Payment Gateway Testing & Sample test case

What is a payment gateway?

A Payment Gateway is assistance given by a web-based business application for online transactions. It accepts credit/debit card data to finish the transaction. Payment Gateway safely encodes sensitive data like card numbers, account holder names, CVV numbers, passwords, etc. They guarantee that the transaction happens most securely by encoding the information of the clients. They make the entire web-based shopping experience smooth and reduce the chances of online fraud.

Payment Gateway Process

Why Test Payment Gateway?

If we buy something from an offline market, generally cash or credit/debit cards are used during checkout to buy items by swiping the credit/debit cards through the machine. The point of sale testing determines whether the payment processing should be approved or not when it is done through credit/debit cards. Similarly, while purchasing from an online e-commerce store a system is needed that authorizes the processing of the payment and decides immediately whether to accept or decline it. 

Customers want a smooth transaction process. It will be beneficial for the customers if after clicking the payment option they instantly can know whether their payment is approved or declined so that it saves time. The e-commerce company wants the whole payment process is work properly and for the customers to be satisfied while making the online payment. This is the reason testing of payment gateway is necessary as if any problem arises while testing, the problem should be solved instantly, and customers, as well as the company of the e-commerce website, get a smooth and secure payment process.

Types of Payment Gateway:

1. Hosted Payment Gateway (Self):

The customers are redirected away automatically from the checkout page of e-commerce websites by Hosted Payment Gateway. When the customer clicks on the payment button, the application diverts the customer to the payment service organization page. Here, on this page, the customer can provide complete details and when the payment is done, it will take the customer back to the site page. For this kind of payment, a dealer ID isn’t needed. A few models are PayPal Standard, Payza, 2Checkout, etc.

2. Shared Payment Gateway (Non-Hosted):

The customer is redirected to the payment page arranged inside the e-commerce websites. The customization of checkout is quite easy from beginning to end. The dealers should follow all security means to keep up with the security and defend customers’ information is the only challenge in non-hosted Payment Gateways.

Types of Testing for Payment Gateway:

There are different ways of payment gateway testing:

1. Functional Testing: Functional testing is expected for more up-to-date, less settled payment gateways to guarantee that the application acts as it is instructed. This type of testing guarantees that the gateway is completely functional and all its elements are working properly. This helps to check that the application page and the gateway, both are acting in the right way. For more settled installment processors, this sort of testing may not be needed. For example, it handles orders, calculations, charges, and so on precisely how it should be.
2. Integration Testing: Integration testing is important while integrating with a payment gateway. As a tester, it is necessary to check that the integration of the online store is working properly with the mentioned payment gateways. As a tester checking the whole transaction stream is important:
   • Verify the placed request.
   • Verify whether the transaction amount is received or not.
   • Verify the transaction has to be refunded or void.
3. Performance Testing: It is important to test the website for performance. If numerous clients are attempting to finish transactions simultaneously, the procedure of the payment mustn’t fail. While testing it is expected to increase the clients over a threshold level to take a look at the performance of the payment gateway.
4. Security Testing: Security testing should be done on any payment gateway in need to secure sensitive data. During a transaction, a client will give sensitive data like their credit card number, CVV number, and so forth It is vital to guarantee that all sensitive data is communicated after encryption and that the gateway is secure.

Checklist for Payment Gatewat Testing:

• Build a sandbox of payment processors.
• Check for the application response after the transaction.
• Arrange demo credit/debit card numbers for testing.
• Check for the message that is displayed after a successful transaction.
• Check for the message that is displayed after an unsuccessful transaction.
• Check for the language and currency that is relevant to the location.
• Check for the error message in case the payment fails.
• Redirect to the webpage after finishing the successful transaction.
• Check that all the payment options are working properly (e.g. Netbanking, UPI, credit/debit card).
• Check for the order confirmation message in the mobile number/ email ID/ website after the successful transaction that the order has been placed.
• Check for the message that is displayed after the session expires.
• Check the payment process is using a secured channel (e.g Payment should be done on an HTTPS page rather than HTTP)
• Check what happens if the payment gateway stops responding in the middle of the transaction.
• Check for the entries of transactions in the database that the tester has the access to application database.
• Check for fraud avoidance and security settings.
• Check that the amount is not deducted multiple times while purchasing.
• Check that the refund amount should be the same as the transaction amount.
• Verify the pop-up blocker is working properly during payment.

Payment Gateways Test cases:

1. UI Test Cases:

1. Verify whether the input fields of the payment webpage are properly working or not.
2. Verify the Company name and the logo in the payment gateway portal.
3. Verify if the credit/debit card is concealed or not.
4. Verify that all methods of payments are properly working.
5. Check the payment color and design match the specification.

2. Functional Test Cases:

1. Verify if all the options of payment portable are accessible.
2. Verify that the debit/credit cards can automatically be accessed if added previously by the particular user.
3. Check that all mandatory fields are filled by the user before proceeding to the payment portal.
4. Check the currency according to the country.
5. Check if items are added before proceeding with payments.
6. Verify if the credit/debit cards used by the user for payment have not expired.
7. Verify the factor that accurate card number, accurate CVV, accurate holder name, and accurate date of expiry are provided by the user.
8. Verify that the user gets an acknowledgment slip after the transaction.
9. Check for session expiry.
10. Verify that if the payment is unsuccessful still the user is notified through mail.
11. Verify that multiple payments are not committed for the same item.
12. Check if a particular payment method of payment activates the correct payment gateway.
13. At the time of payment verify that the portal is redirecting to the user’s bank account.
14. If the payment stopped in midway the amount is not deducted.
15. Verify the pop-up blocker is working properly during payment.
16. Verify that the payment is not diverted to some other webpage.

3. Performance Test Cases:

1. If multiple users are accessing the payment portal ensure that the portal does not crash.
2. Verify the processor is acknowledging fast and correctly.
3. Verify the time taken for redirecting from the online cart web page to the payment webpage is fast.
4. Check if the portal is secured from SQL injections and brute force attacks. 
5. Check if after the session ends the payment is happening.

4. Security Test Cases:

1. Check if the information on credit/ debit cards is encrypted.
2. Verify the user is getting the OTP to the linked mobile number.
3. Verify that the payment portal is using a secured link i.e. HTTPS but not HTTP.
4. In case of a wrong OTP check, the payment is canceled.
5. Check the session expires after a particular time.
6. In case of the wrong OTP, inform the person to input the correct one.
7. Verify the account holder’s name and the user purchasing the item are the same.
8. Verify that the deducted amount is correct as shown to the user.

Things to Consider Before Buying a Gateway Package:

There are generally seven things that need to be considered before buying a gateway package. These are:

1. Relevant payment flow: The scalability of the payment gateway is an important factor in the growing business. The main payment gateway provides choice to the customers for the payment:

• The website that includes the Integrated payment contains all the important information that is sent to a secured payment gateway calling an integrated API.
• Customers are redirected to a secured hosted page where they need to place all their details for payments on an embedded iFrame on-site. Very little time is required by the developers to integrate.
• An escrow system is built in the e-commerce platforms to hold back the funds till the admin provides the authority to deliver them.

2. Location: In any business, location plays a great role. The websites of the payment gateway protocol need to be incorporated into the area where the business is performed. This is not always the case. If for example there are two payment providers one from the USA and another from India. The business that is registered in the USA are handled by the USA payment providers and the business that are registered in India are handled by India payment providers. But in any case, if the company that is registered in India wants to work with a USA processor then it is also possible by incorporating with India. A company can both incorporate with USA and India payment providers at the same time too.

3. Payment Gateway Security: Fraud detection is a major factor from a security perspective. It is mandatory to have a feature that detects fraud. Not only for the businessman it is important to hide the payment details of customers who visit the website to buy items online. OTP is another feature with passwords that leads to extra security while doing transactions.

4. Frequency of transactions: The average transactional amount of a website and the frequency of transactions a major factors in deciding what package of payment gateway is needed for a particular website. If the package is not well chosen then the businessman will end up giving an extra amount which will lead to a company expense.

5. Multi-payment deciding mode: Every customer has their own habit and belief system of payment. Some feel comfortable in Netbanking, others use the UPI system or debit/credit card. The availability of a multi-payment mode with all facilities is necessary to attract customers for online payments.

6. Merchant Account: To receive payment through an online payment gateway there is a need for a merchant account. A merchant account is an online account that receives temporary payments through an online payment gateway when the customer buys some items. It is not the actual bank account. The amount is stored temporarily on the merchant account till the date of the possibility of a return of the items from the customer. After the possibility of the given date of return exceeding the amount is transferred to the actual bank account.

7. Recurring Amount: It is a brand new feature where an automatic billing process is executed by the website on a period of interval. Customers need not worry about purchasing their items or premium accounts. It is generated automatically after expiry to continue uninterrupted services. It is mainly used on Netflix, Amazon Prime, and other OTT services.

8. 24*7 Customer support: To fix any issue regarding payments customer support is necessary. Several customers face issues during payments for example amount debited but the item is not confirmed, the amount debited multiple times, etc. A technical support team with chat support can resolve the problems which will be beneficial for the customers.

Payment Gateway vs Payment Processor: