check if the system works correctly with each of the possible payment options, for example, credit card, PayPal, debit card, etc.
- Test whether the gateway works correctly when language format or currency format is changed.
- Test the transaction flow using the blocked card data.
- Check the system’s behavior when the Internet connection is disconnected while payment processing.
- Verify whether a customer and a merchant get email notification of a successful/failed transaction.
- Check if double payments occur.
- Test security requirements like fraud prevention patterns.
These are the most common test scenarios. Of course, they differ from platform to platform.
How to Test Stripe Payments Before Accepting Real Payments
To illustrate how payment gateway testing works on a vivid example, we have chosen Stripe. Before going live and getting real payments using Stripe, you should test how your existing software systems integrate with Stripe. To test integration, you can use Stripe’s guidelines. Below is a brief summary.
First off, be aware that Stripe offers no-code options to test their gateway for non-developers. However, you can search for a testing vendor to get professional assistance.
Stripe gives all the needed information and test data to verify that integration is executed as expected. You can also test different scenarios to validate the correct transaction flow.
In their guidelines, Stripe provides testing information for Payment Intents API and Charges API. There you can check up what points should be covered. Stripe also provides all the necessary card data: basic card numbers for Visa, Mastercard, American Express, Discover, Diners Club, JCB, Union Pay, all with any 3 digits CVC and any future date. International card numbers and regulatory (3D secure) card numbers and tokens for testing are also available. There are also cards to simulate disputes and specific responses, for example, “Charge succeeds, but the verification fails”.
You can also find the information on rate limits and sources. Stripe provides capabilities to use various payment mechanisms and methods via the Sources API. Depending on how buyer’s funds are processed, payment methods are categorized as pull and push. According to the method, a customer follows a certain flow. All possible flows can be found here and are defined as none, redirect, code verification, receiver. Here is how a customer action flow looks like:
Screenshot source: Stripe
Looking for test engineers who can help you in testing Stripe or any other online payment solution? We at Apphawks, offer QA and testing services for e-commerce solutions, SaaS, mobile/web applications, and many more. Our approach to testing ensures the high security and performance of your services. Feel free to contact us for professional assistance.