Test Cases For Payment Gateway: Testing Guide & Checklist


Struggling to find test cases for payment gateway? If you want to provide a smooth payment experience to your customers then payment gateway testing is of utmost importance. Have a look at this blog for the ultimate payment gateway testing checklist! 


In a world where online payments are becoming an indispensable part of running an eCommerce business, Payment gateways have emerged as the most effective and efficient way of collecting payments in the online marketplace. 

A Payment Gateway is a third party that helps the customer safely transfer funds from their bank account to that of the merchant’s. It assists you in completing your online transaction no matter what the payment mode is – from net banking, UPI to online wallets. 

Related Read: What is a Payment Gateway?

Payment gateways are also responsible for safeguarding the card details by encrypting the information for example encrypting the cardholder’s name and number. Therefore ensuring that the payment gateway in itself is working smoothly is of utmost importance. This is where payment gateway testing comes into the picture. Alongside it, comes the test cases for payment gateway.

Payment Gateway Testing Guide

Understanding Payment Gateway Testing

A payment gateway must provide a seamless experience in the realm of online transactions, for which it must be tested. The main objective of the testing process is to ensure the security of a transaction by encrypting the details of the customer and the merchant. You can conduct the tests on various aspects: encryption, connection, security, user experience and others.

From the customer’s perspective, the payment gateway process should be extremely easy to comprehend and secure with only a couple of clicks needed to get the transaction completed. 

From the perspective of the merchant, the integration should be simple. Moreover, the entire payment process from transaction to settlement to refund should work seamlessly and alongside all its smaller components such as backend working, storage of data and others.

Types of Payment Gateway Testing

Now we discuss the different types of testing required for the payment gateway.

Types of Payment Gateway Testing

Functional Testing

This entails testing the basic functionality of the gateway. Verify if the gateway performs seamlessly with regards to country-specific language and currency. Also, ensure that the payment gateway lists different payment methods including cards, net banking and UPI and handles successful and unsuccessful transactions without hiccups.

For instance, if you are integrating with Cashfree Payment Gateway, you will be able to find all the required information on the Cashfree website, FAQs and extensive support docs. These docs provide answers on any topic related to delivery, payments, refunds, disputes, chargebacks and so on. Moreover, the Cashfree developer’s doc will provide you with a step by step guide to integrating the PG on your website or app. 

Integration Testing

This test ensures that the merchant’s website or online store is well integrated with the payment gateway. Here are some pointers you can consider. Ensure that the payment gateway is connected to the right bank accounts. Also, ensure that seamless transfer of funds from customer’s account to merchant’s account is possible. You can also double check transaction completion with the right amount and currency, etc. 

Performance Testing

Next, we move on to performance testing. This involves testing whether the gateway can handle a large number of transactions at once, can it work simultaneously with different payment options such as cards, UPI and so on. It is important for a gateway to undergo these tests so as to ensure that it does not crash when multiple transactions take place altogether. 

Security Testing

With online transactions, one of the most important metrics there is to test is how secure is the information provided by the customers. The testing for the same would involve pointers such as security of personal and banking details, proper storage in an encrypted format and so on. 

Related Read: Impact of RBI’s tokenization guidelines

Bank Statement Reconciliation

Payments done on a payment gateway are settled to the merchant based on their settlement cycle. A final but critical step of testing is to ensure that you are receiving funds for all the payments that were eligible in the current settlement cycle. This can be done by checking the settlement and adjustment file with the money being credited to your bank account. 

Test Cases for Payment Gateway

Following are the test cases for payment gateway that must be conducted for any PG you choose:

  1. Test your payment gateway using different payment methods – Cards (Debit and Credit), Net Banking, UPI and Wallets and check if each option is selectable. 
  2. Check if the Debit/Credit card option shows the default drop-down menu. 
  3. In case of a successful transaction, what message pops up on the screen of the user. The merchant should rely on return url and notify url. In fact, they should even get a status call to confirm payment status if required. So, to mark a payment as “successful”, this ideal flow should be followed:

Return url/Notify url -> Get status from PG -> mark payment as successful.

  1. Send an email/message to the user as an update of successful payment.
  2. Check if after making a successful transaction, the gateway returns to the website/ application. 
  3. Check the database entry of a successful transaction for the right format and the information stored. 
  4. Understand the flow in case of an unsuccessful transaction.
  5. Make sure you also understand the flow in case the gateway stops working.
  6. Understand the flow ensuring fraud protection and encryption.
  7. Understand the flow in case a session expires in the middle of a transaction.
  8. Verify if the payment gateway reflects the correct currency according to the country of the user. 
  9. Ensure that the same amount is be refunded to the customer in case of a cancellation.
  10. Ensure that the refund is credited to the customer in a given time frame as mentioned in the terms and conditions. 
  11. Understand the flow in case a customer cancels the transaction in the middle of the process.

We hope that these test cases for payment gateway were exhaustive. But here’s a payment gateway testing checklist that can come handy:

Checklist for Payment Gateway Testing

     Following are the pointers to keep a note of when you begin testing payment gateway:

  • The message that appears after a successful transaction
  • The message that appears after an unsuccessful transaction
  • Language and currency in accordance with the location of the customer
  • Redirect to the application/ website after completion of a successful transaction
  • Are all payment options (Net Banking, Wallets, Cards and others) selectable
  • Backend working while the payment gets processed
  • The message that appears when a payment session ends
  • The message that appears when the payment gateway stops responding

Setting Up Cashfree: Payment Gateway Testing Example

Now that we have extensively covered the topic of payment gateway testing, let’s look at an example. 

In this section, we will try to set up the Cashfree Payment Gateway. Since we have already covered the checklist for payment gateway testing, we can put them to use here.

Ready? 

Let’s Go. 

  1. Navigate to the Cashfree website and create an account
  2. Here please ensure that you have read the terms and conditions thoroughly
  3. Next, enter your company details. This includes your website URL, Contact Number,  Monthly Transaction Volume (INR), etc. Ensure that all of this information is factually correct.
  4. Another important aspect of Payment Gateway Testing is research. What solutions are you looking for? Which solutions will best suit your business requirement? In this case, you can either select the solution type or take the help of a Cashfree account manager. They will help you find a solution that is relevant to your business after taking all the facts into consideration. 
  5. You will receive a verification email after you have completed signup. Click the link to continue further. 

Now, here you can click Switch To Test to use the test environment. This is more or less a dummy payment gateway for testing. After all, making changes directly to the production environment can be extremely risky. Hence, we suggest you use the test environment to understand how the dashboard and integration work and test the product before pushing it to live.

Verify your email and activate your account before you start transacting with your customers.

Payment Gateway Testing

Payment Gateway Security Testing Checklist

One of the most important aspects of this process is the payment gateway security testing.

In this section, we will provide you with a few recommendations that will help you keep your account secure.

Payment Gateway Security Testing

Strong and Secure Password

Make sure that only you are privy to your password. Do not use this password for any other websites or apps. If you need to change your password, head to Account Settings.

Provide Access to Your PG Account Through Aliases/Users

You can provide access to your Cashfree account to other users. Moreover, you can provide them with restricted/customized access. 

Keep API Keys Confidential

If another party knows your API keys, they can make an API request for your account. Prevent this from happening by keeping your API keys confidential. Moreover, you can generate new API keys in Access Control in case of an eventuality.

Two-Factor Authentication

Two-factor authentication is a mandatory security feature. Primarily, the SMS OTP is used while performing key actions on your merchant dashboard. However, you can choose to opt for an alternative mechanism. For instance, OTP through email. 

Moreover, we recommend you enable two-factor authentication for any logins from new devices or browsers on your account.

Beware of Phishing Attacks

Cyber attacks are not uncommon. This puts an impetus on us to be extra cautious. You might get scrupulous emails asking you to visit a link, complete a form or download an attachment. Do not open emails from doubtful domains. Ensure if the link is HTTPS and has a Cashfree domain. Furthermore, you can enable automated updates of your OS and browser to protect your systems against attacks.

Conclusion

Payment Gateways are taking over E-Commerce transactions in an unprecedented manner and hence it is more important now than ever that we understand the working of our payment gateway – not just how well it integrates with our website/ application but also how well it encrypts sensitive customer information. 

Testing the payment gateway over metrics such as user experience, reliability, security and others helps ensure that both the customer and the merchant can maximize convenience and minimize the risks that come along with online payment. 

Frequently Asked Questions (FAQs) on Payment Gateway Testing

What are the conditions of activating a payment gateway?

You need to fulfil the following conditions: 

  1. The website must be live and in the public domain
  2. The website must have a contact us section (with updated Email and phone number), a Privacy policy, a Refund policy and a terms and conditions section.
  3. The site must not sell banned items

How can I fix “Failed To Verify” credentials?

If getting a ‘failed to verify’ error, it usually means one of two things. Either you are using Test credentials on Production or Production on Cashfree Test server. Here’s what to do to fix this issue:

  1. Go to the page where you get API credentials: https://merchant.cashfree.com/merchant/pg#api-key
  2. Ensure that you have the appropriate set of credentials (Test or Production). 
  3. Make sure that there are no errors/ mistakes in the appId/secretKey
  4. Ensure that in your integration type you are choosing the correct server (test or production) of Cashfree.

How should I solve the signature mismatch error? 

To solve for a signature mismatch error:

  1. Right-click on the page and click on inspect 
  2. Go to the Network tab and check both the given options – Preserve log and Disable cache
  3. Make sure you clear all the network activity section before proceeding with the process
  4. Click on the Payment button (in order to make the payment)
  5. Once you click on the payment button, you will come across a submit document that is added to the network activity area
  6. Click on submit and scroll down, you will then be able to see the form data which specifies your appId, orderId, signature and other relevant information. 

What are high-risk transactions?

A particular transaction that may have the potential to attract a customer dispute or chargeback is identified by the payment gateway as well as banking partners and marked as a high-risk transaction. In the case of a transaction like that, payment to the merchant is put on hold until the issue is resolved. 

What are Chargebacks? 

A chargeback is a request raised for the return of funds to a consumer, initiated by the consumer’s bank which issued the card.  

It is a form of consumer protection provided from fraudulent activity that can potentially be  committed by either merchants or individuals. As a practice, it is best to avoid any kind of chargeback, as banks and card networks can label your business as a potentially high-risk business. A high number of chargebacks could lead to the banks holding remittances for the business and they might also ban the business’s online payment services, permanently. 

What is PCI-DSS Compliance?

The Payment Card Industry Data Security Standard (PCI DSS) has been created to increase controls around the data provided by the cardholder, in order to mitigate the risk of credit card fraud. It is an information security standard for organizations that handle branded credit cards from major card schemes. The PCI Standard is administered by the Payment Card Industry Security Standards Council. In fact, it is mandated by the card brands.