Why Payment Gateway Process Needs to be Tested?

13 / Sep / 2017 by Sanya Datt 3 comments

A company that handles the transactions between two parties (i.e. merchant and customer) is called payment processor. The payment is accomplished by passing on the payment information, like a credit card/debit card, from the customer to the merchant’s preferred bank account. There are several payment processing companies functioning in India like; PayPal, CC Avenue, and Digital Wallets like Paytm and PayU. The payment transaction includes different steps wherein at each step different stakeholder is involved.

Steps in payment transaction and stakeholders

Figure 1: Steps in payment transaction and stakeholders involved.

As can be seen in Figure 1 above, the first stakeholder in the process is the User, who places the order which in the form of order reaches Merchant’s web server. Based on the availability of the product, the merchant server responds back to the user. Once the user gets the confirmation about the availability of the product, they process the payment through Payment Gateway which is linked to the merchant’s server. During the payment process, there are three stakeholders, i.e. User, who use the credit/debit card, Acquiring Bank (Merchant’s bank account) and Issuing Bank (User’s bank account). The last step is the transaction, wherein the transaction is completed and then the merchant receives funds from the user. However, this step is further sub-divided into two steps, wherein the first authorization is given by user’s issuing bank by confirming the card holder’s validity and ability to pay. At this stage, the payment is deducted from the user’s account, however, is not credited to the merchant. The merchant receives the payment in capture step wherein customer’s payment information is processed between user’s card account to merchant bank account.

Need to test payment gateway

In order to smoothen the process of selling and buying, the payment gateways should be secure and thus needs to be tested. When using credit or debit cards, the Point Of Sale machines indicates if the process of payment should be approved or declined. Whereas, while having online transactions, an equivalent system is needed in place which can approve or disapprove the transaction immediately and make the online payment process seamless. The job of the tester here is to make sure that the complete payment cycle (getting transactions from the online store, record and authenticate refund) are working fine. This can be a problem for the merchant if any of these subcomponents do not work as expected. The payment gateway needs to be checked at different parameters, these have been outlined in Table 1 below:

Type Explaination Examples
Black Box Testing/Functional Testing Required for raw, less reputed payment gateways to ensure that the application behaves in the proper way. Order handling, Calculation of payment, taxes etc.
Integration Testing Required during the integration of the application with chosen payment gateways. Order placing, Fund receiving, Refund of payment etc.
Performance Testing Required for a performance of process mainly to check that the website does not lead to failure when multiple customers try to complete the transaction at the same time. Website/online store/application
Security Testing Required during the payment part when a customer shares sensitive information online. CVV number, credit/debit card no, transaction password
Table 1: Kinds of testing needed in the process

Tips for testing the payment gateway:

1. Availability of free isolated environment: Look for a free isolated environment (for trial and exploratory purposes) that can be used for the Payment Gateway; it needs to be tested or implemented. Having such an environment definitely, helps and gives the team that extra flexibility to customize the tool and test as in depth as required.

2. Testing should be done end-to-end: We must make sure that transaction is tested end to end. Few common bugs are related to data capture and data flow from application to the Payment Gateway.

 Common bugs to watch out for.

Figure 2: Common bugs to watch out for.

3. Issue resolving options: If payment fails during a transaction for any reason, an appropriate message should be shown to the customer. A technical message like ‘Server is down’ or ‘404 error’ can confuse the customer and might affect the usability of the application. Generic messages like “There seems to be some issue in processing the transaction, please contact us at Customer Care Number” will make the user experience better.

4. Post production verification: For this purpose, the business owner will need to create a live payment processor account and set up their Merchant ID. After setting up, Regress testing should be done on the payment processor before the application and payment processor integration goes live for the public.


The module of payment processor is the most critical component for any e-Commerce application that is intended to accept payments from its users. Therefore, it is essential to test this component thoroughly. User experience can be negatively affected if any scenario is missed or any gap is left in the sales/transactions of the seller. Testers, thus need to prepare or set up the test environment (sandboxes, response codes, gather dummy credit card information) and formulate a testing strategy both for the test environment and live/post production release environment.


comments (3)

  1. Samy Jones

    Hi Great content. Thanks for sharing.
    i saw Safe2Pay has partnered with leading processors in both Australia and globally to offer an online payment solution that boasts the highest level of security to be found in the e-commerce sector. https://safe2pay.com.au/


Leave a comment -